./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2787843817 <...> CHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5831, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./249/binderfs") = 0 umount2("./249/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./249/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./249/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5834 ./strace-static-x86_64: Process 5834 attached [pid 5834] set_robust_list(0x5555556365e0, 24) = 0 [pid 5834] chdir("./250") = 0 [pid 5834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5834] setpgid(0, 0) = 0 [pid 5834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5834] write(3, "1000", 4) = 4 [pid 5834] close(3) = 0 [pid 5834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5834] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5835], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5835 [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5835 attached [pid 5835] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5835] memfd_create("syzkaller", 0) = 3 [pid 5835] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5835] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5835] munmap(0x7f5499e77000, 2097152) = 0 [pid 5835] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5835] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5835] close(3) = 0 [pid 5835] mkdir("./bus", 0777) = 0 [pid 5835] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5835] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5835] chdir("./bus") = 0 [pid 5835] ioctl(4, LOOP_CLR_FD) = 0 [pid 5835] close(4) = 0 [pid 5835] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5835] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5835] creat("./bus", 000 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... creat resumed>) = 4 [pid 5835] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5835] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5834] <... futex resumed>) = 0 [pid 5835] ftruncate(4, 2048 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... ftruncate resumed>) = 0 [ 150.324765][ T5835] loop0: detected capacity change from 0 to 4096 [ 150.334101][ T5835] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5835] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] lseek(4, 0, SEEK_END [pid 5834] <... futex resumed>) = 0 [pid 5835] <... lseek resumed>) = 2048 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5835] <... futex resumed>) = 0 [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5835] open("./bus", O_RDONLY [pid 5834] <... futex resumed>) = 0 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] <... open resumed>) = 5 [pid 5835] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] <... futex resumed>) = 0 [pid 5835] sendfile(4, 5, NULL, 145139829833722 [pid 5834] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5834] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5834] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5836 attached , parent_tid=[5836], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5836 [pid 5836] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5836] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5834] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5836] <... futex resumed>) = 0 [pid 5834] <... futex resumed>) = 1 [pid 5836] sendfile(4, 5, NULL, 145139829833722 [ 150.387587][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 150.387600][ T27] audit: type=1804 audit(1671454731.129:252): pid=5835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/250/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5834] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5834] exit_group(0) = ? [pid 5836] <... sendfile resumed>) = ? [pid 5835] <... sendfile resumed>) = ? [pid 5835] +++ exited with 0 +++ [pid 5836] +++ exited with 0 +++ [pid 5834] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5834, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./250/binderfs") = 0 umount2("./250/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./250/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./250/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5837 ./strace-static-x86_64: Process 5837 attached [pid 5837] set_robust_list(0x5555556365e0, 24) = 0 [pid 5837] chdir("./251") = 0 [pid 5837] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5837] setpgid(0, 0) = 0 [pid 5837] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5837] write(3, "1000", 4) = 4 [pid 5837] close(3) = 0 [pid 5837] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5837] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5837] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5838], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5838 [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5838 attached [pid 5838] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5838] memfd_create("syzkaller", 0) = 3 [pid 5838] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5838] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5838] munmap(0x7f5499e77000, 2097152) = 0 [pid 5838] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5838] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5838] close(3) = 0 [pid 5838] mkdir("./bus", 0777) = 0 [pid 5838] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5838] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5838] chdir("./bus") = 0 [pid 5838] ioctl(4, LOOP_CLR_FD) = 0 [pid 5838] close(4) = 0 [pid 5838] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 1 [pid 5838] creat("./bus", 000) = 4 [pid 5838] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 1 [pid 5838] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5838] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 1 [pid 5838] ftruncate(4, 2048) = 0 [pid 5838] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5837] <... futex resumed>) = 0 [pid 5838] lseek(4, 0, SEEK_END [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5838] <... lseek resumed>) = 2048 [pid 5837] <... futex resumed>) = 0 [pid 5838] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5838] <... futex resumed>) = 1 [pid 5838] open("./bus", O_RDONLY) = 5 [ 150.715015][ T5838] loop0: detected capacity change from 0 to 4096 [ 150.724588][ T5838] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5838] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = 0 [pid 5837] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5838] <... futex resumed>) = 1 [pid 5838] sendfile(4, 5, NULL, 145139829833722 [pid 5837] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5837] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5837] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5837] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5839 attached [pid 5839] set_robust_list(0x7f549a0769e0, 24 [pid 5837] <... clone resumed>, parent_tid=[5839], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5839 [pid 5839] <... set_robust_list resumed>) = 0 [pid 5839] sendfile(4, 5, NULL, 145139829833722 [pid 5837] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 150.770136][ T27] audit: type=1804 audit(1671454731.509:253): pid=5838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/251/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5837] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5837] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5837] exit_group(0) = ? [pid 5838] <... sendfile resumed>) = ? [pid 5838] +++ exited with 0 +++ [pid 5839] <... sendfile resumed>) = ? [pid 5839] +++ exited with 0 +++ [pid 5837] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5837, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./251/binderfs") = 0 umount2("./251/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./251/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./251/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5840 ./strace-static-x86_64: Process 5840 attached [pid 5840] set_robust_list(0x5555556365e0, 24) = 0 [pid 5840] chdir("./252") = 0 [pid 5840] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5840] setpgid(0, 0) = 0 [pid 5840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5840] write(3, "1000", 4) = 4 [pid 5840] close(3) = 0 [pid 5840] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5840] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5841], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5841 [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5841 attached [pid 5841] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5841] memfd_create("syzkaller", 0) = 3 [pid 5841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5841] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5841] munmap(0x7f5499e77000, 2097152) = 0 [pid 5841] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5841] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5841] close(3) = 0 [pid 5841] mkdir("./bus", 0777) = 0 [pid 5841] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5841] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5841] chdir("./bus") = 0 [pid 5841] ioctl(4, LOOP_CLR_FD) = 0 [pid 5841] close(4) = 0 [pid 5841] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] creat("./bus", 000) = 4 [pid 5841] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5841] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] ftruncate(4, 2048) = 0 [ 151.092731][ T5841] loop0: detected capacity change from 0 to 4096 [ 151.102334][ T5841] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5841] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5840] <... futex resumed>) = 0 [pid 5841] lseek(4, 0, SEEK_END [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... lseek resumed>) = 2048 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] open("./bus", O_RDONLY [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] <... open resumed>) = 5 [pid 5840] <... futex resumed>) = 0 [pid 5841] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... futex resumed>) = 0 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] sendfile(4, 5, NULL, 145139829833722 [pid 5840] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5840] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5840] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5840] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5842], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5842 [pid 5840] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5840] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5842 attached [pid 5842] set_robust_list(0x7f549a0769e0, 24) = 0 [ 151.156364][ T27] audit: type=1804 audit(1671454731.899:254): pid=5841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/252/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5842] sendfile(4, 5, NULL, 145139829833722 [pid 5840] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5840] exit_group(0) = ? [pid 5842] <... sendfile resumed>) = ? [pid 5842] +++ exited with 0 +++ [pid 5841] <... sendfile resumed>) = ? [pid 5841] +++ exited with 0 +++ [pid 5840] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5840, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./252/binderfs") = 0 umount2("./252/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./252/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./252/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5843 attached , child_tidptr=0x5555556365d0) = 5843 [pid 5843] set_robust_list(0x5555556365e0, 24) = 0 [pid 5843] chdir("./253") = 0 [pid 5843] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5843] setpgid(0, 0) = 0 [pid 5843] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5843] write(3, "1000", 4) = 4 [pid 5843] close(3) = 0 [pid 5843] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5843] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5844 attached , parent_tid=[5844], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5844 [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5844] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5844] memfd_create("syzkaller", 0) = 3 [pid 5844] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5844] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5844] munmap(0x7f5499e77000, 2097152) = 0 [pid 5844] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5844] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5844] close(3) = 0 [pid 5844] mkdir("./bus", 0777) = 0 [pid 5844] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5844] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5844] chdir("./bus") = 0 [pid 5844] ioctl(4, LOOP_CLR_FD) = 0 [pid 5844] close(4) = 0 [pid 5844] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 0 [pid 5844] creat("./bus", 000) = 4 [pid 5844] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] <... futex resumed>) = 1 [pid 5844] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5844] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5844] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 0 [pid 5844] ftruncate(4, 2048) = 0 [pid 5844] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 1 [pid 5844] lseek(4, 0, SEEK_END) = 2048 [pid 5844] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 151.480533][ T5844] loop0: detected capacity change from 0 to 4096 [ 151.489820][ T5844] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5844] open("./bus", O_RDONLY) = 5 [pid 5844] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5844] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] <... futex resumed>) = 0 [pid 5843] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5844] <... futex resumed>) = 0 [pid 5844] sendfile(4, 5, NULL, 145139829833722 [pid 5843] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5843] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 151.531458][ T27] audit: type=1804 audit(1671454732.279:255): pid=5844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/253/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5843] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5845 attached , parent_tid=[5845], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5845 [pid 5845] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5845] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5843] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5845] <... futex resumed>) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5845] sendfile(4, 5, NULL, 145139829833722 [pid 5843] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5843] exit_group(0) = ? [pid 5845] <... sendfile resumed>) = ? [pid 5845] +++ exited with 0 +++ [pid 5844] <... sendfile resumed>) = ? [pid 5844] +++ exited with 0 +++ [pid 5843] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5843, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./253/binderfs") = 0 umount2("./253/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./253/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./253/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5846 ./strace-static-x86_64: Process 5846 attached [pid 5846] set_robust_list(0x5555556365e0, 24) = 0 [pid 5846] chdir("./254") = 0 [pid 5846] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5846] setpgid(0, 0) = 0 [pid 5846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5846] write(3, "1000", 4) = 4 [pid 5846] close(3) = 0 [pid 5846] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5846] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5847 attached , parent_tid=[5847], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5847 [pid 5847] set_robust_list(0x7f54a22979e0, 24 [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5847] memfd_create("syzkaller", 0) = 3 [pid 5847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5847] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5847] munmap(0x7f5499e77000, 2097152) = 0 [pid 5847] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5847] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5847] close(3) = 0 [pid 5847] mkdir("./bus", 0777) = 0 [pid 5847] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5847] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5847] chdir("./bus") = 0 [pid 5847] ioctl(4, LOOP_CLR_FD) = 0 [pid 5847] close(4) = 0 [pid 5847] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 1 [pid 5847] creat("./bus", 000) = 4 [pid 5847] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5847] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... fcntl resumed>) = 0 [pid 5847] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] ftruncate(4, 2048 [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... ftruncate resumed>) = 0 [pid 5847] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] lseek(4, 0, SEEK_END [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... lseek resumed>) = 2048 [pid 5846] <... futex resumed>) = 0 [pid 5847] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... futex resumed>) = 0 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5847] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5847] open("./bus", O_RDONLY [ 151.859540][ T5847] loop0: detected capacity change from 0 to 4096 [ 151.869000][ T5847] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] <... open resumed>) = 5 [pid 5847] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5846] <... futex resumed>) = 0 [pid 5847] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5846] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5846] <... futex resumed>) = 0 [pid 5847] sendfile(4, 5, NULL, 145139829833722 [ 151.913815][ T27] audit: type=1804 audit(1671454732.659:256): pid=5847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/254/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5846] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5846] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5846] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5848], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5848 [pid 5846] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5848] sendfile(4, 5, NULL, 145139829833722 [pid 5846] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5846] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5846] exit_group(0) = ? [pid 5848] <... sendfile resumed>) = ? [pid 5848] +++ exited with 0 +++ [pid 5847] <... sendfile resumed>) = ? [pid 5847] +++ exited with 0 +++ [pid 5846] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5846, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./254/binderfs") = 0 umount2("./254/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./254/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./254/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5849 ./strace-static-x86_64: Process 5849 attached [pid 5849] set_robust_list(0x5555556365e0, 24) = 0 [pid 5849] chdir("./255") = 0 [pid 5849] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5849] setpgid(0, 0) = 0 [pid 5849] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5849] write(3, "1000", 4) = 4 [pid 5849] close(3) = 0 [pid 5849] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5849] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5850 attached [pid 5850] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5850] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... clone resumed>, parent_tid=[5850], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5850 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5850] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5850] memfd_create("syzkaller", 0) = 3 [pid 5850] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5850] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5850] munmap(0x7f5499e77000, 2097152) = 0 [pid 5850] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5850] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5850] close(3) = 0 [pid 5850] mkdir("./bus", 0777) = 0 [pid 5850] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5850] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5850] chdir("./bus") = 0 [pid 5850] ioctl(4, LOOP_CLR_FD) = 0 [pid 5850] close(4) = 0 [pid 5850] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 1 [pid 5850] creat("./bus", 000) = 4 [pid 5850] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 1 [pid 5850] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5850] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 1 [pid 5850] ftruncate(4, 2048) = 0 [pid 5850] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 1 [pid 5850] lseek(4, 0, SEEK_END) = 2048 [pid 5850] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 1 [ 152.269992][ T5850] loop0: detected capacity change from 0 to 4096 [ 152.279574][ T5850] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5850] open("./bus", O_RDONLY) = 5 [pid 5850] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = 0 [pid 5849] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] <... futex resumed>) = 1 [pid 5850] sendfile(4, 5, NULL, 145139829833722 [pid 5849] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5849] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5849] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5849] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5851] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5849] <... clone resumed>, parent_tid=[5851], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5851 [pid 5849] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5851] <... futex resumed>) = 0 [pid 5849] <... futex resumed>) = 1 [pid 5851] sendfile(4, 5, NULL, 145139829833722 [ 152.331396][ T27] audit: type=1804 audit(1671454733.079:257): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/255/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5849] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5849] exit_group(0) = ? [pid 5850] <... sendfile resumed>) = ? [pid 5850] +++ exited with 0 +++ [pid 5851] <... sendfile resumed>) = ? [pid 5851] +++ exited with 0 +++ [pid 5849] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5849, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./255/binderfs") = 0 umount2("./255/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./255/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./255/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5852 ./strace-static-x86_64: Process 5852 attached [pid 5852] set_robust_list(0x5555556365e0, 24) = 0 [pid 5852] chdir("./256") = 0 [pid 5852] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5852] setpgid(0, 0) = 0 [pid 5852] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5852] write(3, "1000", 4) = 4 [pid 5852] close(3) = 0 [pid 5852] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5852] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5853 attached , parent_tid=[5853], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5853 [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5853] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5853] memfd_create("syzkaller", 0) = 3 [pid 5853] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5853] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5853] munmap(0x7f5499e77000, 2097152) = 0 [pid 5853] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5853] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5853] close(3) = 0 [pid 5853] mkdir("./bus", 0777) = 0 [pid 5853] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5853] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5853] chdir("./bus") = 0 [pid 5853] ioctl(4, LOOP_CLR_FD) = 0 [pid 5853] close(4) = 0 [pid 5853] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] creat("./bus", 000) = 4 [pid 5853] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... fcntl resumed>) = 0 [pid 5853] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] ftruncate(4, 2048 [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... ftruncate resumed>) = 0 [pid 5853] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] lseek(4, 0, SEEK_END [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... lseek resumed>) = 2048 [pid 5853] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] <... futex resumed>) = 0 [pid 5853] open("./bus", O_RDONLY [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5853] <... open resumed>) = 5 [pid 5852] <... futex resumed>) = 0 [ 152.658754][ T5853] loop0: detected capacity change from 0 to 4096 [ 152.668165][ T5853] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5852] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] <... futex resumed>) = 1 [pid 5853] sendfile(4, 5, NULL, 145139829833722 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5852] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5852] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5852] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5854] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5852] <... clone resumed>, parent_tid=[5854], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5854 [pid 5852] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5852] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5854] <... futex resumed>) = 0 [ 152.715157][ T27] audit: type=1804 audit(1671454733.459:258): pid=5853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/256/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5854] sendfile(4, 5, NULL, 145139829833722 [pid 5852] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5852] exit_group(0 [pid 5853] <... sendfile resumed>) = ? [pid 5852] <... exit_group resumed>) = ? [pid 5854] <... sendfile resumed>) = ? [pid 5853] +++ exited with 0 +++ [pid 5854] +++ exited with 0 +++ [pid 5852] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5852, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./256/binderfs") = 0 umount2("./256/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./256/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./256/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5855 ./strace-static-x86_64: Process 5855 attached [pid 5855] set_robust_list(0x5555556365e0, 24) = 0 [pid 5855] chdir("./257") = 0 [pid 5855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5855] setpgid(0, 0) = 0 [pid 5855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5855] write(3, "1000", 4) = 4 [pid 5855] close(3) = 0 [pid 5855] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5855] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5856], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5856 [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5856 attached [pid 5856] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5856] memfd_create("syzkaller", 0) = 3 [pid 5856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5856] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5856] munmap(0x7f5499e77000, 2097152) = 0 [pid 5856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5856] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5856] close(3) = 0 [pid 5856] mkdir("./bus", 0777) = 0 [pid 5856] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5856] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5856] chdir("./bus") = 0 [pid 5856] ioctl(4, LOOP_CLR_FD) = 0 [pid 5856] close(4) = 0 [pid 5856] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5856] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 0 [pid 5856] creat("./bus", 000) = 4 [pid 5856] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 1 [pid 5856] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5856] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 1 [pid 5856] ftruncate(4, 2048) = 0 [pid 5856] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... futex resumed>) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] lseek(4, 0, SEEK_END [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... lseek resumed>) = 2048 [pid 5856] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5855] <... futex resumed>) = 0 [pid 5856] open("./bus", O_RDONLY [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5856] <... open resumed>) = 5 [pid 5855] <... futex resumed>) = 0 [ 153.041038][ T5856] loop0: detected capacity change from 0 to 4096 [ 153.050320][ T5856] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5856] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5856] sendfile(4, 5, NULL, 145139829833722 [pid 5855] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5855] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5855] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5855] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5857 attached , parent_tid=[5857], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5857 [pid 5855] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5857] sendfile(4, 5, NULL, 145139829833722 [ 153.088162][ T27] audit: type=1804 audit(1671454733.829:259): pid=5856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/257/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5855] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5855] exit_group(0) = ? [pid 5857] <... sendfile resumed>) = ? [pid 5857] +++ exited with 0 +++ [pid 5856] <... sendfile resumed>) = ? [pid 5856] +++ exited with 0 +++ [pid 5855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5855, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./257/binderfs") = 0 umount2("./257/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./257/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./257/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5858 ./strace-static-x86_64: Process 5858 attached [pid 5858] set_robust_list(0x5555556365e0, 24) = 0 [pid 5858] chdir("./258") = 0 [pid 5858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5858] setpgid(0, 0) = 0 [pid 5858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5858] write(3, "1000", 4) = 4 [pid 5858] close(3) = 0 [pid 5858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5858] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5859], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5859 [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5859 attached [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5859] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5859] memfd_create("syzkaller", 0) = 3 [pid 5859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5859] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5859] munmap(0x7f5499e77000, 2097152) = 0 [pid 5859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5859] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5859] close(3) = 0 [pid 5859] mkdir("./bus", 0777) = 0 [pid 5859] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5859] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5859] chdir("./bus") = 0 [pid 5859] ioctl(4, LOOP_CLR_FD) = 0 [pid 5859] close(4) = 0 [pid 5859] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 1 [pid 5859] creat("./bus", 000) = 4 [pid 5859] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5859] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] <... futex resumed>) = 0 [pid 5859] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5859] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] ftruncate(4, 2048) = 0 [pid 5859] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] lseek(4, 0, SEEK_END) = 2048 [pid 5859] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5858] <... futex resumed>) = 0 [pid 5859] open("./bus", O_RDONLY [ 153.413458][ T5859] loop0: detected capacity change from 0 to 4096 [ 153.423085][ T5859] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... open resumed>) = 5 [pid 5858] <... futex resumed>) = 0 [pid 5859] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5859] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5858] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] <... futex resumed>) = 0 [pid 5858] <... futex resumed>) = 1 [pid 5859] sendfile(4, 5, NULL, 145139829833722 [pid 5858] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5858] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5858] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5860 attached , parent_tid=[5860], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5860 [pid 5860] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5860] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5858] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5860] sendfile(4, 5, NULL, 145139829833722 [ 153.472053][ T27] audit: type=1804 audit(1671454734.219:260): pid=5859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/258/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5858] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5858] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5858] exit_group(0) = ? [pid 5860] <... sendfile resumed>) = ? [pid 5859] <... sendfile resumed>) = ? [pid 5859] +++ exited with 0 +++ [pid 5860] +++ exited with 0 +++ [pid 5858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5858, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./258/binderfs") = 0 umount2("./258/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./258/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./258/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5861 ./strace-static-x86_64: Process 5861 attached [pid 5861] set_robust_list(0x5555556365e0, 24) = 0 [pid 5861] chdir("./259") = 0 [pid 5861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5861] setpgid(0, 0) = 0 [pid 5861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5861] write(3, "1000", 4) = 4 [pid 5861] close(3) = 0 [pid 5861] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5861] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5862 attached , parent_tid=[5862], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5862 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] set_robust_list(0x7f54a22979e0, 24 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5862] memfd_create("syzkaller", 0) = 3 [pid 5862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5862] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5862] munmap(0x7f5499e77000, 2097152) = 0 [pid 5862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5862] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5862] close(3) = 0 [pid 5862] mkdir("./bus", 0777) = 0 [pid 5862] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5862] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5862] chdir("./bus") = 0 [pid 5862] ioctl(4, LOOP_CLR_FD) = 0 [pid 5862] close(4) = 0 [pid 5862] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... futex resumed>) = 1 [pid 5862] creat("./bus", 000) = 4 [pid 5862] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... futex resumed>) = 1 [pid 5862] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5862] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] <... futex resumed>) = 1 [pid 5862] ftruncate(4, 2048) = 0 [pid 5862] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] lseek(4, 0, SEEK_END) = 2048 [pid 5862] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 0 [pid 5862] <... futex resumed>) = 1 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 153.822104][ T5862] loop0: detected capacity change from 0 to 4096 [ 153.841061][ T5862] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5862] open("./bus", O_RDONLY) = 5 [pid 5862] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5862] sendfile(4, 5, NULL, 145139829833722 [pid 5861] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5861] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 153.894338][ T27] audit: type=1804 audit(1671454734.639:261): pid=5862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/259/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5861] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5861] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5863], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5863 ./strace-static-x86_64: Process 5863 attached [pid 5861] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5861] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5863] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5863] sendfile(4, 5, NULL, 145139829833722 [pid 5861] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5861] exit_group(0) = ? [pid 5863] <... sendfile resumed>) = ? [pid 5863] +++ exited with 0 +++ [pid 5862] <... sendfile resumed>) = ? [pid 5862] +++ exited with 0 +++ [pid 5861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5861, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./259/binderfs") = 0 umount2("./259/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./259/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./259/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5864 ./strace-static-x86_64: Process 5864 attached [pid 5864] set_robust_list(0x5555556365e0, 24) = 0 [pid 5864] chdir("./260") = 0 [pid 5864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5864] setpgid(0, 0) = 0 [pid 5864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5864] write(3, "1000", 4) = 4 [pid 5864] close(3) = 0 [pid 5864] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5864] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5865], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5865 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5865 attached [pid 5865] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5865] memfd_create("syzkaller", 0) = 3 [pid 5865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5865] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5865] munmap(0x7f5499e77000, 2097152) = 0 [pid 5865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5865] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5865] close(3) = 0 [pid 5865] mkdir("./bus", 0777) = 0 [pid 5865] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5865] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5865] chdir("./bus") = 0 [pid 5865] ioctl(4, LOOP_CLR_FD) = 0 [pid 5865] close(4) = 0 [pid 5865] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] <... futex resumed>) = 1 [pid 5865] creat("./bus", 000) = 4 [pid 5865] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5865] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] ftruncate(4, 2048) = 0 [pid 5865] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] lseek(4, 0, SEEK_END) = 2048 [pid 5865] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5865] open("./bus", O_RDONLY [pid 5864] <... futex resumed>) = 0 [pid 5865] <... open resumed>) = 5 [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5865] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5865] sendfile(4, 5, NULL, 145139829833722 [pid 5864] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 154.226380][ T5865] loop0: detected capacity change from 0 to 4096 [ 154.236014][ T5865] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5864] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5864] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5864] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5864] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5866], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5866 ./strace-static-x86_64: Process 5866 attached [pid 5864] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] set_robust_list(0x7f549a0769e0, 24 [pid 5864] <... futex resumed>) = 0 [pid 5866] <... set_robust_list resumed>) = 0 [pid 5864] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5866] sendfile(4, 5, NULL, 145139829833722 [pid 5864] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5864] exit_group(0) = ? [pid 5866] <... sendfile resumed>) = ? [pid 5865] <... sendfile resumed>) = ? [pid 5866] +++ exited with 0 +++ [pid 5865] +++ exited with 0 +++ [pid 5864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5864, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./260/binderfs") = 0 umount2("./260/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./260/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./260/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5867 ./strace-static-x86_64: Process 5867 attached [pid 5867] set_robust_list(0x5555556365e0, 24) = 0 [pid 5867] chdir("./261") = 0 [pid 5867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5867] setpgid(0, 0) = 0 [pid 5867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5867] write(3, "1000", 4) = 4 [pid 5867] close(3) = 0 [pid 5867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5867] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5868], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5868 [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5868 attached [pid 5868] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5868] memfd_create("syzkaller", 0) = 3 [pid 5868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5868] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5868] munmap(0x7f5499e77000, 2097152) = 0 [pid 5868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5868] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5868] close(3) = 0 [pid 5868] mkdir("./bus", 0777) = 0 [pid 5868] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5868] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5868] chdir("./bus") = 0 [pid 5868] ioctl(4, LOOP_CLR_FD) = 0 [pid 5868] close(4) = 0 [pid 5868] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5868] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... futex resumed>) = 0 [pid 5868] creat("./bus", 000) = 4 [pid 5868] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... futex resumed>) = 1 [pid 5868] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5868] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5868] ftruncate(4, 2048 [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... ftruncate resumed>) = 0 [pid 5868] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... futex resumed>) = 1 [pid 5868] lseek(4, 0, SEEK_END) = 2048 [pid 5868] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] <... futex resumed>) = 1 [pid 5868] open("./bus", O_RDONLY) = 5 [pid 5868] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] <... futex resumed>) = 0 [pid 5868] sendfile(4, 5, NULL, 145139829833722 [ 154.603592][ T5868] loop0: detected capacity change from 0 to 4096 [ 154.612424][ T5868] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5867] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5867] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5867] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5867] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5869 attached , parent_tid=[5869], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5869 [pid 5869] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5869] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5867] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5867] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5869] <... futex resumed>) = 0 [pid 5869] sendfile(4, 5, NULL, 145139829833722 [pid 5867] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5867] exit_group(0) = ? [pid 5869] <... sendfile resumed>) = ? [pid 5869] +++ exited with 0 +++ [pid 5868] <... sendfile resumed>) = ? [pid 5868] +++ exited with 0 +++ [pid 5867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5867, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./261/binderfs") = 0 umount2("./261/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./261/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./261/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5870 ./strace-static-x86_64: Process 5870 attached [pid 5870] set_robust_list(0x5555556365e0, 24) = 0 [pid 5870] chdir("./262") = 0 [pid 5870] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5870] setpgid(0, 0) = 0 [pid 5870] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5870] write(3, "1000", 4) = 4 [pid 5870] close(3) = 0 [pid 5870] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5870] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5871], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5871 [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5871 attached [pid 5871] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5871] memfd_create("syzkaller", 0) = 3 [pid 5871] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5871] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5871] munmap(0x7f5499e77000, 2097152) = 0 [pid 5871] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5871] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5871] close(3) = 0 [pid 5871] mkdir("./bus", 0777) = 0 [pid 5871] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5871] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5871] chdir("./bus") = 0 [pid 5871] ioctl(4, LOOP_CLR_FD) = 0 [pid 5871] close(4) = 0 [pid 5871] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5871] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 0 [pid 5871] creat("./bus", 000) = 4 [pid 5871] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 1 [pid 5871] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5871] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... futex resumed>) = 0 [pid 5871] ftruncate(4, 2048) = 0 [pid 5871] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] lseek(4, 0, SEEK_END) = 2048 [pid 5871] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] open("./bus", O_RDONLY [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5871] <... open resumed>) = 5 [pid 5871] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] <... futex resumed>) = 0 [pid 5871] sendfile(4, 5, NULL, 145139829833722 [pid 5870] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 154.990148][ T5871] loop0: detected capacity change from 0 to 4096 [ 154.999670][ T5871] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5870] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5870] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5872 attached [pid 5872] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5872] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5870] <... clone resumed>, parent_tid=[5872], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5872 [pid 5870] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5872] sendfile(4, 5, NULL, 145139829833722 [pid 5870] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5870] exit_group(0) = ? [pid 5872] <... sendfile resumed>) = ? [pid 5871] <... sendfile resumed>) = ? [pid 5872] +++ exited with 0 +++ [pid 5871] +++ exited with 0 +++ [pid 5870] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5870, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./262/binderfs") = 0 umount2("./262/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./262/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./262/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./262/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5873 ./strace-static-x86_64: Process 5873 attached [pid 5873] set_robust_list(0x5555556365e0, 24) = 0 [pid 5873] chdir("./263") = 0 [pid 5873] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5873] setpgid(0, 0) = 0 [pid 5873] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5873] write(3, "1000", 4) = 4 [pid 5873] close(3) = 0 [pid 5873] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5873] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5874], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5874 ./strace-static-x86_64: Process 5874 attached [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5874] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5874] memfd_create("syzkaller", 0) = 3 [pid 5874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5874] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5874] munmap(0x7f5499e77000, 2097152) = 0 [pid 5874] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5874] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5874] close(3) = 0 [pid 5874] mkdir("./bus", 0777) = 0 [pid 5874] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5874] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5874] chdir("./bus") = 0 [pid 5874] ioctl(4, LOOP_CLR_FD) = 0 [pid 5874] close(4) = 0 [pid 5874] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5874] creat("./bus", 000 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... creat resumed>) = 4 [pid 5874] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5874] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... fcntl resumed>) = 0 [pid 5874] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] ftruncate(4, 2048 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] <... ftruncate resumed>) = 0 [pid 5874] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] lseek(4, 0, SEEK_END) = 2048 [pid 5874] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] open("./bus", O_RDONLY) = 5 [ 155.375077][ T5874] loop0: detected capacity change from 0 to 4096 [ 155.384779][ T5874] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5874] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5874] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5873] <... futex resumed>) = 0 [pid 5873] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 1 [pid 5874] sendfile(4, 5, NULL, 145139829833722 [pid 5873] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5873] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5873] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5873] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5875 attached , parent_tid=[5875], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5875 [pid 5873] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5875] set_robust_list(0x7f549a0769e0, 24) = 0 [ 155.434219][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 155.434232][ T27] audit: type=1804 audit(1671454736.179:265): pid=5874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/263/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5875] sendfile(4, 5, NULL, 145139829833722 [pid 5873] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5873] exit_group(0) = ? [pid 5875] <... sendfile resumed>) = ? [pid 5874] <... sendfile resumed>) = ? [pid 5875] +++ exited with 0 +++ [pid 5874] +++ exited with 0 +++ [pid 5873] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5873, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./263/binderfs") = 0 umount2("./263/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./263/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./263/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5876 ./strace-static-x86_64: Process 5876 attached [pid 5876] set_robust_list(0x5555556365e0, 24) = 0 [pid 5876] chdir("./264") = 0 [pid 5876] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5876] setpgid(0, 0) = 0 [pid 5876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5876] write(3, "1000", 4) = 4 [pid 5876] close(3) = 0 [pid 5876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5876] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5877], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5877 [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5877 attached [pid 5877] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5877] memfd_create("syzkaller", 0) = 3 [pid 5877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5877] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5877] munmap(0x7f5499e77000, 2097152) = 0 [pid 5877] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5877] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5877] close(3) = 0 [pid 5877] mkdir("./bus", 0777) = 0 [pid 5877] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5877] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5877] chdir("./bus") = 0 [pid 5877] ioctl(4, LOOP_CLR_FD) = 0 [pid 5877] close(4) = 0 [pid 5877] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] creat("./bus", 000) = 4 [pid 5877] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5876] <... futex resumed>) = 0 [pid 5877] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5876] <... futex resumed>) = 0 [pid 5877] <... fcntl resumed>) = 0 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] ftruncate(4, 2048 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... ftruncate resumed>) = 0 [ 155.757566][ T5877] loop0: detected capacity change from 0 to 4096 [ 155.767413][ T5877] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5877] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5877] <... futex resumed>) = 1 [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] lseek(4, 0, SEEK_END [pid 5876] <... futex resumed>) = 0 [pid 5877] <... lseek resumed>) = 2048 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5877] <... futex resumed>) = 0 [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] open("./bus", O_RDONLY [pid 5876] <... futex resumed>) = 0 [pid 5877] <... open resumed>) = 5 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = 0 [pid 5876] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5877] <... futex resumed>) = 1 [ 155.820195][ T27] audit: type=1804 audit(1671454736.559:266): pid=5877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/264/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5877] sendfile(4, 5, NULL, 145139829833722 [pid 5876] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5876] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5876] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5876] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5878], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5878 [pid 5876] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5876] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5878 attached [pid 5878] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5878] sendfile(4, 5, NULL, 145139829833722 [pid 5876] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5876] exit_group(0) = ? [pid 5877] <... sendfile resumed>) = ? [pid 5877] +++ exited with 0 +++ [pid 5878] <... sendfile resumed>) = ? [pid 5878] +++ exited with 0 +++ [pid 5876] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5876, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./264/binderfs") = 0 umount2("./264/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./264/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./264/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5879 ./strace-static-x86_64: Process 5879 attached [pid 5879] set_robust_list(0x5555556365e0, 24) = 0 [pid 5879] chdir("./265") = 0 [pid 5879] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5879] setpgid(0, 0) = 0 [pid 5879] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5879] write(3, "1000", 4) = 4 [pid 5879] close(3) = 0 [pid 5879] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5879] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5879] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5880], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5880 [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5880 attached [pid 5880] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5880] memfd_create("syzkaller", 0) = 3 [pid 5880] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5880] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5880] munmap(0x7f5499e77000, 2097152) = 0 [pid 5880] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5880] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5880] close(3) = 0 [pid 5880] mkdir("./bus", 0777) = 0 [pid 5880] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5880] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5880] chdir("./bus") = 0 [pid 5880] ioctl(4, LOOP_CLR_FD) = 0 [pid 5880] close(4) = 0 [pid 5880] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] <... futex resumed>) = 0 [pid 5880] creat("./bus", 000 [ 156.166560][ T5880] loop0: detected capacity change from 0 to 4096 [ 156.176230][ T5880] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... creat resumed>) = 4 [pid 5880] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... fcntl resumed>) = 0 [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] ftruncate(4, 2048 [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... ftruncate resumed>) = 0 [pid 5880] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5880] lseek(4, 0, SEEK_END [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... lseek resumed>) = 2048 [pid 5879] <... futex resumed>) = 0 [pid 5880] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5880] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] open("./bus", O_RDONLY [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... open resumed>) = 5 [pid 5880] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5880] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5879] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5880] <... futex resumed>) = 0 [pid 5879] <... futex resumed>) = 1 [pid 5880] sendfile(4, 5, NULL, 145139829833722 [pid 5879] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5879] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5879] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [ 156.233401][ T27] audit: type=1804 audit(1671454736.979:267): pid=5880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/265/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5879] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5881 attached , parent_tid=[5881], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5881 [pid 5881] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5881] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5879] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5881] <... futex resumed>) = 0 [pid 5881] sendfile(4, 5, NULL, 145139829833722 [pid 5879] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5879] exit_group(0) = ? [pid 5881] <... sendfile resumed>) = ? [pid 5880] <... sendfile resumed>) = ? [pid 5880] +++ exited with 0 +++ [pid 5881] +++ exited with 0 +++ [pid 5879] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5879, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./265/binderfs") = 0 umount2("./265/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./265/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./265/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5882 ./strace-static-x86_64: Process 5882 attached [pid 5882] set_robust_list(0x5555556365e0, 24) = 0 [pid 5882] chdir("./266") = 0 [pid 5882] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5882] setpgid(0, 0) = 0 [pid 5882] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5882] write(3, "1000", 4) = 4 [pid 5882] close(3) = 0 [pid 5882] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5882] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5883], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5883 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5883 attached [pid 5883] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5883] memfd_create("syzkaller", 0) = 3 [pid 5883] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5883] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5883] munmap(0x7f5499e77000, 2097152) = 0 [pid 5883] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5883] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5883] close(3) = 0 [pid 5883] mkdir("./bus", 0777) = 0 [pid 5883] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5883] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5883] chdir("./bus") = 0 [pid 5883] ioctl(4, LOOP_CLR_FD) = 0 [pid 5883] close(4) = 0 [pid 5883] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 1 [pid 5883] creat("./bus", 000) = 4 [pid 5883] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 1 [pid 5883] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5883] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 1 [pid 5883] ftruncate(4, 2048) = 0 [pid 5883] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 1 [pid 5883] lseek(4, 0, SEEK_END) = 2048 [pid 5883] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 1 [ 156.558283][ T5883] loop0: detected capacity change from 0 to 4096 [ 156.567222][ T5883] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5883] open("./bus", O_RDONLY) = 5 [pid 5883] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5882] <... futex resumed>) = 0 [pid 5882] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5882] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5883] <... futex resumed>) = 0 [ 156.609157][ T27] audit: type=1804 audit(1671454737.349:268): pid=5883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/266/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5883] sendfile(4, 5, NULL, 145139829833722 [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5882] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5882] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5882] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5882] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5884 attached , parent_tid=[5884], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5884 [pid 5882] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] set_robust_list(0x7f549a0769e0, 24 [pid 5882] <... futex resumed>) = 0 [pid 5884] <... set_robust_list resumed>) = 0 [pid 5882] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] sendfile(4, 5, NULL, 145139829833722 [pid 5882] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5882] exit_group(0) = ? [pid 5884] <... sendfile resumed>) = ? [pid 5884] +++ exited with 0 +++ [pid 5883] <... sendfile resumed>) = ? [pid 5883] +++ exited with 0 +++ [pid 5882] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5882, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./266/binderfs") = 0 umount2("./266/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./266/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./266/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5885] set_robust_list(0x5555556365e0, 24) = 0 [pid 5885] chdir("./267") = 0 [pid 5885] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5885] setpgid(0, 0) = 0 [pid 5885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5885] write(3, "1000", 4) = 4 [pid 5885] close(3) = 0 [pid 5885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5885] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5886], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5886 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5886 attached [pid 5886] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5886] memfd_create("syzkaller", 0) = 3 [pid 5886] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5886] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5886] munmap(0x7f5499e77000, 2097152) = 0 [pid 5886] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5886] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5886] close(3) = 0 [pid 5886] mkdir("./bus", 0777) = 0 [pid 5886] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5886] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5886] chdir("./bus") = 0 [pid 5886] ioctl(4, LOOP_CLR_FD) = 0 [pid 5886] close(4) = 0 [pid 5886] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [pid 5886] creat("./bus", 000) = 4 [pid 5886] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [pid 5886] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5886] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [pid 5886] ftruncate(4, 2048) = 0 [pid 5886] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [pid 5886] lseek(4, 0, SEEK_END) = 2048 [pid 5886] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [ 156.954143][ T5886] loop0: detected capacity change from 0 to 4096 [ 156.963976][ T5886] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5886] open("./bus", O_RDONLY) = 5 [pid 5886] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5885] <... futex resumed>) = 0 [pid 5885] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5886] <... futex resumed>) = 1 [ 157.004430][ T27] audit: type=1804 audit(1671454737.749:269): pid=5886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/267/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5886] sendfile(4, 5, NULL, 145139829833722 [pid 5885] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5885] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5885] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5885] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5887], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5887 ./strace-static-x86_64: Process 5887 attached [pid 5887] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5887] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5885] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... futex resumed>) = 0 [pid 5887] sendfile(4, 5, NULL, 145139829833722 [pid 5885] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5885] exit_group(0 [pid 5887] <... sendfile resumed>) = ? [pid 5885] <... exit_group resumed>) = ? [pid 5886] <... sendfile resumed>) = ? [pid 5887] +++ exited with 0 +++ [pid 5886] +++ exited with 0 +++ [pid 5885] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5885, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./267/binderfs") = 0 umount2("./267/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./267/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./267/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5888 ./strace-static-x86_64: Process 5888 attached [pid 5888] set_robust_list(0x5555556365e0, 24) = 0 [pid 5888] chdir("./268") = 0 [pid 5888] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5888] setpgid(0, 0) = 0 [pid 5888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5888] write(3, "1000", 4) = 4 [pid 5888] close(3) = 0 [pid 5888] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5888] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5888] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5889 attached , parent_tid=[5889], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5889 [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5889] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5889] memfd_create("syzkaller", 0) = 3 [pid 5889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5889] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5889] munmap(0x7f5499e77000, 2097152) = 0 [pid 5889] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5889] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5889] close(3) = 0 [pid 5889] mkdir("./bus", 0777) = 0 [pid 5889] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5889] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5889] chdir("./bus") = 0 [pid 5889] ioctl(4, LOOP_CLR_FD) = 0 [pid 5889] close(4) = 0 [pid 5889] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] <... futex resumed>) = 0 [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5889] creat("./bus", 000 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... creat resumed>) = 4 [pid 5889] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] <... futex resumed>) = 0 [pid 5889] <... futex resumed>) = 1 [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5888] <... futex resumed>) = 0 [pid 5889] <... fcntl resumed>) = 0 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] ftruncate(4, 2048 [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... ftruncate resumed>) = 0 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = 1 [pid 5889] lseek(4, 0, SEEK_END [ 157.352423][ T5889] loop0: detected capacity change from 0 to 4096 [ 157.362494][ T5889] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... lseek resumed>) = 2048 [pid 5889] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5888] <... futex resumed>) = 0 [pid 5889] open("./bus", O_RDONLY [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... open resumed>) = 5 [pid 5888] <... futex resumed>) = 0 [pid 5889] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5889] <... futex resumed>) = 0 [pid 5888] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5889] sendfile(4, 5, NULL, 145139829833722 [pid 5888] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5888] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5888] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5888] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5890], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5890 [pid 5888] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5888] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5890 attached [pid 5890] set_robust_list(0x7f549a0769e0, 24) = 0 [ 157.416041][ T27] audit: type=1804 audit(1671454738.159:270): pid=5889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/268/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5890] sendfile(4, 5, NULL, 145139829833722 [pid 5888] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5888] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5888] exit_group(0) = ? [pid 5889] <... sendfile resumed>) = ? [pid 5889] +++ exited with 0 +++ [pid 5890] <... sendfile resumed>) = ? [pid 5890] +++ exited with 0 +++ [pid 5888] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5888, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./268/binderfs") = 0 umount2("./268/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./268/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./268/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5891 attached , child_tidptr=0x5555556365d0) = 5891 [pid 5891] set_robust_list(0x5555556365e0, 24) = 0 [pid 5891] chdir("./269") = 0 [pid 5891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5891] setpgid(0, 0) = 0 [pid 5891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5891] write(3, "1000", 4) = 4 [pid 5891] close(3) = 0 [pid 5891] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5891] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x7f54a22979e0, 24 [pid 5891] <... clone resumed>, parent_tid=[5892], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5892 [pid 5892] <... set_robust_list resumed>) = 0 [pid 5892] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5892] memfd_create("syzkaller", 0) = 3 [pid 5892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5892] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5892] munmap(0x7f5499e77000, 2097152) = 0 [pid 5892] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5892] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5892] close(3) = 0 [pid 5892] mkdir("./bus", 0777) = 0 [pid 5892] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5892] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5892] chdir("./bus") = 0 [pid 5892] ioctl(4, LOOP_CLR_FD) = 0 [pid 5892] close(4) = 0 [pid 5892] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 0 [pid 5892] creat("./bus", 000) = 4 [pid 5892] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5892] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] ftruncate(4, 2048) = 0 [pid 5892] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [pid 5892] lseek(4, 0, SEEK_END) = 2048 [pid 5892] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 1 [ 157.757477][ T5892] loop0: detected capacity change from 0 to 4096 [ 157.766464][ T5892] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5892] open("./bus", O_RDONLY) = 5 [pid 5892] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5892] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5891] <... futex resumed>) = 0 [pid 5891] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5891] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5892] <... futex resumed>) = 0 [pid 5892] sendfile(4, 5, NULL, 145139829833722 [pid 5891] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5891] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5891] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5891] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5893], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5893 [pid 5891] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5891] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5893 attached [pid 5893] set_robust_list(0x7f549a0769e0, 24) = 0 [ 157.816134][ T27] audit: type=1804 audit(1671454738.559:271): pid=5892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/269/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5893] sendfile(4, 5, NULL, 145139829833722 [pid 5891] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5891] exit_group(0) = ? [pid 5893] <... sendfile resumed>) = ? [pid 5892] <... sendfile resumed>) = ? [pid 5892] +++ exited with 0 +++ [pid 5893] +++ exited with 0 +++ [pid 5891] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5891, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=15 /* 0.15 s */} --- umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./269/binderfs") = 0 umount2("./269/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./269/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./269/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5894 ./strace-static-x86_64: Process 5894 attached [pid 5894] set_robust_list(0x5555556365e0, 24) = 0 [pid 5894] chdir("./270") = 0 [pid 5894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5894] setpgid(0, 0) = 0 [pid 5894] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5894] write(3, "1000", 4) = 4 [pid 5894] close(3) = 0 [pid 5894] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5894] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5895 attached , parent_tid=[5895], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5895 [pid 5895] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5895] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5895] memfd_create("syzkaller", 0) = 3 [pid 5895] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5895] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5895] munmap(0x7f5499e77000, 2097152) = 0 [pid 5895] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5895] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5895] close(3) = 0 [pid 5895] mkdir("./bus", 0777) = 0 [pid 5895] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5895] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5895] chdir("./bus") = 0 [pid 5895] ioctl(4, LOOP_CLR_FD) = 0 [pid 5895] close(4) = 0 [pid 5895] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] creat("./bus", 000) = 4 [pid 5895] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5895] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] ftruncate(4, 2048) = 0 [pid 5895] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5895] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5895] lseek(4, 0, SEEK_END) = 2048 [pid 5895] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] open("./bus", O_RDONLY) = 5 [pid 5895] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 158.143639][ T5895] loop0: detected capacity change from 0 to 4096 [ 158.153166][ T5895] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5895] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] <... futex resumed>) = 0 [pid 5894] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5894] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5895] <... futex resumed>) = 0 [pid 5895] sendfile(4, 5, NULL, 145139829833722 [pid 5894] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5894] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5894] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5894] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5896 attached , parent_tid=[5896], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5896 [pid 5894] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5894] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] set_robust_list(0x7f549a0769e0, 24) = 0 [ 158.204033][ T27] audit: type=1804 audit(1671454738.949:272): pid=5895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/270/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5896] sendfile(4, 5, NULL, 145139829833722 [pid 5894] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5894] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5894] exit_group(0) = ? [pid 5896] <... sendfile resumed>) = ? [pid 5896] +++ exited with 0 +++ [pid 5895] <... sendfile resumed>) = ? [pid 5895] +++ exited with 0 +++ [pid 5894] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5894, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./270/binderfs") = 0 umount2("./270/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./270/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./270/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5897 attached , child_tidptr=0x5555556365d0) = 5897 [pid 5897] set_robust_list(0x5555556365e0, 24) = 0 [pid 5897] chdir("./271") = 0 [pid 5897] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5897] setpgid(0, 0) = 0 [pid 5897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5897] write(3, "1000", 4) = 4 [pid 5897] close(3) = 0 [pid 5897] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5897] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5897] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5898], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5898 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5898] memfd_create("syzkaller", 0) = 3 [pid 5898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5898] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5898] munmap(0x7f5499e77000, 2097152) = 0 [pid 5898] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5898] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5898] close(3) = 0 [pid 5898] mkdir("./bus", 0777) = 0 [pid 5898] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5898] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5898] chdir("./bus") = 0 [pid 5898] ioctl(4, LOOP_CLR_FD) = 0 [pid 5898] close(4) = 0 [pid 5898] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... futex resumed>) = 1 [pid 5898] creat("./bus", 000) = 4 [pid 5898] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... futex resumed>) = 1 [pid 5898] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5898] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... futex resumed>) = 1 [pid 5898] ftruncate(4, 2048) = 0 [pid 5898] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... futex resumed>) = 1 [pid 5898] lseek(4, 0, SEEK_END) = 2048 [pid 5898] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... futex resumed>) = 1 [pid 5898] open("./bus", O_RDONLY) = 5 [pid 5898] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... futex resumed>) = 0 [pid 5897] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5898] <... futex resumed>) = 1 [ 158.530317][ T5898] loop0: detected capacity change from 0 to 4096 [ 158.539575][ T5898] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5898] sendfile(4, 5, NULL, 145139829833722 [pid 5897] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5897] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5897] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5897] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5897] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5899 attached , parent_tid=[5899], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5899 [pid 5897] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5897] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] set_robust_list(0x7f549a0769e0, 24) = 0 [ 158.587231][ T27] audit: type=1804 audit(1671454739.329:273): pid=5898 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/271/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5899] sendfile(4, 5, NULL, 145139829833722 [pid 5897] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5897] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5897] exit_group(0) = ? [pid 5898] <... sendfile resumed>) = ? [pid 5898] +++ exited with 0 +++ [pid 5899] <... sendfile resumed>) = ? [pid 5899] +++ exited with 0 +++ [pid 5897] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5897, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./271/binderfs") = 0 umount2("./271/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./271/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./271/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./271/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5900 ./strace-static-x86_64: Process 5900 attached [pid 5900] set_robust_list(0x5555556365e0, 24) = 0 [pid 5900] chdir("./272") = 0 [pid 5900] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5900] setpgid(0, 0) = 0 [pid 5900] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5900] write(3, "1000", 4) = 4 [pid 5900] close(3) = 0 [pid 5900] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5900] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5901 attached , parent_tid=[5901], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5901 [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5901] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5901] memfd_create("syzkaller", 0) = 3 [pid 5901] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5901] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5901] munmap(0x7f5499e77000, 2097152) = 0 [pid 5901] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5901] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5901] close(3) = 0 [pid 5901] mkdir("./bus", 0777) = 0 [pid 5901] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5901] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5901] chdir("./bus") = 0 [pid 5901] ioctl(4, LOOP_CLR_FD) = 0 [pid 5901] close(4) = 0 [pid 5901] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 1 [pid 5901] creat("./bus", 000) = 4 [pid 5901] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5901] <... futex resumed>) = 1 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5901] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 1 [pid 5901] ftruncate(4, 2048) = 0 [pid 5901] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 1 [pid 5901] lseek(4, 0, SEEK_END) = 2048 [pid 5901] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [ 158.910636][ T5901] loop0: detected capacity change from 0 to 4096 [ 158.920001][ T5901] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 1 [pid 5901] open("./bus", O_RDONLY) = 5 [pid 5901] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] <... futex resumed>) = 0 [pid 5900] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5901] <... futex resumed>) = 1 [pid 5901] sendfile(4, 5, NULL, 145139829833722 [pid 5900] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5900] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5900] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5900] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5900] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5900] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5902 attached , parent_tid=[5902], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5902 [pid 5902] set_robust_list(0x7f549a0769e0, 24 [pid 5900] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5900] <... futex resumed>) = 0 [pid 5902] sendfile(4, 5, NULL, 145139829833722 [ 158.959310][ T27] audit: type=1804 audit(1671454739.699:274): pid=5901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/272/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5900] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5900] exit_group(0) = ? [pid 5902] <... sendfile resumed>) = ? [pid 5902] +++ exited with 0 +++ [pid 5901] <... sendfile resumed>) = ? [pid 5901] +++ exited with 0 +++ [pid 5900] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5900, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./272/binderfs") = 0 umount2("./272/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./272/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./272/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5903 ./strace-static-x86_64: Process 5903 attached [pid 5903] set_robust_list(0x5555556365e0, 24) = 0 [pid 5903] chdir("./273") = 0 [pid 5903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5903] setpgid(0, 0) = 0 [pid 5903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5903] write(3, "1000", 4) = 4 [pid 5903] close(3) = 0 [pid 5903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5903] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5903] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5904 attached , parent_tid=[5904], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5904 [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5904] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5904] memfd_create("syzkaller", 0) = 3 [pid 5904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5904] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5904] munmap(0x7f5499e77000, 2097152) = 0 [pid 5904] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5904] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5904] close(3) = 0 [pid 5904] mkdir("./bus", 0777) = 0 [pid 5904] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5904] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5904] chdir("./bus") = 0 [pid 5904] ioctl(4, LOOP_CLR_FD) = 0 [pid 5904] close(4) = 0 [pid 5904] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... futex resumed>) = 1 [pid 5904] creat("./bus", 000) = 4 [pid 5904] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5904] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] ftruncate(4, 2048) = 0 [pid 5904] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] lseek(4, 0, SEEK_END [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... lseek resumed>) = 2048 [pid 5904] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5904] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5903] <... futex resumed>) = 0 [pid 5904] open("./bus", O_RDONLY [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5904] <... open resumed>) = 5 [pid 5904] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5903] <... futex resumed>) = 0 [pid 5903] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 159.287218][ T5904] loop0: detected capacity change from 0 to 4096 [ 159.296779][ T5904] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5904] sendfile(4, 5, NULL, 145139829833722 [pid 5903] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5903] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5903] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5903] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5905 attached , parent_tid=[5905], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5905 [pid 5905] set_robust_list(0x7f549a0769e0, 24 [pid 5903] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... set_robust_list resumed>) = 0 [pid 5903] <... futex resumed>) = 0 [pid 5905] sendfile(4, 5, NULL, 145139829833722 [pid 5903] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5903] exit_group(0) = ? [pid 5904] <... sendfile resumed>) = ? [pid 5905] <... sendfile resumed>) = ? [pid 5905] +++ exited with 0 +++ [pid 5904] +++ exited with 0 +++ [pid 5903] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5903, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./273/binderfs") = 0 umount2("./273/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./273/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./273/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5906 ./strace-static-x86_64: Process 5906 attached [pid 5906] set_robust_list(0x5555556365e0, 24) = 0 [pid 5906] chdir("./274") = 0 [pid 5906] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5906] setpgid(0, 0) = 0 [pid 5906] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5906] write(3, "1000", 4) = 4 [pid 5906] close(3) = 0 [pid 5906] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5906] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5907], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5907 [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5907 attached [pid 5907] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5907] memfd_create("syzkaller", 0) = 3 [pid 5907] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5907] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5907] munmap(0x7f5499e77000, 2097152) = 0 [pid 5907] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5907] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5907] close(3) = 0 [pid 5907] mkdir("./bus", 0777) = 0 [pid 5907] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5907] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5907] chdir("./bus") = 0 [pid 5907] ioctl(4, LOOP_CLR_FD) = 0 [pid 5907] close(4) = 0 [pid 5907] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5907] creat("./bus", 000 [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... creat resumed>) = 4 [pid 5907] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5907] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... fcntl resumed>) = 0 [pid 5907] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] ftruncate(4, 2048 [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... ftruncate resumed>) = 0 [pid 5907] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] <... futex resumed>) = 0 [pid 5907] lseek(4, 0, SEEK_END [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5907] <... lseek resumed>) = 2048 [pid 5907] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5906] <... futex resumed>) = 0 [pid 5907] open("./bus", O_RDONLY [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] <... open resumed>) = 5 [pid 5907] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5906] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5906] <... futex resumed>) = 1 [pid 5907] sendfile(4, 5, NULL, 145139829833722 [ 159.660132][ T5907] loop0: detected capacity change from 0 to 4096 [ 159.669703][ T5907] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5906] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5906] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5906] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5906] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5906] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5908], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5908 ./strace-static-x86_64: Process 5908 attached [pid 5906] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5906] <... futex resumed>) = 0 [pid 5906] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] sendfile(4, 5, NULL, 145139829833722 [pid 5906] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5906] exit_group(0) = ? [pid 5908] <... sendfile resumed>) = ? [pid 5908] +++ exited with 0 +++ [pid 5907] <... sendfile resumed>) = ? [pid 5907] +++ exited with 0 +++ [pid 5906] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5906, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./274/binderfs") = 0 umount2("./274/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./274/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./274/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5909 ./strace-static-x86_64: Process 5909 attached [pid 5909] set_robust_list(0x5555556365e0, 24) = 0 [pid 5909] chdir("./275") = 0 [pid 5909] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5909] setpgid(0, 0) = 0 [pid 5909] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5909] write(3, "1000", 4) = 4 [pid 5909] close(3) = 0 [pid 5909] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5909] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5910], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5910 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5910 attached [pid 5910] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5910] memfd_create("syzkaller", 0) = 3 [pid 5910] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5910] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5910] munmap(0x7f5499e77000, 2097152) = 0 [pid 5910] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5910] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5910] close(3) = 0 [pid 5910] mkdir("./bus", 0777) = 0 [pid 5910] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5910] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5910] chdir("./bus") = 0 [pid 5910] ioctl(4, LOOP_CLR_FD) = 0 [pid 5910] close(4) = 0 [pid 5910] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] creat("./bus", 000) = 4 [pid 5910] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5910] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] ftruncate(4, 2048) = 0 [pid 5910] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] lseek(4, 0, SEEK_END) = 2048 [pid 5910] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 160.025265][ T5910] loop0: detected capacity change from 0 to 4096 [ 160.034250][ T5910] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5910] open("./bus", O_RDONLY) = 5 [pid 5910] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5909] <... futex resumed>) = 0 [pid 5909] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5910] <... futex resumed>) = 1 [pid 5910] sendfile(4, 5, NULL, 145139829833722 [pid 5909] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5909] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5909] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5911], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5911 [pid 5909] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5909] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5911 attached [pid 5911] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5911] sendfile(4, 5, NULL, 145139829833722 [pid 5909] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5909] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5909] exit_group(0 [pid 5910] <... sendfile resumed>) = ? [pid 5909] <... exit_group resumed>) = ? [pid 5910] +++ exited with 0 +++ [pid 5911] <... sendfile resumed>) = ? [pid 5911] +++ exited with 0 +++ [pid 5909] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5909, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./275/binderfs") = 0 umount2("./275/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./275/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./275/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5912 ./strace-static-x86_64: Process 5912 attached [pid 5912] set_robust_list(0x5555556365e0, 24) = 0 [pid 5912] chdir("./276") = 0 [pid 5912] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5912] setpgid(0, 0) = 0 [pid 5912] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5912] write(3, "1000", 4) = 4 [pid 5912] close(3) = 0 [pid 5912] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5912] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5913 attached , parent_tid=[5913], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5913 [pid 5913] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5913] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5913] memfd_create("syzkaller", 0) = 3 [pid 5913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5913] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5913] munmap(0x7f5499e77000, 2097152) = 0 [pid 5913] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5913] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5913] close(3) = 0 [pid 5913] mkdir("./bus", 0777) = 0 [pid 5913] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5913] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5913] chdir("./bus") = 0 [pid 5913] ioctl(4, LOOP_CLR_FD) = 0 [pid 5913] close(4) = 0 [pid 5913] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5912] <... futex resumed>) = 0 [pid 5913] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5912] <... futex resumed>) = 0 [pid 5913] creat("./bus", 000 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... creat resumed>) = 4 [pid 5913] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... futex resumed>) = 1 [pid 5913] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5913] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... futex resumed>) = 1 [pid 5913] ftruncate(4, 2048) = 0 [pid 5913] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 160.425997][ T5913] loop0: detected capacity change from 0 to 4096 [ 160.435364][ T5913] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... futex resumed>) = 1 [pid 5913] lseek(4, 0, SEEK_END) = 2048 [pid 5913] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5913] <... futex resumed>) = 1 [pid 5913] open("./bus", O_RDONLY) = 5 [pid 5913] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5912] <... futex resumed>) = 1 [pid 5913] sendfile(4, 5, NULL, 145139829833722 [pid 5912] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5912] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5912] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5912] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5912] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5914], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5914 ./strace-static-x86_64: Process 5914 attached [pid 5914] set_robust_list(0x7f549a0769e0, 24 [pid 5912] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... set_robust_list resumed>) = 0 [pid 5912] <... futex resumed>) = 0 [pid 5912] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 160.489819][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 160.489828][ T27] audit: type=1804 audit(1671454741.229:278): pid=5913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/276/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5914] sendfile(4, 5, NULL, 145139829833722 [pid 5912] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5912] exit_group(0) = ? [pid 5914] <... sendfile resumed>) = ? [pid 5914] +++ exited with 0 +++ [pid 5913] <... sendfile resumed>) = ? [pid 5913] +++ exited with 0 +++ [pid 5912] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5912, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./276/binderfs") = 0 umount2("./276/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./276/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./276/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5915 ./strace-static-x86_64: Process 5915 attached [pid 5915] set_robust_list(0x5555556365e0, 24) = 0 [pid 5915] chdir("./277") = 0 [pid 5915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5915] setpgid(0, 0) = 0 [pid 5915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5915] write(3, "1000", 4) = 4 [pid 5915] close(3) = 0 [pid 5915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5915] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5916], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5916 [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5916] memfd_create("syzkaller", 0) = 3 [pid 5916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5916] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5916] munmap(0x7f5499e77000, 2097152) = 0 [pid 5916] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5916] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5916] close(3) = 0 [pid 5916] mkdir("./bus", 0777) = 0 [pid 5916] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5916] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5916] chdir("./bus") = 0 [pid 5916] ioctl(4, LOOP_CLR_FD) = 0 [pid 5916] close(4) = 0 [pid 5916] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] creat("./bus", 000) = 4 [pid 5916] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] <... fcntl resumed>) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5915] <... futex resumed>) = 0 [pid 5916] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] ftruncate(4, 2048) = 0 [pid 5916] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... futex resumed>) = 1 [pid 5916] lseek(4, 0, SEEK_END) = 2048 [pid 5916] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [ 160.840176][ T5916] loop0: detected capacity change from 0 to 4096 [ 160.850005][ T5916] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... futex resumed>) = 1 [pid 5916] open("./bus", O_RDONLY) = 5 [pid 5916] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5915] <... futex resumed>) = 0 [pid 5915] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5916] <... futex resumed>) = 1 [pid 5916] sendfile(4, 5, NULL, 145139829833722 [pid 5915] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5915] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5915] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5915] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5917 attached [pid 5917] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5917] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5915] <... clone resumed>, parent_tid=[5917], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5917 [pid 5915] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5917] <... futex resumed>) = 0 [pid 5915] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 160.902682][ T27] audit: type=1804 audit(1671454741.649:279): pid=5916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/277/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5917] sendfile(4, 5, NULL, 145139829833722 [pid 5915] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5915] exit_group(0) = ? [pid 5916] <... sendfile resumed>) = ? [pid 5916] +++ exited with 0 +++ [pid 5917] <... sendfile resumed>) = ? [pid 5917] +++ exited with 0 +++ [pid 5915] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5915, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./277/binderfs") = 0 umount2("./277/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./277/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./277/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5918 ./strace-static-x86_64: Process 5918 attached [pid 5918] set_robust_list(0x5555556365e0, 24) = 0 [pid 5918] chdir("./278") = 0 [pid 5918] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5918] setpgid(0, 0) = 0 [pid 5918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5918] write(3, "1000", 4) = 4 [pid 5918] close(3) = 0 [pid 5918] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5918] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5918] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5919 attached , parent_tid=[5919], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5919 [pid 5919] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5919] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5919] <... futex resumed>) = 0 [pid 5919] memfd_create("syzkaller", 0) = 3 [pid 5919] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5919] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5919] munmap(0x7f5499e77000, 2097152) = 0 [pid 5919] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5919] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5919] close(3) = 0 [pid 5919] mkdir("./bus", 0777) = 0 [pid 5919] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5919] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5919] chdir("./bus") = 0 [pid 5919] ioctl(4, LOOP_CLR_FD) = 0 [pid 5919] close(4) = 0 [pid 5919] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] <... futex resumed>) = 0 [pid 5919] creat("./bus", 000 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... creat resumed>) = 4 [pid 5919] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] <... fcntl resumed>) = 0 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] ftruncate(4, 2048 [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] <... ftruncate resumed>) = 0 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] <... futex resumed>) = 0 [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] lseek(4, 0, SEEK_END) = 2048 [pid 5919] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5919] open("./bus", O_RDONLY [pid 5918] <... futex resumed>) = 0 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5919] <... open resumed>) = 5 [ 161.230705][ T5919] loop0: detected capacity change from 0 to 4096 [ 161.240539][ T5919] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5919] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5918] <... futex resumed>) = 0 [pid 5919] sendfile(4, 5, NULL, 145139829833722 [pid 5918] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5918] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5918] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5918] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5920 attached , parent_tid=[5920], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5920 [pid 5918] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] set_robust_list(0x7f549a0769e0, 24 [pid 5918] <... futex resumed>) = 0 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5918] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 161.288664][ T27] audit: type=1804 audit(1671454742.029:280): pid=5919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/278/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5920] sendfile(4, 5, NULL, 145139829833722 [pid 5918] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5918] exit_group(0) = ? [pid 5919] <... sendfile resumed>) = ? [pid 5919] +++ exited with 0 +++ [pid 5920] <... sendfile resumed>) = ? [pid 5920] +++ exited with 0 +++ [pid 5918] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5918, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./278/binderfs") = 0 umount2("./278/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./278/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./278/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5921] set_robust_list(0x5555556365e0, 24) = 0 [pid 5921] chdir("./279") = 0 [pid 5921] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5921] setpgid(0, 0) = 0 [pid 5921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5921] write(3, "1000", 4) = 4 [pid 5921] close(3) = 0 [pid 5921] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5921] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5922], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5922 [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5922 attached [pid 5922] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5922] memfd_create("syzkaller", 0) = 3 [pid 5922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5922] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5922] munmap(0x7f5499e77000, 2097152) = 0 [pid 5922] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5922] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5922] close(3) = 0 [pid 5922] mkdir("./bus", 0777) = 0 [pid 5922] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5922] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5922] chdir("./bus") = 0 [pid 5922] ioctl(4, LOOP_CLR_FD) = 0 [pid 5922] close(4) = 0 [pid 5922] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5921] <... futex resumed>) = 0 [pid 5922] creat("./bus", 000 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... creat resumed>) = 4 [pid 5922] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5922] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5922] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5921] <... futex resumed>) = 1 [pid 5922] ftruncate(4, 2048 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... ftruncate resumed>) = 0 [ 161.616724][ T5922] loop0: detected capacity change from 0 to 4096 [ 161.625957][ T5922] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5922] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] lseek(4, 0, SEEK_END [pid 5921] <... futex resumed>) = 0 [pid 5922] <... lseek resumed>) = 2048 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5922] <... futex resumed>) = 0 [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] open("./bus", O_RDONLY [pid 5921] <... futex resumed>) = 0 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5922] <... open resumed>) = 5 [pid 5922] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5921] <... futex resumed>) = 0 [pid 5922] sendfile(4, 5, NULL, 145139829833722 [pid 5921] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5921] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5921] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5921] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5923], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5923 [pid 5921] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5921] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5923 attached [pid 5923] set_robust_list(0x7f549a0769e0, 24) = 0 [ 161.679122][ T27] audit: type=1804 audit(1671454742.419:281): pid=5922 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/279/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5923] sendfile(4, 5, NULL, 145139829833722 [pid 5921] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5921] exit_group(0) = ? [pid 5923] <... sendfile resumed>) = ? [pid 5923] +++ exited with 0 +++ [pid 5922] <... sendfile resumed>) = ? [pid 5922] +++ exited with 0 +++ [pid 5921] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5921, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./279/binderfs") = 0 umount2("./279/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./279/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./279/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5924 ./strace-static-x86_64: Process 5924 attached [pid 5924] set_robust_list(0x5555556365e0, 24) = 0 [pid 5924] chdir("./280") = 0 [pid 5924] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5924] setpgid(0, 0) = 0 [pid 5924] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5924] write(3, "1000", 4) = 4 [pid 5924] close(3) = 0 [pid 5924] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5924] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x7f54a22979e0, 24 [pid 5924] <... clone resumed>, parent_tid=[5925], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5925 [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5925] <... set_robust_list resumed>) = 0 [pid 5925] memfd_create("syzkaller", 0) = 3 [pid 5925] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5925] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5925] munmap(0x7f5499e77000, 2097152) = 0 [pid 5925] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5925] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5925] close(3) = 0 [pid 5925] mkdir("./bus", 0777) = 0 [pid 5925] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5925] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5925] chdir("./bus") = 0 [pid 5925] ioctl(4, LOOP_CLR_FD) = 0 [pid 5925] close(4) = 0 [pid 5925] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 0 [pid 5925] creat("./bus", 000) = 4 [pid 5925] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5925] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] <... futex resumed>) = 0 [pid 5925] ftruncate(4, 2048 [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... ftruncate resumed>) = 0 [pid 5925] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 1 [pid 5925] lseek(4, 0, SEEK_END) = 2048 [pid 5925] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 161.999643][ T5925] loop0: detected capacity change from 0 to 4096 [ 162.009181][ T5925] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 1 [pid 5925] open("./bus", O_RDONLY) = 5 [pid 5925] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5924] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5925] <... futex resumed>) = 0 [pid 5925] sendfile(4, 5, NULL, 145139829833722 [pid 5924] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5924] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5924] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5924] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5924] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5926], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5926 ./strace-static-x86_64: Process 5926 attached [pid 5924] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5924] <... futex resumed>) = 0 [pid 5924] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 162.061848][ T27] audit: type=1804 audit(1671454742.809:282): pid=5925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/280/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5926] sendfile(4, 5, NULL, 145139829833722 [pid 5924] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5924] exit_group(0) = ? [pid 5926] <... sendfile resumed>) = ? [pid 5926] +++ exited with 0 +++ [pid 5925] <... sendfile resumed>) = ? [pid 5925] +++ exited with 0 +++ [pid 5924] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5924, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./280/binderfs") = 0 umount2("./280/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./280/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./280/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5927 ./strace-static-x86_64: Process 5927 attached [pid 5927] set_robust_list(0x5555556365e0, 24) = 0 [pid 5927] chdir("./281") = 0 [pid 5927] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5927] setpgid(0, 0) = 0 [pid 5927] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5927] write(3, "1000", 4) = 4 [pid 5927] close(3) = 0 [pid 5927] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5927] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5927] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5928 attached , parent_tid=[5928], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5928 [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] set_robust_list(0x7f54a22979e0, 24 [pid 5927] <... futex resumed>) = 0 [pid 5928] <... set_robust_list resumed>) = 0 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5928] memfd_create("syzkaller", 0) = 3 [pid 5928] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5928] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5928] munmap(0x7f5499e77000, 2097152) = 0 [pid 5928] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5928] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5928] close(3) = 0 [pid 5928] mkdir("./bus", 0777) = 0 [pid 5928] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5928] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5928] chdir("./bus") = 0 [pid 5928] ioctl(4, LOOP_CLR_FD) = 0 [pid 5928] close(4) = 0 [pid 5928] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... futex resumed>) = 1 [pid 5928] creat("./bus", 000) = 4 [pid 5928] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5928] <... futex resumed>) = 1 [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5927] <... futex resumed>) = 0 [pid 5928] <... fcntl resumed>) = 0 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] ftruncate(4, 2048 [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... ftruncate resumed>) = 0 [pid 5928] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] <... futex resumed>) = 0 [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... futex resumed>) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5928] lseek(4, 0, SEEK_END [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... lseek resumed>) = 2048 [pid 5928] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [ 162.399001][ T5928] loop0: detected capacity change from 0 to 4096 [ 162.409688][ T5928] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5928] open("./bus", O_RDONLY [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5928] <... open resumed>) = 5 [pid 5927] <... futex resumed>) = 0 [pid 5928] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5928] <... futex resumed>) = 0 [pid 5927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] sendfile(4, 5, NULL, 145139829833722 [pid 5927] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5927] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5927] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5927] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5927] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5929], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5929 [pid 5927] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5927] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5929 attached [pid 5929] set_robust_list(0x7f549a0769e0, 24) = 0 [ 162.459067][ T27] audit: type=1804 audit(1671454743.199:283): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/281/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5929] sendfile(4, 5, NULL, 145139829833722 [pid 5927] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5927] exit_group(0) = ? [pid 5929] <... sendfile resumed>) = ? [pid 5929] +++ exited with 0 +++ [pid 5928] <... sendfile resumed>) = ? [pid 5928] +++ exited with 0 +++ [pid 5927] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5927, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./281/binderfs") = 0 umount2("./281/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./281/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./281/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5930 ./strace-static-x86_64: Process 5930 attached [pid 5930] set_robust_list(0x5555556365e0, 24) = 0 [pid 5930] chdir("./282") = 0 [pid 5930] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5930] setpgid(0, 0) = 0 [pid 5930] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5930] write(3, "1000", 4) = 4 [pid 5930] close(3) = 0 [pid 5930] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5930] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5930] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5931 attached , parent_tid=[5931], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5931 [pid 5931] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5931] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5931] <... futex resumed>) = 0 [pid 5931] memfd_create("syzkaller", 0) = 3 [pid 5931] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5931] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5931] munmap(0x7f5499e77000, 2097152) = 0 [pid 5931] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5931] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5931] close(3) = 0 [pid 5931] mkdir("./bus", 0777) = 0 [pid 5931] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5931] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5931] chdir("./bus") = 0 [pid 5931] ioctl(4, LOOP_CLR_FD) = 0 [pid 5931] close(4) = 0 [pid 5931] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... futex resumed>) = 1 [pid 5931] creat("./bus", 000) = 4 [pid 5931] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... futex resumed>) = 1 [pid 5931] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5931] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... futex resumed>) = 1 [pid 5931] ftruncate(4, 2048) = 0 [pid 5931] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5930] <... futex resumed>) = 0 [pid 5931] lseek(4, 0, SEEK_END [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... lseek resumed>) = 2048 [pid 5931] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] <... futex resumed>) = 0 [pid 5931] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5930] <... futex resumed>) = 0 [pid 5931] open("./bus", O_RDONLY [ 162.787063][ T5931] loop0: detected capacity change from 0 to 4096 [ 162.796421][ T5931] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... open resumed>) = 5 [pid 5931] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5930] <... futex resumed>) = 0 [pid 5930] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5930] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5931] <... futex resumed>) = 0 [pid 5931] sendfile(4, 5, NULL, 145139829833722 [pid 5930] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5930] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 162.839548][ T27] audit: type=1804 audit(1671454743.579:284): pid=5931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/282/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5930] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5930] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5932 attached , parent_tid=[5932], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5932 [pid 5930] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5930] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5932] sendfile(4, 5, NULL, 145139829833722 [pid 5930] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5930] exit_group(0) = ? [pid 5932] <... sendfile resumed>) = ? [pid 5932] +++ exited with 0 +++ [pid 5931] <... sendfile resumed>) = ? [pid 5931] +++ exited with 0 +++ [pid 5930] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5930, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./282/binderfs") = 0 umount2("./282/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./282/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./282/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5933 ./strace-static-x86_64: Process 5933 attached [pid 5933] set_robust_list(0x5555556365e0, 24) = 0 [pid 5933] chdir("./283") = 0 [pid 5933] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5933] setpgid(0, 0) = 0 [pid 5933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5933] write(3, "1000", 4) = 4 [pid 5933] close(3) = 0 [pid 5933] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5933] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5933] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5934 attached , parent_tid=[5934], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5934 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] set_robust_list(0x7f54a22979e0, 24 [pid 5933] <... futex resumed>) = 0 [pid 5934] <... set_robust_list resumed>) = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5934] memfd_create("syzkaller", 0) = 3 [pid 5934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5934] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5934] munmap(0x7f5499e77000, 2097152) = 0 [pid 5934] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5934] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5934] close(3) = 0 [pid 5934] mkdir("./bus", 0777) = 0 [pid 5934] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5934] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5934] chdir("./bus") = 0 [pid 5934] ioctl(4, LOOP_CLR_FD) = 0 [pid 5934] close(4) = 0 [pid 5934] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... futex resumed>) = 0 [pid 5934] creat("./bus", 000) = 4 [pid 5934] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5934] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] ftruncate(4, 2048) = 0 [pid 5934] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] lseek(4, 0, SEEK_END) = 2048 [pid 5934] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] open("./bus", O_RDONLY [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... open resumed>) = 5 [ 163.171922][ T5934] loop0: detected capacity change from 0 to 4096 [ 163.181421][ T5934] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5934] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5933] <... futex resumed>) = 0 [pid 5933] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5934] <... futex resumed>) = 1 [pid 5934] sendfile(4, 5, NULL, 145139829833722 [pid 5933] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5933] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5933] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5933] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5935], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5935 [pid 5933] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5933] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5935 attached [pid 5935] set_robust_list(0x7f549a0769e0, 24) = 0 [ 163.230240][ T27] audit: type=1804 audit(1671454743.969:285): pid=5934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/283/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5935] sendfile(4, 5, NULL, 145139829833722 [pid 5933] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5933] exit_group(0) = ? [pid 5934] <... sendfile resumed>) = ? [pid 5934] +++ exited with 0 +++ [pid 5935] <... sendfile resumed>) = ? [pid 5935] +++ exited with 0 +++ [pid 5933] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5933, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./283/binderfs") = 0 umount2("./283/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./283/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./283/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5936 ./strace-static-x86_64: Process 5936 attached [pid 5936] set_robust_list(0x5555556365e0, 24) = 0 [pid 5936] chdir("./284") = 0 [pid 5936] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5936] setpgid(0, 0) = 0 [pid 5936] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5936] write(3, "1000", 4) = 4 [pid 5936] close(3) = 0 [pid 5936] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5936] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5936] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5937], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5937 ./strace-static-x86_64: Process 5937 attached [pid 5937] set_robust_list(0x7f54a22979e0, 24 [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5937] <... set_robust_list resumed>) = 0 [pid 5937] memfd_create("syzkaller", 0) = 3 [pid 5937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5937] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5937] munmap(0x7f5499e77000, 2097152) = 0 [pid 5937] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5937] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5937] close(3) = 0 [pid 5937] mkdir("./bus", 0777) = 0 [pid 5937] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5937] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5937] chdir("./bus") = 0 [pid 5937] ioctl(4, LOOP_CLR_FD) = 0 [pid 5937] close(4) = 0 [pid 5937] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5937] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 0 [pid 5937] creat("./bus", 000) = 4 [pid 5937] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5937] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 0 [pid 5937] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5937] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 1 [pid 5937] ftruncate(4, 2048) = 0 [pid 5937] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] lseek(4, 0, SEEK_END) = 2048 [pid 5937] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5937] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5936] <... futex resumed>) = 1 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 0 [ 163.554631][ T5937] loop0: detected capacity change from 0 to 4096 [ 163.564297][ T5937] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5937] open("./bus", O_RDONLY) = 5 [pid 5937] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] <... futex resumed>) = 0 [pid 5936] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5937] <... futex resumed>) = 1 [pid 5937] sendfile(4, 5, NULL, 145139829833722 [pid 5936] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5936] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5936] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5936] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5936] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5938], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5938 [pid 5936] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5936] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5938 attached [pid 5938] set_robust_list(0x7f549a0769e0, 24) = 0 [ 163.613282][ T27] audit: type=1804 audit(1671454744.359:286): pid=5937 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/284/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5938] sendfile(4, 5, NULL, 145139829833722 [pid 5936] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5936] exit_group(0) = ? [pid 5937] <... sendfile resumed>) = ? [pid 5937] +++ exited with 0 +++ [pid 5938] <... sendfile resumed>) = ? [pid 5938] +++ exited with 0 +++ [pid 5936] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5936, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./284/binderfs") = 0 umount2("./284/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./284/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./284/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5939 ./strace-static-x86_64: Process 5939 attached [pid 5939] set_robust_list(0x5555556365e0, 24) = 0 [pid 5939] chdir("./285") = 0 [pid 5939] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5939] setpgid(0, 0) = 0 [pid 5939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5939] write(3, "1000", 4) = 4 [pid 5939] close(3) = 0 [pid 5939] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5939] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5939] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5940 attached , parent_tid=[5940], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5940 [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5940] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5940] memfd_create("syzkaller", 0) = 3 [pid 5940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5940] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5940] munmap(0x7f5499e77000, 2097152) = 0 [pid 5940] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5940] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5940] close(3) = 0 [pid 5940] mkdir("./bus", 0777) = 0 [pid 5940] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5940] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5940] chdir("./bus") = 0 [pid 5940] ioctl(4, LOOP_CLR_FD) = 0 [pid 5940] close(4) = 0 [pid 5940] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] creat("./bus", 000 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... creat resumed>) = 4 [pid 5940] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5940] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5940] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] ftruncate(4, 2048) = 0 [pid 5940] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] lseek(4, 0, SEEK_END [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... lseek resumed>) = 2048 [pid 5940] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] open("./bus", O_RDONLY [pid 5939] <... futex resumed>) = 0 [ 163.930584][ T5940] loop0: detected capacity change from 0 to 4096 [ 163.939879][ T5940] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... open resumed>) = 5 [pid 5940] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5939] <... futex resumed>) = 0 [pid 5939] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5940] <... futex resumed>) = 0 [pid 5940] sendfile(4, 5, NULL, 145139829833722 [pid 5939] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5939] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5939] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5939] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5939] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5941], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5941 [pid 5939] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5939] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5941 attached [pid 5941] set_robust_list(0x7f549a0769e0, 24) = 0 [ 163.989776][ T27] audit: type=1804 audit(1671454744.729:287): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/285/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5941] sendfile(4, 5, NULL, 145139829833722 [pid 5939] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5939] exit_group(0 [pid 5941] <... sendfile resumed>) = ? [pid 5939] <... exit_group resumed>) = ? [pid 5941] +++ exited with 0 +++ [pid 5940] <... sendfile resumed>) = ? [pid 5940] +++ exited with 0 +++ [pid 5939] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5939, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./285/binderfs") = 0 umount2("./285/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./285/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./285/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5942 ./strace-static-x86_64: Process 5942 attached [pid 5942] set_robust_list(0x5555556365e0, 24) = 0 [pid 5942] chdir("./286") = 0 [pid 5942] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5942] setpgid(0, 0) = 0 [pid 5942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5942] write(3, "1000", 4) = 4 [pid 5942] close(3) = 0 [pid 5942] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5942] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5943 attached , parent_tid=[5943], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5943 [pid 5943] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5943] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5943] memfd_create("syzkaller", 0) = 3 [pid 5943] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5943] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5943] munmap(0x7f5499e77000, 2097152) = 0 [pid 5943] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5943] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5943] close(3) = 0 [pid 5943] mkdir("./bus", 0777) = 0 [pid 5943] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5943] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5943] chdir("./bus") = 0 [pid 5943] ioctl(4, LOOP_CLR_FD) = 0 [pid 5943] close(4) = 0 [pid 5943] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] creat("./bus", 000) = 4 [pid 5943] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 1 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5943] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] ftruncate(4, 2048) = 0 [pid 5943] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] lseek(4, 0, SEEK_END) = 2048 [pid 5943] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [pid 5943] open("./bus", O_RDONLY) = 5 [pid 5943] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = 0 [pid 5942] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5943] <... futex resumed>) = 1 [ 164.317227][ T5943] loop0: detected capacity change from 0 to 4096 [ 164.327553][ T5943] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5943] sendfile(4, 5, NULL, 145139829833722 [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5942] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5942] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5942] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5944 attached , parent_tid=[5944], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5944 [pid 5942] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5942] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5944] sendfile(4, 5, NULL, 145139829833722 [pid 5942] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5942] exit_group(0 [pid 5944] <... sendfile resumed>) = ? [pid 5942] <... exit_group resumed>) = ? [pid 5944] +++ exited with 0 +++ [pid 5943] <... sendfile resumed>) = ? [pid 5943] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5942, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./286/binderfs") = 0 umount2("./286/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./286/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./286/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5945 ./strace-static-x86_64: Process 5945 attached [pid 5945] set_robust_list(0x5555556365e0, 24) = 0 [pid 5945] chdir("./287") = 0 [pid 5945] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5945] setpgid(0, 0) = 0 [pid 5945] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5945] write(3, "1000", 4) = 4 [pid 5945] close(3) = 0 [pid 5945] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5945] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5946], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5946 ./strace-static-x86_64: Process 5946 attached [pid 5946] set_robust_list(0x7f54a22979e0, 24 [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5946] <... set_robust_list resumed>) = 0 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5946] memfd_create("syzkaller", 0) = 3 [pid 5946] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5946] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5946] munmap(0x7f5499e77000, 2097152) = 0 [pid 5946] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5946] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5946] close(3) = 0 [pid 5946] mkdir("./bus", 0777) = 0 [pid 5946] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5946] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5946] chdir("./bus") = 0 [pid 5946] ioctl(4, LOOP_CLR_FD) = 0 [pid 5946] close(4) = 0 [pid 5946] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... futex resumed>) = 1 [pid 5946] creat("./bus", 000) = 4 [pid 5946] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5946] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] ftruncate(4, 2048) = 0 [pid 5946] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] lseek(4, 0, SEEK_END) = 2048 [pid 5946] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] open("./bus", O_RDONLY [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5946] <... open resumed>) = 5 [pid 5946] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5945] <... futex resumed>) = 0 [pid 5946] sendfile(4, 5, NULL, 145139829833722 [pid 5945] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 164.694998][ T5946] loop0: detected capacity change from 0 to 4096 [ 164.704440][ T5946] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5945] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5945] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5945] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5945] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5945] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5947 attached , parent_tid=[5947], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5947 [pid 5947] set_robust_list(0x7f549a0769e0, 24 [pid 5945] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5947] <... set_robust_list resumed>) = 0 [pid 5945] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] sendfile(4, 5, NULL, 145139829833722 [pid 5945] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5945] exit_group(0) = ? [pid 5946] <... sendfile resumed>) = ? [pid 5946] +++ exited with 0 +++ [pid 5947] <... sendfile resumed>) = ? [pid 5947] +++ exited with 0 +++ [pid 5945] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5945, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./287/binderfs") = 0 umount2("./287/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./287/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./287/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5948 ./strace-static-x86_64: Process 5948 attached [pid 5948] set_robust_list(0x5555556365e0, 24) = 0 [pid 5948] chdir("./288") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5948] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5949], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5949 [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5949 attached [pid 5949] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5949] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5949] munmap(0x7f5499e77000, 2097152) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] mkdir("./bus", 0777) = 0 [pid 5949] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5949] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./bus") = 0 [pid 5949] ioctl(4, LOOP_CLR_FD) = 0 [pid 5949] close(4) = 0 [pid 5949] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] creat("./bus", 000 [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... creat resumed>) = 4 [pid 5949] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... fcntl resumed>) = 0 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] ftruncate(4, 2048 [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... ftruncate resumed>) = 0 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 0 [pid 5949] lseek(4, 0, SEEK_END [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... lseek resumed>) = 2048 [pid 5949] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] open("./bus", O_RDONLY [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... open resumed>) = 5 [pid 5948] <... futex resumed>) = 0 [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5949] sendfile(4, 5, NULL, 145139829833722 [ 165.069587][ T5949] loop0: detected capacity change from 0 to 4096 [ 165.078984][ T5949] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5948] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5948] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5948] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5950], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5950 [pid 5948] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5950 attached [pid 5950] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5950] sendfile(4, 5, NULL, 145139829833722 [pid 5948] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5948] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5948] exit_group(0) = ? [pid 5950] <... sendfile resumed>) = ? [pid 5950] +++ exited with 0 +++ [pid 5949] <... sendfile resumed>) = ? [pid 5949] +++ exited with 0 +++ [pid 5948] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5948, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./288/binderfs") = 0 umount2("./288/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./288/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./288/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5951 ./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x5555556365e0, 24) = 0 [pid 5951] chdir("./289") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5951] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5952], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5952 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5952 attached ) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5952] memfd_create("syzkaller", 0) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5952] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5952] munmap(0x7f5499e77000, 2097152) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5952] close(3) = 0 [pid 5952] mkdir("./bus", 0777) = 0 [pid 5952] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5952] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("./bus") = 0 [pid 5952] ioctl(4, LOOP_CLR_FD) = 0 [pid 5952] close(4) = 0 [pid 5952] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] creat("./bus", 000) = 4 [pid 5952] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5952] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] ftruncate(4, 2048) = 0 [pid 5952] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] lseek(4, 0, SEEK_END) = 2048 [pid 5952] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [pid 5952] open("./bus", O_RDONLY) = 5 [pid 5952] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... futex resumed>) = 1 [ 165.430109][ T5952] loop0: detected capacity change from 0 to 4096 [ 165.439007][ T5952] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5952] sendfile(4, 5, NULL, 145139829833722 [pid 5951] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5951] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5951] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5953 attached [pid 5953] set_robust_list(0x7f549a0769e0, 24 [pid 5951] <... clone resumed>, parent_tid=[5953], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5953 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5951] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5953] sendfile(4, 5, NULL, 145139829833722 [pid 5951] <... futex resumed>) = 0 [pid 5951] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5951] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5951] exit_group(0) = ? [pid 5953] <... sendfile resumed>) = ? [pid 5953] +++ exited with 0 +++ [pid 5952] <... sendfile resumed>) = ? [pid 5952] +++ exited with 0 +++ [pid 5951] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5951, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./289/binderfs") = 0 umount2("./289/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./289/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./289/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5954 ./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x5555556365e0, 24) = 0 [pid 5954] chdir("./290") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5954] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5955 attached , parent_tid=[5955], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5955 [pid 5955] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5955] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] <... futex resumed>) = 0 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5955] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5955] munmap(0x7f5499e77000, 2097152) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] mkdir("./bus", 0777) = 0 [pid 5955] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5955] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./bus") = 0 [pid 5955] ioctl(4, LOOP_CLR_FD) = 0 [pid 5955] close(4) = 0 [pid 5955] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] <... futex resumed>) = 0 [pid 5955] creat("./bus", 000 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... creat resumed>) = 4 [pid 5955] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5954] <... futex resumed>) = 0 [pid 5955] <... fcntl resumed>) = 0 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] ftruncate(4, 2048 [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... ftruncate resumed>) = 0 [pid 5955] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] lseek(4, 0, SEEK_END [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... lseek resumed>) = 2048 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5955] open("./bus", O_RDONLY [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 165.788225][ T5955] loop0: detected capacity change from 0 to 4096 [ 165.797732][ T5955] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... open resumed>) = 5 [pid 5955] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] sendfile(4, 5, NULL, 145139829833722 [pid 5954] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5954] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5954] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5956 attached [pid 5956] set_robust_list(0x7f549a0769e0, 24 [pid 5954] <... clone resumed>, parent_tid=[5956], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5956 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5954] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5956] sendfile(4, 5, NULL, 145139829833722 [pid 5954] <... futex resumed>) = 0 [ 165.847696][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 165.847708][ T27] audit: type=1804 audit(1671454746.589:292): pid=5955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/290/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5954] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5954] exit_group(0) = ? [pid 5955] <... sendfile resumed>) = ? [pid 5955] +++ exited with 0 +++ [pid 5956] <... sendfile resumed>) = ? [pid 5956] +++ exited with 0 +++ [pid 5954] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5954, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./290/binderfs") = 0 umount2("./290/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./290/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./290/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5957 ./strace-static-x86_64: Process 5957 attached [pid 5957] set_robust_list(0x5555556365e0, 24) = 0 [pid 5957] chdir("./291") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5957] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5958], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5958 [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5958 attached [pid 5958] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5958] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5958] munmap(0x7f5499e77000, 2097152) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] mkdir("./bus", 0777) = 0 [pid 5958] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5958] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] chdir("./bus") = 0 [pid 5958] ioctl(4, LOOP_CLR_FD) = 0 [pid 5958] close(4) = 0 [pid 5958] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5958] creat("./bus", 000 [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... creat resumed>) = 4 [pid 5958] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5958] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] ftruncate(4, 2048 [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... ftruncate resumed>) = 0 [pid 5958] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] <... futex resumed>) = 0 [pid 5958] lseek(4, 0, SEEK_END [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] <... lseek resumed>) = 2048 [pid 5958] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5957] <... futex resumed>) = 0 [pid 5958] open("./bus", O_RDONLY [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] <... open resumed>) = 5 [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5958] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 166.165885][ T5958] loop0: detected capacity change from 0 to 4096 [ 166.175301][ T5958] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5958] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5958] sendfile(4, 5, NULL, 145139829833722 [pid 5957] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5957] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5957] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5959 attached , parent_tid=[5959], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5959 [pid 5957] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] set_robust_list(0x7f549a0769e0, 24 [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5959] <... set_robust_list resumed>) = 0 [ 166.223763][ T27] audit: type=1804 audit(1671454746.969:293): pid=5958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/291/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5959] sendfile(4, 5, NULL, 145139829833722 [pid 5957] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5957] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5957] exit_group(0 [pid 5958] <... sendfile resumed>) = ? [pid 5957] <... exit_group resumed>) = ? [pid 5959] <... sendfile resumed>) = ? [pid 5958] +++ exited with 0 +++ [pid 5959] +++ exited with 0 +++ [pid 5957] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5957, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./291/binderfs") = 0 umount2("./291/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./291/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./291/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5960 ./strace-static-x86_64: Process 5960 attached [pid 5960] set_robust_list(0x5555556365e0, 24) = 0 [pid 5960] chdir("./292") = 0 [pid 5960] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5960] setpgid(0, 0) = 0 [pid 5960] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5960] write(3, "1000", 4) = 4 [pid 5960] close(3) = 0 [pid 5960] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5960] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5960] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5961 attached [pid 5961] set_robust_list(0x7f54a22979e0, 24 [pid 5960] <... clone resumed>, parent_tid=[5961], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5961 [pid 5961] <... set_robust_list resumed>) = 0 [pid 5961] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5961] memfd_create("syzkaller", 0) = 3 [pid 5961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5961] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5961] munmap(0x7f5499e77000, 2097152) = 0 [pid 5961] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5961] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5961] close(3) = 0 [pid 5961] mkdir("./bus", 0777) = 0 [pid 5961] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5961] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5961] chdir("./bus") = 0 [pid 5961] ioctl(4, LOOP_CLR_FD) = 0 [pid 5961] close(4) = 0 [pid 5961] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] creat("./bus", 000) = 4 [pid 5961] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5961] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... fcntl resumed>) = 0 [pid 5961] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... futex resumed>) = 1 [pid 5961] ftruncate(4, 2048) = 0 [pid 5961] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] lseek(4, 0, SEEK_END) = 2048 [pid 5961] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [ 166.547652][ T5961] loop0: detected capacity change from 0 to 4096 [ 166.556848][ T5961] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] open("./bus", O_RDONLY [pid 5960] <... futex resumed>) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... open resumed>) = 5 [pid 5961] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5961] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5961] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 166.601763][ T27] audit: type=1804 audit(1671454747.349:294): pid=5961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/292/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5961] sendfile(4, 5, NULL, 145139829833722 [pid 5960] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5960] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5960] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5960] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5960] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5962 attached , parent_tid=[5962], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5962 [pid 5962] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5962] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5960] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5962] <... futex resumed>) = 0 [pid 5962] sendfile(4, 5, NULL, 145139829833722 [pid 5960] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5960] exit_group(0) = ? [pid 5961] <... sendfile resumed>) = ? [pid 5961] +++ exited with 0 +++ [pid 5962] <... sendfile resumed>) = ? [pid 5962] +++ exited with 0 +++ [pid 5960] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5960, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./292/binderfs") = 0 umount2("./292/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./292/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./292/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5963 ./strace-static-x86_64: Process 5963 attached [pid 5963] set_robust_list(0x5555556365e0, 24) = 0 [pid 5963] chdir("./293") = 0 [pid 5963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5963] setpgid(0, 0) = 0 [pid 5963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5963] write(3, "1000", 4) = 4 [pid 5963] close(3) = 0 [pid 5963] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5963] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5963] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5964], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5964 [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5964 attached [pid 5964] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5964] memfd_create("syzkaller", 0) = 3 [pid 5964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5964] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5964] munmap(0x7f5499e77000, 2097152) = 0 [pid 5964] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5964] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5964] close(3) = 0 [pid 5964] mkdir("./bus", 0777) = 0 [pid 5964] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5964] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5964] chdir("./bus") = 0 [pid 5964] ioctl(4, LOOP_CLR_FD) = 0 [pid 5964] close(4) = 0 [pid 5964] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... futex resumed>) = 0 [pid 5964] creat("./bus", 000) = 4 [pid 5964] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... fcntl resumed>) = 0 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] ftruncate(4, 2048 [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... ftruncate resumed>) = 0 [pid 5964] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5963] <... futex resumed>) = 0 [pid 5964] lseek(4, 0, SEEK_END [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... lseek resumed>) = 2048 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 166.948451][ T5964] loop0: detected capacity change from 0 to 4096 [ 166.958035][ T5964] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5964] open("./bus", O_RDONLY [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... open resumed>) = 5 [pid 5963] <... futex resumed>) = 0 [pid 5964] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5964] <... futex resumed>) = 0 [pid 5963] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5964] sendfile(4, 5, NULL, 145139829833722 [pid 5963] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5963] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5963] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5963] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5965 attached [pid 5965] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5965] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5963] <... clone resumed>, parent_tid=[5965], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5965 [pid 5963] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5965] <... futex resumed>) = 0 [pid 5965] sendfile(4, 5, NULL, 145139829833722 [ 167.008761][ T27] audit: type=1804 audit(1671454747.749:295): pid=5964 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/293/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5963] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5963] exit_group(0) = ? [pid 5965] <... sendfile resumed>) = ? [pid 5965] +++ exited with 0 +++ [pid 5964] <... sendfile resumed>) = ? [pid 5964] +++ exited with 0 +++ [pid 5963] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5963, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./293/binderfs") = 0 umount2("./293/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./293/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./293/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5966 ./strace-static-x86_64: Process 5966 attached [pid 5966] set_robust_list(0x5555556365e0, 24) = 0 [pid 5966] chdir("./294") = 0 [pid 5966] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5966] setpgid(0, 0) = 0 [pid 5966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5966] write(3, "1000", 4) = 4 [pid 5966] close(3) = 0 [pid 5966] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5966] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5967 attached [pid 5967] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5967] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... clone resumed>, parent_tid=[5967], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5967 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5967] memfd_create("syzkaller", 0) = 3 [pid 5967] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5967] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5967] munmap(0x7f5499e77000, 2097152) = 0 [pid 5967] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5967] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5967] close(3) = 0 [pid 5967] mkdir("./bus", 0777) = 0 [pid 5967] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5967] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5967] chdir("./bus") = 0 [pid 5967] ioctl(4, LOOP_CLR_FD) = 0 [pid 5967] close(4) = 0 [pid 5967] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 1 [pid 5967] creat("./bus", 000) = 4 [pid 5967] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 1 [pid 5967] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5967] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 1 [pid 5967] ftruncate(4, 2048) = 0 [pid 5967] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 1 [pid 5967] lseek(4, 0, SEEK_END) = 2048 [pid 5967] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 1 [ 167.336081][ T5967] loop0: detected capacity change from 0 to 4096 [ 167.345510][ T5967] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5967] open("./bus", O_RDONLY) = 5 [pid 5967] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5966] <... futex resumed>) = 0 [pid 5966] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5966] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5967] <... futex resumed>) = 0 [ 167.375772][ T27] audit: type=1804 audit(1671454748.119:296): pid=5967 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/294/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5967] sendfile(4, 5, NULL, 145139829833722 [pid 5966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5966] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5966] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5968], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5968 [pid 5966] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5966] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5968 attached [pid 5968] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5968] sendfile(4, 5, NULL, 145139829833722 [pid 5966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5966] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5966] exit_group(0 [pid 5967] <... sendfile resumed>) = ? [pid 5966] <... exit_group resumed>) = ? [pid 5967] +++ exited with 0 +++ [pid 5968] <... sendfile resumed>) = ? [pid 5968] +++ exited with 0 +++ [pid 5966] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5966, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./294/binderfs") = 0 umount2("./294/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./294/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./294/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5969 ./strace-static-x86_64: Process 5969 attached [pid 5969] set_robust_list(0x5555556365e0, 24) = 0 [pid 5969] chdir("./295") = 0 [pid 5969] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5969] setpgid(0, 0) = 0 [pid 5969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5969] write(3, "1000", 4) = 4 [pid 5969] close(3) = 0 [pid 5969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5969] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5969] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5970 attached , parent_tid=[5970], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5970 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5970] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5970] memfd_create("syzkaller", 0) = 3 [pid 5970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5970] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5970] munmap(0x7f5499e77000, 2097152) = 0 [pid 5970] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5970] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5970] close(3) = 0 [pid 5970] mkdir("./bus", 0777) = 0 [pid 5970] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5970] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5970] chdir("./bus") = 0 [pid 5970] ioctl(4, LOOP_CLR_FD) = 0 [pid 5970] close(4) = 0 [pid 5970] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... futex resumed>) = 1 [pid 5970] creat("./bus", 000) = 4 [pid 5970] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... futex resumed>) = 1 [pid 5970] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5970] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... futex resumed>) = 1 [pid 5970] ftruncate(4, 2048) = 0 [pid 5970] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] lseek(4, 0, SEEK_END) = 2048 [pid 5970] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... futex resumed>) = 1 [ 167.727256][ T5970] loop0: detected capacity change from 0 to 4096 [ 167.736648][ T5970] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5970] open("./bus", O_RDONLY) = 5 [pid 5970] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] <... futex resumed>) = 0 [pid 5969] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5969] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5970] <... futex resumed>) = 0 [pid 5970] sendfile(4, 5, NULL, 145139829833722 [pid 5969] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5969] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5969] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5969] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5971 attached , parent_tid=[5971], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5971 [pid 5971] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5971] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5969] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5971] <... futex resumed>) = 0 [pid 5971] sendfile(4, 5, NULL, 145139829833722 [ 167.785286][ T27] audit: type=1804 audit(1671454748.529:297): pid=5970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/295/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5969] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5969] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5969] exit_group(0) = ? [pid 5971] <... sendfile resumed>) = ? [pid 5971] +++ exited with 0 +++ [pid 5970] <... sendfile resumed>) = ? [pid 5970] +++ exited with 0 +++ [pid 5969] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5969, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./295/binderfs") = 0 umount2("./295/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./295/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./295/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5972 ./strace-static-x86_64: Process 5972 attached [pid 5972] set_robust_list(0x5555556365e0, 24) = 0 [pid 5972] chdir("./296") = 0 [pid 5972] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5972] setpgid(0, 0) = 0 [pid 5972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5972] write(3, "1000", 4) = 4 [pid 5972] close(3) = 0 [pid 5972] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5972] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5972] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5973], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5973 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5973 attached [pid 5973] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5973] memfd_create("syzkaller", 0) = 3 [pid 5973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5973] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5973] munmap(0x7f5499e77000, 2097152) = 0 [pid 5973] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5973] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5973] close(3) = 0 [pid 5973] mkdir("./bus", 0777) = 0 [pid 5973] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5973] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5973] chdir("./bus") = 0 [pid 5973] ioctl(4, LOOP_CLR_FD) = 0 [pid 5973] close(4) = 0 [pid 5973] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 1 [pid 5973] creat("./bus", 000) = 4 [pid 5973] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 1 [pid 5973] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5973] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 1 [pid 5973] ftruncate(4, 2048) = 0 [pid 5973] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 1 [pid 5973] lseek(4, 0, SEEK_END) = 2048 [pid 5973] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 168.108419][ T5973] loop0: detected capacity change from 0 to 4096 [ 168.117688][ T5973] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 1 [pid 5973] open("./bus", O_RDONLY) = 5 [pid 5973] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5972] <... futex resumed>) = 0 [pid 5972] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5973] <... futex resumed>) = 1 [pid 5973] sendfile(4, 5, NULL, 145139829833722 [pid 5972] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5972] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5972] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5972] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5974], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5974 [pid 5972] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5972] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5974 attached [pid 5974] set_robust_list(0x7f549a0769e0, 24) = 0 [ 168.157221][ T27] audit: type=1804 audit(1671454748.899:298): pid=5973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/296/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5974] sendfile(4, 5, NULL, 145139829833722 [pid 5972] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5972] exit_group(0) = ? [pid 5974] <... sendfile resumed>) = ? [pid 5974] +++ exited with 0 +++ [pid 5973] <... sendfile resumed>) = ? [pid 5973] +++ exited with 0 +++ [pid 5972] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5972, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./296/binderfs") = 0 umount2("./296/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./296/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./296/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5975 ./strace-static-x86_64: Process 5975 attached [pid 5975] set_robust_list(0x5555556365e0, 24) = 0 [pid 5975] chdir("./297") = 0 [pid 5975] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5975] setpgid(0, 0) = 0 [pid 5975] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5975] write(3, "1000", 4) = 4 [pid 5975] close(3) = 0 [pid 5975] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5975] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5975] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5976], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5976 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5976 attached [pid 5976] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5976] memfd_create("syzkaller", 0) = 3 [pid 5976] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5976] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5976] munmap(0x7f5499e77000, 2097152) = 0 [pid 5976] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5976] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5976] close(3) = 0 [pid 5976] mkdir("./bus", 0777) = 0 [pid 5976] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5976] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5976] chdir("./bus") = 0 [pid 5976] ioctl(4, LOOP_CLR_FD) = 0 [pid 5976] close(4) = 0 [pid 5976] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5975] <... futex resumed>) = 0 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] creat("./bus", 000) = 4 [pid 5976] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... futex resumed>) = 1 [pid 5976] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5976] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5975] <... futex resumed>) = 0 [pid 5976] ftruncate(4, 2048 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... ftruncate resumed>) = 0 [pid 5976] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... futex resumed>) = 1 [pid 5976] lseek(4, 0, SEEK_END) = 2048 [pid 5976] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... futex resumed>) = 1 [ 168.477213][ T5976] loop0: detected capacity change from 0 to 4096 [ 168.486389][ T5976] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5976] open("./bus", O_RDONLY) = 5 [pid 5976] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = 0 [pid 5975] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5976] <... futex resumed>) = 1 [pid 5976] sendfile(4, 5, NULL, 145139829833722 [pid 5975] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5975] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5975] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5975] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5977], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5977 [pid 5975] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5977 attached [pid 5977] set_robust_list(0x7f549a0769e0, 24) = 0 [ 168.533173][ T27] audit: type=1804 audit(1671454749.279:299): pid=5976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/297/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5977] sendfile(4, 5, NULL, 145139829833722 [pid 5975] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5975] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5975] exit_group(0) = ? [pid 5977] <... sendfile resumed>) = ? [pid 5977] +++ exited with 0 +++ [pid 5976] <... sendfile resumed>) = ? [pid 5976] +++ exited with 0 +++ [pid 5975] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5975, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./297/binderfs") = 0 umount2("./297/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./297/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./297/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5978 ./strace-static-x86_64: Process 5978 attached [pid 5978] set_robust_list(0x5555556365e0, 24) = 0 [pid 5978] chdir("./298") = 0 [pid 5978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5978] setpgid(0, 0) = 0 [pid 5978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5978] write(3, "1000", 4) = 4 [pid 5978] close(3) = 0 [pid 5978] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5978] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5979], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5979 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5979 attached [pid 5979] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5979] memfd_create("syzkaller", 0) = 3 [pid 5979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5979] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5979] munmap(0x7f5499e77000, 2097152) = 0 [pid 5979] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5979] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5979] close(3) = 0 [pid 5979] mkdir("./bus", 0777) = 0 [pid 5979] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5979] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5979] chdir("./bus") = 0 [pid 5979] ioctl(4, LOOP_CLR_FD) = 0 [pid 5979] close(4) = 0 [pid 5979] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 1 [pid 5979] creat("./bus", 000) = 4 [pid 5979] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 1 [pid 5979] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5979] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 1 [pid 5979] ftruncate(4, 2048) = 0 [pid 5979] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 1 [pid 5979] lseek(4, 0, SEEK_END) = 2048 [pid 5979] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 1 [pid 5979] open("./bus", O_RDONLY) = 5 [ 168.854563][ T5979] loop0: detected capacity change from 0 to 4096 [ 168.863989][ T5979] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5979] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5979] <... futex resumed>) = 1 [pid 5979] sendfile(4, 5, NULL, 145139829833722 [pid 5978] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5978] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5978] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5978] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5978] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5980], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5980 ./strace-static-x86_64: Process 5980 attached [pid 5978] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] set_robust_list(0x7f549a0769e0, 24 [pid 5978] <... futex resumed>) = 0 [pid 5980] <... set_robust_list resumed>) = 0 [pid 5978] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 168.909805][ T27] audit: type=1804 audit(1671454749.649:300): pid=5979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/298/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5980] sendfile(4, 5, NULL, 145139829833722 [pid 5978] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5978] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5978] exit_group(0) = ? [pid 5980] <... sendfile resumed>) = ? [pid 5979] <... sendfile resumed>) = ? [pid 5979] +++ exited with 0 +++ [pid 5980] +++ exited with 0 +++ [pid 5978] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5978, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./298/binderfs") = 0 umount2("./298/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./298/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./298/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5981 ./strace-static-x86_64: Process 5981 attached [pid 5981] set_robust_list(0x5555556365e0, 24) = 0 [pid 5981] chdir("./299") = 0 [pid 5981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5981] setpgid(0, 0) = 0 [pid 5981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5981] write(3, "1000", 4) = 4 [pid 5981] close(3) = 0 [pid 5981] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5981] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5982], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5982 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5982 attached [pid 5982] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5982] memfd_create("syzkaller", 0) = 3 [pid 5982] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5982] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5982] munmap(0x7f5499e77000, 2097152) = 0 [pid 5982] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5982] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5982] close(3) = 0 [pid 5982] mkdir("./bus", 0777) = 0 [pid 5982] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5982] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5982] chdir("./bus") = 0 [pid 5982] ioctl(4, LOOP_CLR_FD) = 0 [pid 5982] close(4) = 0 [pid 5982] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] creat("./bus", 000) = 4 [pid 5982] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5982] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] ftruncate(4, 2048) = 0 [pid 5982] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] lseek(4, 0, SEEK_END) = 2048 [pid 5982] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 1 [pid 5982] open("./bus", O_RDONLY) = 5 [ 169.234104][ T5982] loop0: detected capacity change from 0 to 4096 [ 169.243588][ T5982] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5982] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5982] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5981] <... futex resumed>) = 0 [pid 5981] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5981] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] <... futex resumed>) = 0 [pid 5982] sendfile(4, 5, NULL, 145139829833722 [pid 5981] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5981] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5981] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5983 attached , parent_tid=[5983], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5983 [pid 5981] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5983] set_robust_list(0x7f549a0769e0, 24) = 0 [ 169.291370][ T27] audit: type=1804 audit(1671454750.039:301): pid=5982 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/299/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5983] sendfile(4, 5, NULL, 145139829833722 [pid 5981] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5981] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5981] exit_group(0) = ? [pid 5982] <... sendfile resumed>) = ? [pid 5982] +++ exited with 0 +++ [pid 5983] <... sendfile resumed>) = ? [pid 5983] +++ exited with 0 +++ [pid 5981] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5981, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./299/binderfs") = 0 umount2("./299/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./299/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./299/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5984 ./strace-static-x86_64: Process 5984 attached [pid 5984] set_robust_list(0x5555556365e0, 24) = 0 [pid 5984] chdir("./300") = 0 [pid 5984] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5984] setpgid(0, 0) = 0 [pid 5984] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5984] write(3, "1000", 4) = 4 [pid 5984] close(3) = 0 [pid 5984] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5984] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5985 attached , parent_tid=[5985], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5985 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5985] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5985] memfd_create("syzkaller", 0) = 3 [pid 5985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5985] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5985] munmap(0x7f5499e77000, 2097152) = 0 [pid 5985] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5985] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5985] close(3) = 0 [pid 5985] mkdir("./bus", 0777) = 0 [pid 5985] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5985] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5985] chdir("./bus") = 0 [pid 5985] ioctl(4, LOOP_CLR_FD) = 0 [pid 5985] close(4) = 0 [pid 5985] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5985] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 0 [pid 5985] creat("./bus", 000) = 4 [pid 5985] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 1 [pid 5985] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5985] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 1 [pid 5985] ftruncate(4, 2048) = 0 [pid 5985] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 1 [pid 5985] lseek(4, 0, SEEK_END) = 2048 [pid 5985] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 1 [pid 5985] open("./bus", O_RDONLY) = 5 [pid 5985] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = 0 [pid 5984] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5985] <... futex resumed>) = 1 [ 169.625214][ T5985] loop0: detected capacity change from 0 to 4096 [ 169.634739][ T5985] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5985] sendfile(4, 5, NULL, 145139829833722 [pid 5984] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5984] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5984] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5986 attached , parent_tid=[5986], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5986 [pid 5984] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5986] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5986] sendfile(4, 5, NULL, 145139829833722 [pid 5984] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5984] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5984] exit_group(0) = ? [pid 5986] <... sendfile resumed>) = ? [pid 5986] +++ exited with 0 +++ [pid 5985] <... sendfile resumed>) = ? [pid 5985] +++ exited with 0 +++ [pid 5984] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5984, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./300/binderfs") = 0 umount2("./300/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./300/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./300/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5987 ./strace-static-x86_64: Process 5987 attached [pid 5987] set_robust_list(0x5555556365e0, 24) = 0 [pid 5987] chdir("./301") = 0 [pid 5987] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5987] setpgid(0, 0) = 0 [pid 5987] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5987] write(3, "1000", 4) = 4 [pid 5987] close(3) = 0 [pid 5987] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5987] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5988], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5988 [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5988 attached [pid 5988] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5988] memfd_create("syzkaller", 0) = 3 [pid 5988] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5988] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5988] munmap(0x7f5499e77000, 2097152) = 0 [pid 5988] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5988] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5988] close(3) = 0 [pid 5988] mkdir("./bus", 0777) = 0 [pid 5988] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5988] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5988] chdir("./bus") = 0 [pid 5988] ioctl(4, LOOP_CLR_FD) = 0 [pid 5988] close(4) = 0 [pid 5988] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 1 [pid 5988] creat("./bus", 000) = 4 [pid 5988] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 1 [pid 5988] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5988] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 1 [pid 5988] ftruncate(4, 2048) = 0 [pid 5988] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 1 [pid 5988] lseek(4, 0, SEEK_END) = 2048 [pid 5988] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [ 169.992773][ T5988] loop0: detected capacity change from 0 to 4096 [ 170.001736][ T5988] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 1 [pid 5988] open("./bus", O_RDONLY) = 5 [pid 5988] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5987] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] <... futex resumed>) = 1 [pid 5988] sendfile(4, 5, NULL, 145139829833722 [pid 5987] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5987] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5987] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5987] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5987] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5989 attached , parent_tid=[5989], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5989 [pid 5987] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5989] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5989] sendfile(4, 5, NULL, 145139829833722 [pid 5987] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5987] exit_group(0 [pid 5988] <... sendfile resumed>) = ? [pid 5987] <... exit_group resumed>) = ? [pid 5989] <... sendfile resumed>) = ? [pid 5988] +++ exited with 0 +++ [pid 5989] +++ exited with 0 +++ [pid 5987] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5987, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./301/binderfs") = 0 umount2("./301/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./301/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./301/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5990 ./strace-static-x86_64: Process 5990 attached [pid 5990] set_robust_list(0x5555556365e0, 24) = 0 [pid 5990] chdir("./302") = 0 [pid 5990] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5990] setpgid(0, 0) = 0 [pid 5990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5990] write(3, "1000", 4) = 4 [pid 5990] close(3) = 0 [pid 5990] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5990] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5990] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5991 attached [pid 5991] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5990] <... clone resumed>, parent_tid=[5991], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5991 [pid 5991] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5991] memfd_create("syzkaller", 0) = 3 [pid 5991] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5991] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5991] munmap(0x7f5499e77000, 2097152) = 0 [pid 5991] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5991] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5991] close(3) = 0 [pid 5991] mkdir("./bus", 0777) = 0 [pid 5991] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5991] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5991] chdir("./bus") = 0 [pid 5991] ioctl(4, LOOP_CLR_FD) = 0 [pid 5991] close(4) = 0 [pid 5991] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5991] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5990] <... futex resumed>) = 0 [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... futex resumed>) = 0 [pid 5991] creat("./bus", 000) = 4 [pid 5991] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... futex resumed>) = 1 [pid 5991] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5991] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... futex resumed>) = 1 [pid 5991] ftruncate(4, 2048) = 0 [pid 5991] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... futex resumed>) = 1 [pid 5991] lseek(4, 0, SEEK_END) = 2048 [pid 5991] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... futex resumed>) = 1 [pid 5991] open("./bus", O_RDONLY) = 5 [pid 5991] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] <... futex resumed>) = 0 [pid 5990] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5991] <... futex resumed>) = 1 [ 170.383276][ T5991] loop0: detected capacity change from 0 to 4096 [ 170.392920][ T5991] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5991] sendfile(4, 5, NULL, 145139829833722 [pid 5990] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5990] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 5990] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5990] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5990] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5992 attached [pid 5992] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5992] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5990] <... clone resumed>, parent_tid=[5992], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5992 [pid 5990] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5992] <... futex resumed>) = 0 [pid 5992] sendfile(4, 5, NULL, 145139829833722 [pid 5990] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5990] exit_group(0) = ? [pid 5992] <... sendfile resumed>) = ? [pid 5992] +++ exited with 0 +++ [pid 5991] <... sendfile resumed>) = ? [pid 5991] +++ exited with 0 +++ [pid 5990] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5990, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./302/binderfs") = 0 umount2("./302/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./302/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./302/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5993 ./strace-static-x86_64: Process 5993 attached [pid 5993] set_robust_list(0x5555556365e0, 24) = 0 [pid 5993] chdir("./303") = 0 [pid 5993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5993] setpgid(0, 0) = 0 [pid 5993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5993] write(3, "1000", 4) = 4 [pid 5993] close(3) = 0 [pid 5993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5993] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5994], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5994 ./strace-static-x86_64: Process 5994 attached [pid 5994] set_robust_list(0x7f54a22979e0, 24 [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... set_robust_list resumed>) = 0 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5994] memfd_create("syzkaller", 0) = 3 [pid 5994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5994] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5994] munmap(0x7f5499e77000, 2097152) = 0 [pid 5994] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5994] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5994] close(3) = 0 [pid 5994] mkdir("./bus", 0777) = 0 [pid 5994] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5994] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5994] chdir("./bus") = 0 [pid 5994] ioctl(4, LOOP_CLR_FD) = 0 [pid 5994] close(4) = 0 [pid 5994] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... futex resumed>) = 1 [pid 5994] creat("./bus", 000) = 4 [pid 5994] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... futex resumed>) = 1 [pid 5994] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5994] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5993] <... futex resumed>) = 0 [pid 5994] ftruncate(4, 2048 [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... ftruncate resumed>) = 0 [pid 5994] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] lseek(4, 0, SEEK_END [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... lseek resumed>) = 2048 [pid 5993] <... futex resumed>) = 0 [pid 5994] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5994] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5994] <... futex resumed>) = 0 [pid 5994] open("./bus", O_RDONLY) = 5 [pid 5994] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5994] sendfile(4, 5, NULL, 145139829833722 [pid 5993] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 170.764496][ T5994] loop0: detected capacity change from 0 to 4096 [ 170.774193][ T5994] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5993] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5993] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5993] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5993] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5995], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5995 [pid 5993] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5995 attached ) = 0 [pid 5995] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5995] sendfile(4, 5, NULL, 145139829833722 [pid 5993] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5993] exit_group(0) = ? [pid 5994] <... sendfile resumed>) = ? [pid 5994] +++ exited with 0 +++ [pid 5995] <... sendfile resumed>) = ? [pid 5995] +++ exited with 0 +++ [pid 5993] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5993, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./303/binderfs") = 0 umount2("./303/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./303/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./303/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5996 ./strace-static-x86_64: Process 5996 attached [pid 5996] set_robust_list(0x5555556365e0, 24) = 0 [pid 5996] chdir("./304") = 0 [pid 5996] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5996] setpgid(0, 0) = 0 [pid 5996] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5996] write(3, "1000", 4) = 4 [pid 5996] close(3) = 0 [pid 5996] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5996] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[5997], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 5997 [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5997 attached [pid 5997] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 5997] memfd_create("syzkaller", 0) = 3 [pid 5997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 5997] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5997] munmap(0x7f5499e77000, 2097152) = 0 [pid 5997] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5997] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5997] close(3) = 0 [pid 5997] mkdir("./bus", 0777) = 0 [pid 5997] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 5997] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 5997] chdir("./bus") = 0 [pid 5997] ioctl(4, LOOP_CLR_FD) = 0 [pid 5997] close(4) = 0 [pid 5997] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... futex resumed>) = 0 [pid 5997] creat("./bus", 000) = 4 [pid 5997] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5996] <... futex resumed>) = 0 [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 5997] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] ftruncate(4, 2048 [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... ftruncate resumed>) = 0 [pid 5997] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5997] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] <... futex resumed>) = 0 [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5997] lseek(4, 0, SEEK_END [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... lseek resumed>) = 2048 [pid 5997] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5996] <... futex resumed>) = 0 [pid 5997] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5996] <... futex resumed>) = 0 [pid 5997] open("./bus", O_RDONLY [ 171.146558][ T5997] loop0: detected capacity change from 0 to 4096 [ 171.156214][ T5997] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... open resumed>) = 5 [pid 5997] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 0 [pid 5996] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5997] <... futex resumed>) = 1 [pid 5997] sendfile(4, 5, NULL, 145139829833722 [pid 5996] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5996] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5996] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5996] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 5998 attached [pid 5998] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 5998] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5996] <... clone resumed>, parent_tid=[5998], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 5998 [pid 5996] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5998] <... futex resumed>) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5998] sendfile(4, 5, NULL, 145139829833722 [ 171.199124][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 171.199138][ T27] audit: type=1804 audit(1671454751.939:306): pid=5997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/304/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 5996] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 5996] exit_group(0) = ? [pid 5997] <... sendfile resumed>) = ? [pid 5997] +++ exited with 0 +++ [pid 5998] <... sendfile resumed>) = ? [pid 5998] +++ exited with 0 +++ [pid 5996] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5996, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./304/binderfs") = 0 umount2("./304/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./304/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./304/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 5999 ./strace-static-x86_64: Process 5999 attached [pid 5999] set_robust_list(0x5555556365e0, 24) = 0 [pid 5999] chdir("./305") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 5999] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6000 attached , parent_tid=[6000], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6000 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6000] memfd_create("syzkaller", 0) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6000] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6000] munmap(0x7f5499e77000, 2097152) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] close(3) = 0 [pid 6000] mkdir("./bus", 0777) = 0 [pid 6000] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6000] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./bus") = 0 [pid 6000] ioctl(4, LOOP_CLR_FD) = 0 [pid 6000] close(4) = 0 [pid 6000] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] creat("./bus", 000) = 4 [pid 6000] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = 1 [pid 6000] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6000] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = 1 [pid 6000] ftruncate(4, 2048) = 0 [pid 6000] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = 1 [pid 6000] lseek(4, 0, SEEK_END) = 2048 [pid 6000] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = 1 [pid 6000] open("./bus", O_RDONLY) = 5 [ 171.537215][ T6000] loop0: detected capacity change from 0 to 4096 [ 171.547137][ T6000] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6000] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6000] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = 0 [pid 6000] sendfile(4, 5, NULL, 145139829833722 [pid 5999] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5999] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 5999] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6001 attached [pid 6001] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6001] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... clone resumed>, parent_tid=[6001], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6001 [pid 5999] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6001] <... futex resumed>) = 0 [pid 5999] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 171.577838][ T27] audit: type=1804 audit(1671454752.319:307): pid=6000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/305/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6001] sendfile(4, 5, NULL, 145139829833722 [pid 5999] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5999] exit_group(0 [pid 6000] <... sendfile resumed>) = ? [pid 5999] <... exit_group resumed>) = ? [pid 6001] <... sendfile resumed>) = ? [pid 6000] +++ exited with 0 +++ [pid 6001] +++ exited with 0 +++ [pid 5999] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5999, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./305/binderfs") = 0 umount2("./305/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./305/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./305/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6002 ./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x5555556365e0, 24) = 0 [pid 6002] chdir("./306") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6002] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6003], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6003 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6003 attached [pid 6003] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6003] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6003] munmap(0x7f5499e77000, 2097152) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] mkdir("./bus", 0777) = 0 [pid 6003] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6003] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6003] chdir("./bus") = 0 [pid 6003] ioctl(4, LOOP_CLR_FD) = 0 [pid 6003] close(4) = 0 [pid 6003] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 1 [pid 6003] creat("./bus", 000) = 4 [pid 6003] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 1 [pid 6003] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6003] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 1 [pid 6003] ftruncate(4, 2048) = 0 [pid 6003] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 1 [pid 6003] lseek(4, 0, SEEK_END) = 2048 [pid 6003] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 1 [ 171.906024][ T6003] loop0: detected capacity change from 0 to 4096 [ 171.915512][ T6003] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6003] open("./bus", O_RDONLY) = 5 [pid 6003] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] <... futex resumed>) = 0 [pid 6003] sendfile(4, 5, NULL, 145139829833722 [pid 6002] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6002] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6002] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6004], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6004 [pid 6002] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 171.955490][ T27] audit: type=1804 audit(1671454752.699:308): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/306/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6002] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6004 attached [pid 6004] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6004] sendfile(4, 5, NULL, 145139829833722 [pid 6002] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6002] exit_group(0) = ? [pid 6003] <... sendfile resumed>) = ? [pid 6004] <... sendfile resumed>) = ? [pid 6003] +++ exited with 0 +++ [pid 6004] +++ exited with 0 +++ [pid 6002] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6002, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./306/binderfs") = 0 umount2("./306/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./306/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./306/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6005 ./strace-static-x86_64: Process 6005 attached [pid 6005] set_robust_list(0x5555556365e0, 24) = 0 [pid 6005] chdir("./307") = 0 [pid 6005] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6005] setpgid(0, 0) = 0 [pid 6005] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6005] write(3, "1000", 4) = 4 [pid 6005] close(3) = 0 [pid 6005] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6005] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6006 attached , parent_tid=[6006], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6006 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] set_robust_list(0x7f54a22979e0, 24 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... set_robust_list resumed>) = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6006] memfd_create("syzkaller", 0) = 3 [pid 6006] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6006] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6006] munmap(0x7f5499e77000, 2097152) = 0 [pid 6006] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6006] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6006] close(3) = 0 [pid 6006] mkdir("./bus", 0777) = 0 [pid 6006] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6006] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6006] chdir("./bus") = 0 [pid 6006] ioctl(4, LOOP_CLR_FD) = 0 [pid 6006] close(4) = 0 [pid 6006] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6006] <... futex resumed>) = 1 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] creat("./bus", 000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... creat resumed>) = 4 [pid 6006] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 0 [pid 6006] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6006] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 1 [pid 6006] ftruncate(4, 2048) = 0 [pid 6006] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 1 [pid 6006] lseek(4, 0, SEEK_END) = 2048 [pid 6006] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 1 [ 172.286496][ T6006] loop0: detected capacity change from 0 to 4096 [ 172.296904][ T6006] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6006] open("./bus", O_RDONLY) = 5 [pid 6006] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6005] <... futex resumed>) = 0 [pid 6005] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6006] <... futex resumed>) = 1 [ 172.347612][ T27] audit: type=1804 audit(1671454753.089:309): pid=6006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/307/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6006] sendfile(4, 5, NULL, 145139829833722 [pid 6005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6005] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6005] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6005] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6007 attached , parent_tid=[6007], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6007 [pid 6005] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6005] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6007] sendfile(4, 5, NULL, 145139829833722 [pid 6005] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6005] exit_group(0) = ? [pid 6007] <... sendfile resumed>) = ? [pid 6007] +++ exited with 0 +++ [pid 6006] <... sendfile resumed>) = ? [pid 6006] +++ exited with 0 +++ [pid 6005] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6005, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./307/binderfs") = 0 umount2("./307/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./307/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./307/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6008 ./strace-static-x86_64: Process 6008 attached [pid 6008] set_robust_list(0x5555556365e0, 24) = 0 [pid 6008] chdir("./308") = 0 [pid 6008] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6008] setpgid(0, 0) = 0 [pid 6008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6008] write(3, "1000", 4) = 4 [pid 6008] close(3) = 0 [pid 6008] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6008] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6009], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6009 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6009 attached [pid 6009] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6009] memfd_create("syzkaller", 0) = 3 [pid 6009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6009] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6009] munmap(0x7f5499e77000, 2097152) = 0 [pid 6009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6009] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6009] close(3) = 0 [pid 6009] mkdir("./bus", 0777) = 0 [pid 6009] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6009] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6009] chdir("./bus") = 0 [pid 6009] ioctl(4, LOOP_CLR_FD) = 0 [pid 6009] close(4) = 0 [pid 6009] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 0 [pid 6009] creat("./bus", 000) = 4 [pid 6009] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6009] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] ftruncate(4, 2048) = 0 [pid 6009] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] lseek(4, 0, SEEK_END) = 2048 [pid 6009] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [ 172.689926][ T6009] loop0: detected capacity change from 0 to 4096 [ 172.699693][ T6009] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6009] open("./bus", O_RDONLY) = 5 [pid 6009] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6008] <... futex resumed>) = 0 [pid 6008] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6009] <... futex resumed>) = 1 [pid 6009] sendfile(4, 5, NULL, 145139829833722 [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6008] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6008] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6008] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6010], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6010 [pid 6008] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6008] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6010 attached [pid 6010] set_robust_list(0x7f549a0769e0, 24) = 0 [ 172.751684][ T27] audit: type=1804 audit(1671454753.499:310): pid=6009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/308/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6010] sendfile(4, 5, NULL, 145139829833722 [pid 6008] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6008] exit_group(0) = ? [pid 6009] <... sendfile resumed>) = ? [pid 6009] +++ exited with 0 +++ [pid 6010] <... sendfile resumed>) = ? [pid 6010] +++ exited with 0 +++ [pid 6008] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6008, si_uid=0, si_status=0, si_utime=0, si_stime=14 /* 0.14 s */} --- umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./308/binderfs") = 0 umount2("./308/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./308/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./308/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6011 ./strace-static-x86_64: Process 6011 attached [pid 6011] set_robust_list(0x5555556365e0, 24) = 0 [pid 6011] chdir("./309") = 0 [pid 6011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6011] setpgid(0, 0) = 0 [pid 6011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6011] write(3, "1000", 4) = 4 [pid 6011] close(3) = 0 [pid 6011] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6011] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6012], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6012 [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6012] memfd_create("syzkaller", 0) = 3 [pid 6012] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6012] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6012] munmap(0x7f5499e77000, 2097152) = 0 [pid 6012] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6012] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6012] close(3) = 0 [pid 6012] mkdir("./bus", 0777) = 0 [pid 6012] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6012] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6012] chdir("./bus") = 0 [pid 6012] ioctl(4, LOOP_CLR_FD) = 0 [pid 6012] close(4) = 0 [pid 6012] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... futex resumed>) = 0 [pid 6012] creat("./bus", 000) = 4 [pid 6012] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... fcntl resumed>) = 0 [pid 6012] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6011] <... futex resumed>) = 0 [pid 6012] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6012] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6011] <... futex resumed>) = 0 [pid 6012] ftruncate(4, 2048 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... ftruncate resumed>) = 0 [pid 6012] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... futex resumed>) = 1 [pid 6012] lseek(4, 0, SEEK_END) = 2048 [pid 6012] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... futex resumed>) = 1 [ 173.061823][ T6012] loop0: detected capacity change from 0 to 4096 [ 173.071013][ T6012] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6012] open("./bus", O_RDONLY) = 5 [pid 6012] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] <... futex resumed>) = 0 [pid 6011] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6012] <... futex resumed>) = 1 [pid 6012] sendfile(4, 5, NULL, 145139829833722 [pid 6011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6011] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6011] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6011] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6013], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6013 [pid 6011] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6011] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6013 attached [pid 6013] set_robust_list(0x7f549a0769e0, 24) = 0 [ 173.119591][ T27] audit: type=1804 audit(1671454753.859:311): pid=6012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/309/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6013] sendfile(4, 5, NULL, 145139829833722 [pid 6011] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6011] exit_group(0) = ? [pid 6012] <... sendfile resumed>) = ? [pid 6012] +++ exited with 0 +++ [pid 6013] <... sendfile resumed>) = ? [pid 6013] +++ exited with 0 +++ [pid 6011] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6011, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./309/binderfs") = 0 umount2("./309/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./309/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./309/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./309/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6014 ./strace-static-x86_64: Process 6014 attached [pid 6014] set_robust_list(0x5555556365e0, 24) = 0 [pid 6014] chdir("./310") = 0 [pid 6014] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6014] setpgid(0, 0) = 0 [pid 6014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6014] write(3, "1000", 4) = 4 [pid 6014] close(3) = 0 [pid 6014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6014] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6014] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6015], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6015 [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6015 attached [pid 6015] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6015] memfd_create("syzkaller", 0) = 3 [pid 6015] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6015] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6015] munmap(0x7f5499e77000, 2097152) = 0 [pid 6015] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6015] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6015] close(3) = 0 [pid 6015] mkdir("./bus", 0777) = 0 [pid 6015] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6015] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6015] chdir("./bus") = 0 [pid 6015] ioctl(4, LOOP_CLR_FD) = 0 [pid 6015] close(4) = 0 [pid 6015] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... futex resumed>) = 0 [pid 6015] creat("./bus", 000) = 4 [pid 6015] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6014] <... futex resumed>) = 0 [pid 6015] <... fcntl resumed>) = 0 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6015] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6014] <... futex resumed>) = 0 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] ftruncate(4, 2048) = 0 [pid 6015] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6014] <... futex resumed>) = 0 [pid 6015] lseek(4, 0, SEEK_END [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] <... lseek resumed>) = 2048 [pid 6015] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] open("./bus", O_RDONLY [pid 6014] <... futex resumed>) = 0 [pid 6015] <... open resumed>) = 5 [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6015] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6014] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6014] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6015] <... futex resumed>) = 0 [pid 6014] <... futex resumed>) = 1 [pid 6015] sendfile(4, 5, NULL, 145139829833722 [ 173.433998][ T6015] loop0: detected capacity change from 0 to 4096 [ 173.443618][ T6015] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6014] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6014] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6014] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6014] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6016 attached , parent_tid=[6016], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6016 [pid 6016] set_robust_list(0x7f549a0769e0, 24 [pid 6014] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6014] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... set_robust_list resumed>) = 0 [ 173.474118][ T27] audit: type=1804 audit(1671454754.219:312): pid=6015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/310/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6016] sendfile(4, 5, NULL, 145139829833722 [pid 6014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6014] exit_group(0) = ? [pid 6016] <... sendfile resumed>) = ? [pid 6016] +++ exited with 0 +++ [pid 6015] <... sendfile resumed>) = ? [pid 6015] +++ exited with 0 +++ [pid 6014] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6014, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./310/binderfs") = 0 umount2("./310/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./310/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./310/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6017 ./strace-static-x86_64: Process 6017 attached [pid 6017] set_robust_list(0x5555556365e0, 24) = 0 [pid 6017] chdir("./311") = 0 [pid 6017] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6017] setpgid(0, 0) = 0 [pid 6017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6017] write(3, "1000", 4) = 4 [pid 6017] close(3) = 0 [pid 6017] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6017] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6017] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6018 attached [pid 6018] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6018] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... clone resumed>, parent_tid=[6018], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6018 [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6018] memfd_create("syzkaller", 0) = 3 [pid 6018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6018] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6018] munmap(0x7f5499e77000, 2097152) = 0 [pid 6018] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6018] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6018] close(3) = 0 [pid 6018] mkdir("./bus", 0777) = 0 [pid 6018] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6018] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6018] chdir("./bus") = 0 [pid 6018] ioctl(4, LOOP_CLR_FD) = 0 [pid 6018] close(4) = 0 [pid 6018] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... futex resumed>) = 1 [pid 6018] creat("./bus", 000) = 4 [pid 6018] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6018] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] ftruncate(4, 2048 [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... ftruncate resumed>) = 0 [pid 6018] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] <... futex resumed>) = 0 [pid 6018] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] lseek(4, 0, SEEK_END) = 2048 [pid 6018] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 173.809712][ T6018] loop0: detected capacity change from 0 to 4096 [ 173.819397][ T6018] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6018] open("./bus", O_RDONLY [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... open resumed>) = 5 [pid 6018] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6017] <... futex resumed>) = 0 [pid 6017] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6017] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6018] <... futex resumed>) = 0 [pid 6018] sendfile(4, 5, NULL, 145139829833722 [pid 6017] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6017] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6017] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6017] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6019], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6019 [pid 6017] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6017] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6019 attached [pid 6019] set_robust_list(0x7f549a0769e0, 24) = 0 [ 173.874053][ T27] audit: type=1804 audit(1671454754.619:313): pid=6018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/311/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6019] sendfile(4, 5, NULL, 145139829833722 [pid 6017] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6017] exit_group(0 [pid 6018] <... sendfile resumed>) = ? [pid 6017] <... exit_group resumed>) = ? [pid 6018] +++ exited with 0 +++ [pid 6019] <... sendfile resumed>) = ? [pid 6019] +++ exited with 0 +++ [pid 6017] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6017, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./311/binderfs") = 0 umount2("./311/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./311/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./311/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6020 ./strace-static-x86_64: Process 6020 attached [pid 6020] set_robust_list(0x5555556365e0, 24) = 0 [pid 6020] chdir("./312") = 0 [pid 6020] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6020] setpgid(0, 0) = 0 [pid 6020] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6020] write(3, "1000", 4) = 4 [pid 6020] close(3) = 0 [pid 6020] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6020] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6020] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6021 attached , parent_tid=[6021], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6021 [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6021] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6021] memfd_create("syzkaller", 0) = 3 [pid 6021] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6021] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6021] munmap(0x7f5499e77000, 2097152) = 0 [pid 6021] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6021] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6021] close(3) = 0 [pid 6021] mkdir("./bus", 0777) = 0 [pid 6021] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6021] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6021] chdir("./bus") = 0 [pid 6021] ioctl(4, LOOP_CLR_FD) = 0 [pid 6021] close(4) = 0 [pid 6021] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... futex resumed>) = 1 [pid 6021] creat("./bus", 000) = 4 [pid 6021] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... futex resumed>) = 1 [pid 6021] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6021] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6021] ftruncate(4, 2048 [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... ftruncate resumed>) = 0 [pid 6021] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6020] <... futex resumed>) = 0 [pid 6021] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6020] <... futex resumed>) = 0 [pid 6021] lseek(4, 0, SEEK_END [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... lseek resumed>) = 2048 [pid 6021] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... futex resumed>) = 1 [ 174.198467][ T6021] loop0: detected capacity change from 0 to 4096 [ 174.207962][ T6021] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6021] open("./bus", O_RDONLY) = 5 [pid 6021] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6020] <... futex resumed>) = 0 [pid 6020] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] <... futex resumed>) = 1 [pid 6021] sendfile(4, 5, NULL, 145139829833722 [pid 6020] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6020] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6020] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6020] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6020] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6022], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6022 [pid 6020] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6020] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6022 attached [pid 6022] set_robust_list(0x7f549a0769e0, 24) = 0 [ 174.257043][ T27] audit: type=1804 audit(1671454754.999:314): pid=6021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/312/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6022] sendfile(4, 5, NULL, 145139829833722 [pid 6020] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6020] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6020] exit_group(0) = ? [pid 6021] <... sendfile resumed>) = ? [pid 6022] <... sendfile resumed>) = ? [pid 6022] +++ exited with 0 +++ [pid 6021] +++ exited with 0 +++ [pid 6020] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6020, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./312/binderfs") = 0 umount2("./312/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./312/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./312/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6023 ./strace-static-x86_64: Process 6023 attached [pid 6023] set_robust_list(0x5555556365e0, 24) = 0 [pid 6023] chdir("./313") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6023] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6024], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6024 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6024 attached [pid 6024] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6024] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6024] munmap(0x7f5499e77000, 2097152) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] mkdir("./bus", 0777) = 0 [pid 6024] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6024] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./bus") = 0 [pid 6024] ioctl(4, LOOP_CLR_FD) = 0 [pid 6024] close(4) = 0 [pid 6024] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] creat("./bus", 000) = 4 [pid 6024] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6024] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] ftruncate(4, 2048) = 0 [pid 6024] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] lseek(4, 0, SEEK_END) = 2048 [pid 6024] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [ 174.579407][ T6024] loop0: detected capacity change from 0 to 4096 [ 174.589400][ T6024] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6024] open("./bus", O_RDONLY) = 5 [pid 6024] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6023] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6024] sendfile(4, 5, NULL, 145139829833722 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6023] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6023] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6025], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6025 [pid 6023] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6025 attached [pid 6025] set_robust_list(0x7f549a0769e0, 24) = 0 [ 174.640187][ T27] audit: type=1804 audit(1671454755.379:315): pid=6024 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/313/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6025] sendfile(4, 5, NULL, 145139829833722 [pid 6023] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6023] exit_group(0) = ? [pid 6025] <... sendfile resumed>) = ? [pid 6025] +++ exited with 0 +++ [pid 6024] <... sendfile resumed>) = ? [pid 6024] +++ exited with 0 +++ [pid 6023] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6023, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./313/binderfs") = 0 umount2("./313/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./313/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./313/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x5555556365e0, 24) = 0 [pid 6026] chdir("./314") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6026] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6027], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6027 [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6027 attached [pid 6027] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6027] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6027] munmap(0x7f5499e77000, 2097152) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] mkdir("./bus", 0777) = 0 [pid 6027] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6027] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./bus") = 0 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [pid 6027] close(4) = 0 [pid 6027] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] creat("./bus", 000) = 4 [pid 6027] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6027] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... futex resumed>) = 1 [pid 6027] ftruncate(4, 2048) = 0 [pid 6027] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... futex resumed>) = 0 [pid 6027] <... futex resumed>) = 1 [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] lseek(4, 0, SEEK_END [pid 6026] <... futex resumed>) = 0 [pid 6027] <... lseek resumed>) = 2048 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] open("./bus", O_RDONLY [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... open resumed>) = 5 [pid 6027] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] sendfile(4, 5, NULL, 145139829833722 [pid 6026] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 174.966010][ T6027] loop0: detected capacity change from 0 to 4096 [ 174.976024][ T6027] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6026] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6026] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6026] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6028 attached [pid 6028] set_robust_list(0x7f549a0769e0, 24 [pid 6026] <... clone resumed>, parent_tid=[6028], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6028 [pid 6028] <... set_robust_list resumed>) = 0 [pid 6026] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6028] sendfile(4, 5, NULL, 145139829833722 [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6026] exit_group(0) = ? [pid 6028] <... sendfile resumed>) = ? [pid 6028] +++ exited with 0 +++ [pid 6027] <... sendfile resumed>) = ? [pid 6027] +++ exited with 0 +++ [pid 6026] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6026, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./314/binderfs") = 0 umount2("./314/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./314/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./314/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6029 ./strace-static-x86_64: Process 6029 attached [pid 6029] set_robust_list(0x5555556365e0, 24) = 0 [pid 6029] chdir("./315") = 0 [pid 6029] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6029] setpgid(0, 0) = 0 [pid 6029] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6029] write(3, "1000", 4) = 4 [pid 6029] close(3) = 0 [pid 6029] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6029] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6030], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6030 ./strace-static-x86_64: Process 6030 attached [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6030] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6030] memfd_create("syzkaller", 0) = 3 [pid 6030] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6030] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6030] munmap(0x7f5499e77000, 2097152) = 0 [pid 6030] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6030] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6030] close(3) = 0 [pid 6030] mkdir("./bus", 0777) = 0 [pid 6030] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6030] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6030] chdir("./bus") = 0 [pid 6030] ioctl(4, LOOP_CLR_FD) = 0 [pid 6030] close(4) = 0 [pid 6030] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] creat("./bus", 000 [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... creat resumed>) = 4 [pid 6030] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [ 175.363896][ T6030] loop0: detected capacity change from 0 to 4096 [ 175.372759][ T6030] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... fcntl resumed>) = 0 [pid 6030] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] ftruncate(4, 2048 [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... ftruncate resumed>) = 0 [pid 6030] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] lseek(4, 0, SEEK_END [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... lseek resumed>) = 2048 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] open("./bus", O_RDONLY [pid 6029] <... futex resumed>) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6030] <... open resumed>) = 5 [pid 6030] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6029] <... futex resumed>) = 0 [pid 6030] sendfile(4, 5, NULL, 145139829833722 [pid 6029] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6029] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6029] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6029] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6031], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6031 [pid 6029] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6029] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6031 attached [pid 6031] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6031] sendfile(4, 5, NULL, 145139829833722 [pid 6029] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6029] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6029] exit_group(0) = ? [pid 6031] <... sendfile resumed>) = ? [pid 6031] +++ exited with 0 +++ [pid 6030] <... sendfile resumed>) = ? [pid 6030] +++ exited with 0 +++ [pid 6029] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6029, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./315/binderfs") = 0 umount2("./315/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./315/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./315/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./315/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6032 ./strace-static-x86_64: Process 6032 attached [pid 6032] set_robust_list(0x5555556365e0, 24) = 0 [pid 6032] chdir("./316") = 0 [pid 6032] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6032] setpgid(0, 0) = 0 [pid 6032] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6032] write(3, "1000", 4) = 4 [pid 6032] close(3) = 0 [pid 6032] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6032] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6032] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6033 attached , parent_tid=[6033], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6033 [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6033] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6033] memfd_create("syzkaller", 0) = 3 [pid 6033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6033] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6033] munmap(0x7f5499e77000, 2097152) = 0 [pid 6033] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6033] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6033] close(3) = 0 [pid 6033] mkdir("./bus", 0777) = 0 [pid 6033] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6033] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6033] chdir("./bus") = 0 [pid 6033] ioctl(4, LOOP_CLR_FD) = 0 [pid 6033] close(4) = 0 [pid 6033] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] <... futex resumed>) = 0 [pid 6033] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 0 [pid 6033] creat("./bus", 000) = 4 [pid 6033] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6032] <... futex resumed>) = 0 [pid 6033] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... fcntl resumed>) = 0 [pid 6033] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] ftruncate(4, 2048) = 0 [ 175.762846][ T6033] loop0: detected capacity change from 0 to 4096 [ 175.772013][ T6033] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6033] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] lseek(4, 0, SEEK_END) = 2048 [pid 6033] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] open("./bus", O_RDONLY) = 5 [pid 6033] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6033] <... futex resumed>) = 1 [pid 6033] sendfile(4, 5, NULL, 145139829833722 [pid 6032] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6032] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6032] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6032] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6034 attached , parent_tid=[6034], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6034 [pid 6034] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6032] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] sendfile(4, 5, NULL, 145139829833722 [pid 6032] <... futex resumed>) = 0 [pid 6032] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6032] exit_group(0) = ? [pid 6034] <... sendfile resumed>) = ? [pid 6034] +++ exited with 0 +++ [pid 6033] <... sendfile resumed>) = ? [pid 6033] +++ exited with 0 +++ [pid 6032] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6032, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./316/binderfs") = 0 umount2("./316/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./316/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./316/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6035 ./strace-static-x86_64: Process 6035 attached [pid 6035] set_robust_list(0x5555556365e0, 24) = 0 [pid 6035] chdir("./317") = 0 [pid 6035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6035] setpgid(0, 0) = 0 [pid 6035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6035] write(3, "1000", 4) = 4 [pid 6035] close(3) = 0 [pid 6035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6035] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6035] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6036], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6036 [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6036] memfd_create("syzkaller", 0) = 3 [pid 6036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6036] munmap(0x7f5499e77000, 2097152) = 0 [pid 6036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6036] close(3) = 0 [pid 6036] mkdir("./bus", 0777) = 0 [pid 6036] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6036] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6036] chdir("./bus") = 0 [pid 6036] ioctl(4, LOOP_CLR_FD) = 0 [pid 6036] close(4) = 0 [pid 6036] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6036] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... futex resumed>) = 0 [pid 6036] creat("./bus", 000) = 4 [pid 6036] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6036] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6036] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] <... futex resumed>) = 0 [pid 6036] ftruncate(4, 2048 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... ftruncate resumed>) = 0 [pid 6036] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6035] <... futex resumed>) = 0 [pid 6036] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6036] lseek(4, 0, SEEK_END [pid 6035] <... futex resumed>) = 0 [pid 6036] <... lseek resumed>) = 2048 [pid 6036] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [ 176.163745][ T6036] loop0: detected capacity change from 0 to 4096 [ 176.173464][ T6036] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6036] open("./bus", O_RDONLY [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6036] <... open resumed>) = 5 [pid 6036] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6035] <... futex resumed>) = 0 [pid 6035] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6035] <... futex resumed>) = 1 [pid 6036] sendfile(4, 5, NULL, 145139829833722 [pid 6035] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6035] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6035] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6035] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6037], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6037 [pid 6035] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6035] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6037 attached [pid 6037] set_robust_list(0x7f549a0769e0, 24) = 0 [ 176.225025][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 176.225038][ T27] audit: type=1804 audit(1671454756.969:319): pid=6036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/317/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6037] sendfile(4, 5, NULL, 145139829833722 [pid 6035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6035] exit_group(0) = ? [pid 6036] <... sendfile resumed>) = ? [pid 6036] +++ exited with 0 +++ [pid 6037] <... sendfile resumed>) = ? [pid 6037] +++ exited with 0 +++ [pid 6035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6035, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./317/binderfs") = 0 umount2("./317/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./317/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./317/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6038 ./strace-static-x86_64: Process 6038 attached [pid 6038] set_robust_list(0x5555556365e0, 24) = 0 [pid 6038] chdir("./318") = 0 [pid 6038] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6038] setpgid(0, 0) = 0 [pid 6038] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6038] write(3, "1000", 4) = 4 [pid 6038] close(3) = 0 [pid 6038] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6038] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6039 attached , parent_tid=[6039], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6039 [pid 6039] set_robust_list(0x7f54a22979e0, 24 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6039] <... set_robust_list resumed>) = 0 [pid 6039] memfd_create("syzkaller", 0) = 3 [pid 6039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6039] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6039] munmap(0x7f5499e77000, 2097152) = 0 [pid 6039] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6039] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6039] close(3) = 0 [pid 6039] mkdir("./bus", 0777) = 0 [pid 6039] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6039] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6039] chdir("./bus") = 0 [pid 6039] ioctl(4, LOOP_CLR_FD) = 0 [pid 6039] close(4) = 0 [pid 6039] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6038] <... futex resumed>) = 1 [pid 6039] creat("./bus", 000 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... creat resumed>) = 4 [pid 6039] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = 0 [pid 6039] <... futex resumed>) = 1 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6038] <... futex resumed>) = 0 [pid 6039] <... fcntl resumed>) = 0 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6039] ftruncate(4, 2048 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] <... ftruncate resumed>) = 0 [pid 6039] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] lseek(4, 0, SEEK_END [pid 6038] <... futex resumed>) = 0 [pid 6039] <... lseek resumed>) = 2048 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6038] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6039] <... futex resumed>) = 0 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.559176][ T6039] loop0: detected capacity change from 0 to 4096 [ 176.568682][ T6039] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6039] open("./bus", O_RDONLY) = 5 [pid 6039] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6038] <... futex resumed>) = 0 [pid 6039] sendfile(4, 5, NULL, 145139829833722 [pid 6038] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 176.612059][ T27] audit: type=1804 audit(1671454757.359:320): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/318/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6038] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6038] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6038] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6038] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6040], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6040 [pid 6038] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6038] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6040 attached [pid 6040] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6040] sendfile(4, 5, NULL, 145139829833722 [pid 6038] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6038] exit_group(0) = ? [pid 6039] <... sendfile resumed>) = ? [pid 6039] +++ exited with 0 +++ [pid 6040] <... sendfile resumed>) = ? [pid 6040] +++ exited with 0 +++ [pid 6038] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6038, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./318/binderfs") = 0 umount2("./318/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./318/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./318/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6041 ./strace-static-x86_64: Process 6041 attached [pid 6041] set_robust_list(0x5555556365e0, 24) = 0 [pid 6041] chdir("./319") = 0 [pid 6041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6041] setpgid(0, 0) = 0 [pid 6041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6041] write(3, "1000", 4) = 4 [pid 6041] close(3) = 0 [pid 6041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6041] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6042 attached , parent_tid=[6042], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6042 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6042] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6042] memfd_create("syzkaller", 0) = 3 [pid 6042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6042] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6042] munmap(0x7f5499e77000, 2097152) = 0 [pid 6042] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6042] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6042] close(3) = 0 [pid 6042] mkdir("./bus", 0777) = 0 [pid 6042] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6042] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6042] chdir("./bus") = 0 [pid 6042] ioctl(4, LOOP_CLR_FD) = 0 [pid 6042] close(4) = 0 [pid 6042] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 1 [pid 6042] creat("./bus", 000) = 4 [pid 6042] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 1 [pid 6042] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6042] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 1 [ 176.960281][ T6042] loop0: detected capacity change from 0 to 4096 [ 176.969964][ T6042] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6042] ftruncate(4, 2048) = 0 [pid 6042] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 1 [pid 6042] lseek(4, 0, SEEK_END) = 2048 [pid 6042] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 1 [pid 6042] open("./bus", O_RDONLY) = 5 [pid 6042] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6041] <... futex resumed>) = 0 [pid 6041] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6042] <... futex resumed>) = 1 [pid 6042] sendfile(4, 5, NULL, 145139829833722 [pid 6041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6041] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6041] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6043 attached , parent_tid=[6043], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6043 [pid 6041] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6041] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] set_robust_list(0x7f549a0769e0, 24) = 0 [ 177.007816][ T27] audit: type=1804 audit(1671454757.749:321): pid=6042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/319/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6043] sendfile(4, 5, NULL, 145139829833722 [pid 6041] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6041] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6041] exit_group(0) = ? [pid 6043] <... sendfile resumed>) = ? [pid 6043] +++ exited with 0 +++ [pid 6042] <... sendfile resumed>) = ? [pid 6042] +++ exited with 0 +++ [pid 6041] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6041, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./319/binderfs") = 0 umount2("./319/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./319/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./319/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6044 ./strace-static-x86_64: Process 6044 attached [pid 6044] set_robust_list(0x5555556365e0, 24) = 0 [pid 6044] chdir("./320") = 0 [pid 6044] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6044] setpgid(0, 0) = 0 [pid 6044] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6044] write(3, "1000", 4) = 4 [pid 6044] close(3) = 0 [pid 6044] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6044] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6044] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6045], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6045 [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6045 attached [pid 6045] set_robust_list(0x7f54a22979e0, 24 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6045] <... set_robust_list resumed>) = 0 [pid 6045] memfd_create("syzkaller", 0) = 3 [pid 6045] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6045] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6045] munmap(0x7f5499e77000, 2097152) = 0 [pid 6045] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6045] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6045] close(3) = 0 [pid 6045] mkdir("./bus", 0777) = 0 [pid 6045] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6045] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6045] chdir("./bus") = 0 [pid 6045] ioctl(4, LOOP_CLR_FD) = 0 [pid 6045] close(4) = 0 [pid 6045] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6045] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] <... futex resumed>) = 0 [pid 6045] creat("./bus", 000) = 4 [pid 6045] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] <... futex resumed>) = 1 [pid 6045] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6045] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = 0 [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] <... futex resumed>) = 1 [pid 6045] ftruncate(4, 2048) = 0 [pid 6045] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = 0 [pid 6045] <... futex resumed>) = 1 [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] lseek(4, 0, SEEK_END [pid 6044] <... futex resumed>) = 0 [pid 6045] <... lseek resumed>) = 2048 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6045] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6044] <... futex resumed>) = 0 [ 177.327539][ T6045] loop0: detected capacity change from 0 to 4096 [ 177.337055][ T6045] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6045] open("./bus", O_RDONLY [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] <... open resumed>) = 5 [pid 6045] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6044] <... futex resumed>) = 1 [pid 6045] sendfile(4, 5, NULL, 145139829833722 [ 177.381301][ T27] audit: type=1804 audit(1671454758.129:322): pid=6045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/320/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6044] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6044] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6044] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6044] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6046], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6046 [pid 6044] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6044] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6046 attached [pid 6046] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6046] sendfile(4, 5, NULL, 145139829833722 [pid 6044] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6044] exit_group(0) = ? [pid 6045] <... sendfile resumed>) = ? [pid 6045] +++ exited with 0 +++ [pid 6046] <... sendfile resumed>) = ? [pid 6046] +++ exited with 0 +++ [pid 6044] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6044, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./320/binderfs") = 0 umount2("./320/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./320/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./320/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6047 ./strace-static-x86_64: Process 6047 attached [pid 6047] set_robust_list(0x5555556365e0, 24) = 0 [pid 6047] chdir("./321") = 0 [pid 6047] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6047] setpgid(0, 0) = 0 [pid 6047] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6047] write(3, "1000", 4) = 4 [pid 6047] close(3) = 0 [pid 6047] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6047] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6047] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6048], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6048 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6048 attached [pid 6048] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6048] memfd_create("syzkaller", 0) = 3 [pid 6048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6048] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6048] munmap(0x7f5499e77000, 2097152) = 0 [pid 6048] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6048] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6048] close(3) = 0 [pid 6048] mkdir("./bus", 0777) = 0 [pid 6048] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6048] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6048] chdir("./bus") = 0 [pid 6048] ioctl(4, LOOP_CLR_FD) = 0 [pid 6048] close(4) = 0 [pid 6048] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] <... futex resumed>) = 1 [pid 6048] creat("./bus", 000) = 4 [pid 6048] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] <... futex resumed>) = 1 [pid 6048] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6048] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] <... futex resumed>) = 1 [pid 6048] ftruncate(4, 2048) = 0 [pid 6048] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] <... futex resumed>) = 1 [pid 6048] lseek(4, 0, SEEK_END) = 2048 [pid 6048] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] <... futex resumed>) = 1 [ 177.705013][ T6048] loop0: detected capacity change from 0 to 4096 [ 177.714109][ T6048] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6048] open("./bus", O_RDONLY) = 5 [pid 6048] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6047] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6047] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6048] <... futex resumed>) = 0 [ 177.750488][ T27] audit: type=1804 audit(1671454758.489:323): pid=6048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/321/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6048] sendfile(4, 5, NULL, 145139829833722 [pid 6047] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6047] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6047] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6047] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6047] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6049 attached [pid 6049] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6049] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6047] <... clone resumed>, parent_tid=[6049], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6049 [pid 6047] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] <... futex resumed>) = 0 [pid 6047] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] sendfile(4, 5, NULL, 145139829833722 [pid 6047] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6047] exit_group(0) = ? [pid 6049] <... sendfile resumed>) = ? [pid 6048] <... sendfile resumed>) = ? [pid 6048] +++ exited with 0 +++ [pid 6049] +++ exited with 0 +++ [pid 6047] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6047, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./321/binderfs") = 0 umount2("./321/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./321/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./321/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./321/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6050 ./strace-static-x86_64: Process 6050 attached [pid 6050] set_robust_list(0x5555556365e0, 24) = 0 [pid 6050] chdir("./322") = 0 [pid 6050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6050] setpgid(0, 0) = 0 [pid 6050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6050] write(3, "1000", 4) = 4 [pid 6050] close(3) = 0 [pid 6050] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6050] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6050] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6051], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6051 [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6051] memfd_create("syzkaller", 0) = 3 [pid 6051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6051] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6051] munmap(0x7f5499e77000, 2097152) = 0 [pid 6051] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6051] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6051] close(3) = 0 [pid 6051] mkdir("./bus", 0777) = 0 [pid 6051] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6051] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6051] chdir("./bus") = 0 [pid 6051] ioctl(4, LOOP_CLR_FD) = 0 [pid 6051] close(4) = 0 [pid 6051] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] <... futex resumed>) = 0 [pid 6051] creat("./bus", 000 [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] <... creat resumed>) = 4 [pid 6051] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] <... futex resumed>) = 1 [pid 6051] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6051] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] <... futex resumed>) = 1 [pid 6051] ftruncate(4, 2048) = 0 [pid 6051] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6050] <... futex resumed>) = 0 [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] <... futex resumed>) = 1 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6051] lseek(4, 0, SEEK_END) = 2048 [pid 6051] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6050] <... futex resumed>) = 0 [pid 6051] open("./bus", O_RDONLY [ 178.102312][ T6051] loop0: detected capacity change from 0 to 4096 [ 178.112582][ T6051] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] <... open resumed>) = 5 [pid 6051] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6050] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6050] <... futex resumed>) = 1 [pid 6051] sendfile(4, 5, NULL, 145139829833722 [ 178.150756][ T27] audit: type=1804 audit(1671454758.889:324): pid=6051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/322/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6050] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6050] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6050] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6050] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6052], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6052 [pid 6050] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6050] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6052 attached [pid 6052] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6052] sendfile(4, 5, NULL, 145139829833722 [pid 6050] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6050] exit_group(0) = ? [pid 6051] <... sendfile resumed>) = ? [pid 6051] +++ exited with 0 +++ [pid 6052] <... sendfile resumed>) = ? [pid 6052] +++ exited with 0 +++ [pid 6050] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6050, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./322/binderfs") = 0 umount2("./322/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./322/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./322/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6053 attached , child_tidptr=0x5555556365d0) = 6053 [pid 6053] set_robust_list(0x5555556365e0, 24) = 0 [pid 6053] chdir("./323") = 0 [pid 6053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6053] setpgid(0, 0) = 0 [pid 6053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6053] write(3, "1000", 4) = 4 [pid 6053] close(3) = 0 [pid 6053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6053] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6053] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6054 attached , parent_tid=[6054], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6054 [pid 6054] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6054] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6054] <... futex resumed>) = 0 [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6054] memfd_create("syzkaller", 0) = 3 [pid 6054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6054] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6054] munmap(0x7f5499e77000, 2097152) = 0 [pid 6054] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6054] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6054] close(3) = 0 [pid 6054] mkdir("./bus", 0777) = 0 [pid 6054] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6054] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6054] chdir("./bus") = 0 [pid 6054] ioctl(4, LOOP_CLR_FD) = 0 [pid 6054] close(4) = 0 [pid 6054] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] creat("./bus", 000) = 4 [pid 6054] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] <... futex resumed>) = 1 [pid 6054] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6054] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6054] ftruncate(4, 2048 [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... ftruncate resumed>) = 0 [pid 6053] <... futex resumed>) = 0 [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6054] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] <... futex resumed>) = 0 [pid 6054] lseek(4, 0, SEEK_END [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] <... lseek resumed>) = 2048 [pid 6054] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6054] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] <... futex resumed>) = 0 [ 178.486923][ T6054] loop0: detected capacity change from 0 to 4096 [ 178.496355][ T6054] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6054] open("./bus", O_RDONLY [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6054] <... open resumed>) = 5 [pid 6054] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6053] <... futex resumed>) = 0 [pid 6054] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6053] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6053] <... futex resumed>) = 0 [pid 6054] sendfile(4, 5, NULL, 145139829833722 [pid 6053] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6053] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 178.545586][ T27] audit: type=1804 audit(1671454759.289:325): pid=6054 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/323/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6053] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6053] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6055], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6055 [pid 6053] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6053] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6055 attached [pid 6055] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6055] sendfile(4, 5, NULL, 145139829833722 [pid 6053] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6053] exit_group(0) = ? [pid 6054] <... sendfile resumed>) = ? [pid 6055] <... sendfile resumed>) = ? [pid 6055] +++ exited with 0 +++ [pid 6054] +++ exited with 0 +++ [pid 6053] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6053, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./323/binderfs") = 0 umount2("./323/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./323/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./323/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6056 ./strace-static-x86_64: Process 6056 attached [pid 6056] set_robust_list(0x5555556365e0, 24) = 0 [pid 6056] chdir("./324") = 0 [pid 6056] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6056] setpgid(0, 0) = 0 [pid 6056] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6056] write(3, "1000", 4) = 4 [pid 6056] close(3) = 0 [pid 6056] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6056] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6057], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6057 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6057 attached ) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6057] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6057] memfd_create("syzkaller", 0) = 3 [pid 6057] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6057] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6057] munmap(0x7f5499e77000, 2097152) = 0 [pid 6057] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6057] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6057] close(3) = 0 [pid 6057] mkdir("./bus", 0777) = 0 [pid 6057] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6057] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6057] chdir("./bus") = 0 [pid 6057] ioctl(4, LOOP_CLR_FD) = 0 [pid 6057] close(4) = 0 [pid 6057] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = 1 [pid 6057] creat("./bus", 000) = 4 [pid 6057] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = 1 [pid 6057] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6057] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = 1 [pid 6057] ftruncate(4, 2048) = 0 [pid 6057] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = 1 [pid 6057] lseek(4, 0, SEEK_END) = 2048 [pid 6057] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6057] <... futex resumed>) = 1 [ 178.868640][ T6057] loop0: detected capacity change from 0 to 4096 [ 178.877954][ T6057] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6057] open("./bus", O_RDONLY) = 5 [pid 6057] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6056] <... futex resumed>) = 0 [pid 6056] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 178.914870][ T27] audit: type=1804 audit(1671454759.659:326): pid=6057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/324/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6057] sendfile(4, 5, NULL, 145139829833722 [pid 6056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6056] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6056] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6056] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6056] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6058], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6058 [pid 6056] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6056] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6058 attached [pid 6058] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6058] sendfile(4, 5, NULL, 145139829833722 [pid 6056] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6056] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6056] exit_group(0) = ? [pid 6057] <... sendfile resumed>) = ? [pid 6057] +++ exited with 0 +++ [pid 6058] <... sendfile resumed>) = ? [pid 6058] +++ exited with 0 +++ [pid 6056] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6056, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./324/binderfs") = 0 umount2("./324/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./324/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./324/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6059 ./strace-static-x86_64: Process 6059 attached [pid 6059] set_robust_list(0x5555556365e0, 24) = 0 [pid 6059] chdir("./325") = 0 [pid 6059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6059] setpgid(0, 0) = 0 [pid 6059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6059] write(3, "1000", 4) = 4 [pid 6059] close(3) = 0 [pid 6059] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6059] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6059] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6060], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6060 [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6060 attached [pid 6060] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6060] memfd_create("syzkaller", 0) = 3 [pid 6060] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6060] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6060] munmap(0x7f5499e77000, 2097152) = 0 [pid 6060] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6060] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6060] close(3) = 0 [pid 6060] mkdir("./bus", 0777) = 0 [pid 6060] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6060] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6060] chdir("./bus") = 0 [pid 6060] ioctl(4, LOOP_CLR_FD) = 0 [pid 6060] close(4) = 0 [pid 6060] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... futex resumed>) = 1 [pid 6060] creat("./bus", 000) = 4 [pid 6060] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6060] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6060] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] ftruncate(4, 2048 [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... ftruncate resumed>) = 0 [pid 6060] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 179.264884][ T6060] loop0: detected capacity change from 0 to 4096 [ 179.274484][ T6060] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] lseek(4, 0, SEEK_END) = 2048 [pid 6060] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] open("./bus", O_RDONLY) = 5 [pid 6060] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6060] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6059] <... futex resumed>) = 0 [pid 6059] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6059] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6060] <... futex resumed>) = 0 [pid 6060] sendfile(4, 5, NULL, 145139829833722 [pid 6059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6059] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6059] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6059] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6061 attached , parent_tid=[6061], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6061 [pid 6059] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] set_robust_list(0x7f549a0769e0, 24 [pid 6059] <... futex resumed>) = 0 [pid 6061] <... set_robust_list resumed>) = 0 [pid 6059] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 179.327753][ T27] audit: type=1804 audit(1671454760.069:327): pid=6060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/325/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6061] sendfile(4, 5, NULL, 145139829833722 [pid 6059] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6059] exit_group(0) = ? [pid 6060] <... sendfile resumed>) = ? [pid 6060] +++ exited with 0 +++ [pid 6061] <... sendfile resumed>) = ? [pid 6061] +++ exited with 0 +++ [pid 6059] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6059, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./325/binderfs") = 0 umount2("./325/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./325/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./325/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6062 ./strace-static-x86_64: Process 6062 attached [pid 6062] set_robust_list(0x5555556365e0, 24) = 0 [pid 6062] chdir("./326") = 0 [pid 6062] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6062] setpgid(0, 0) = 0 [pid 6062] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6062] write(3, "1000", 4) = 4 [pid 6062] close(3) = 0 [pid 6062] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6062] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6063 attached , parent_tid=[6063], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6063 [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6063] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6063] memfd_create("syzkaller", 0) = 3 [pid 6063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6063] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6063] munmap(0x7f5499e77000, 2097152) = 0 [pid 6063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6063] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6063] close(3) = 0 [pid 6063] mkdir("./bus", 0777) = 0 [pid 6063] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6063] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6063] chdir("./bus") = 0 [pid 6063] ioctl(4, LOOP_CLR_FD) = 0 [pid 6063] close(4) = 0 [pid 6063] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 1 [pid 6063] creat("./bus", 000) = 4 [pid 6063] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 1 [pid 6063] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6063] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = 0 [pid 6063] <... futex resumed>) = 1 [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] ftruncate(4, 2048) = 0 [pid 6063] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] <... futex resumed>) = 0 [pid 6063] lseek(4, 0, SEEK_END [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] <... lseek resumed>) = 2048 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6062] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] <... futex resumed>) = 0 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] open("./bus", O_RDONLY) = 5 [pid 6063] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 179.658648][ T6063] loop0: detected capacity change from 0 to 4096 [ 179.668174][ T6063] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6063] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6062] <... futex resumed>) = 0 [pid 6062] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6063] <... futex resumed>) = 0 [pid 6063] sendfile(4, 5, NULL, 145139829833722 [pid 6062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6062] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6062] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6062] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6064], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6064 [pid 6062] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6062] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6064 attached [pid 6064] set_robust_list(0x7f549a0769e0, 24) = 0 [ 179.718395][ T27] audit: type=1804 audit(1671454760.459:328): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/326/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6064] sendfile(4, 5, NULL, 145139829833722 [pid 6062] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6062] exit_group(0 [pid 6063] <... sendfile resumed>) = ? [pid 6062] <... exit_group resumed>) = ? [pid 6063] +++ exited with 0 +++ [pid 6064] <... sendfile resumed>) = ? [pid 6064] +++ exited with 0 +++ [pid 6062] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6062, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./326/binderfs") = 0 umount2("./326/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./326/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./326/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6065 ./strace-static-x86_64: Process 6065 attached [pid 6065] set_robust_list(0x5555556365e0, 24) = 0 [pid 6065] chdir("./327") = 0 [pid 6065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6065] setpgid(0, 0) = 0 [pid 6065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6065] write(3, "1000", 4) = 4 [pid 6065] close(3) = 0 [pid 6065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6065] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6065] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6066], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6066 [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6066 attached [pid 6066] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6066] memfd_create("syzkaller", 0) = 3 [pid 6066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6066] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6066] munmap(0x7f5499e77000, 2097152) = 0 [pid 6066] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6066] close(3) = 0 [pid 6066] mkdir("./bus", 0777) = 0 [pid 6066] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6066] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6066] chdir("./bus") = 0 [pid 6066] ioctl(4, LOOP_CLR_FD) = 0 [pid 6066] close(4) = 0 [pid 6066] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... futex resumed>) = 0 [pid 6066] creat("./bus", 000) = 4 [pid 6066] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... futex resumed>) = 1 [pid 6066] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6066] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... futex resumed>) = 1 [pid 6066] ftruncate(4, 2048) = 0 [ 180.044077][ T6066] loop0: detected capacity change from 0 to 4096 [ 180.053525][ T6066] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6066] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] <... futex resumed>) = 1 [pid 6066] lseek(4, 0, SEEK_END) = 2048 [pid 6066] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = 1 [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6066] open("./bus", O_RDONLY) = 5 [pid 6066] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6065] <... futex resumed>) = 0 [pid 6066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6065] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] sendfile(4, 5, NULL, 145139829833722 [pid 6065] <... futex resumed>) = 0 [pid 6065] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6065] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6065] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6065] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6067], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6067 [pid 6065] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6065] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6067 attached [pid 6067] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6067] sendfile(4, 5, NULL, 145139829833722 [pid 6065] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6065] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6065] exit_group(0) = ? [pid 6066] <... sendfile resumed>) = ? [pid 6066] +++ exited with 0 +++ [pid 6067] <... sendfile resumed>) = ? [pid 6067] +++ exited with 0 +++ [pid 6065] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6065, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./327/binderfs") = 0 umount2("./327/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./327/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./327/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./327/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6068 ./strace-static-x86_64: Process 6068 attached [pid 6068] set_robust_list(0x5555556365e0, 24) = 0 [pid 6068] chdir("./328") = 0 [pid 6068] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6068] setpgid(0, 0) = 0 [pid 6068] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6068] write(3, "1000", 4) = 4 [pid 6068] close(3) = 0 [pid 6068] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6068] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6068] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6069 attached , parent_tid=[6069], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6069 [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6069] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6069] memfd_create("syzkaller", 0) = 3 [pid 6069] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6069] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6069] munmap(0x7f5499e77000, 2097152) = 0 [pid 6069] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6069] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6069] close(3) = 0 [pid 6069] mkdir("./bus", 0777) = 0 [pid 6069] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6069] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6069] chdir("./bus") = 0 [pid 6069] ioctl(4, LOOP_CLR_FD) = 0 [pid 6069] close(4) = 0 [pid 6069] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... futex resumed>) = 1 [pid 6069] creat("./bus", 000) = 4 [pid 6069] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6069] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... futex resumed>) = 1 [pid 6069] ftruncate(4, 2048) = 0 [pid 6069] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... futex resumed>) = 1 [pid 6069] lseek(4, 0, SEEK_END) = 2048 [pid 6069] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6069] open("./bus", O_RDONLY [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6069] <... open resumed>) = 5 [pid 6069] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6068] <... futex resumed>) = 0 [pid 6068] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] sendfile(4, 5, NULL, 145139829833722 [ 180.450635][ T6069] loop0: detected capacity change from 0 to 4096 [ 180.459686][ T6069] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6068] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6068] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6068] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6068] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6070 attached [pid 6070] set_robust_list(0x7f549a0769e0, 24 [pid 6068] <... clone resumed>, parent_tid=[6070], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6070 [pid 6068] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6068] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... set_robust_list resumed>) = 0 [pid 6070] sendfile(4, 5, NULL, 145139829833722 [pid 6068] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6068] exit_group(0 [pid 6069] <... sendfile resumed>) = ? [pid 6068] <... exit_group resumed>) = ? [pid 6069] +++ exited with 0 +++ [pid 6070] <... sendfile resumed>) = ? [pid 6070] +++ exited with 0 +++ [pid 6068] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6068, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./328/binderfs") = 0 umount2("./328/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./328/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./328/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6071 ./strace-static-x86_64: Process 6071 attached [pid 6071] set_robust_list(0x5555556365e0, 24) = 0 [pid 6071] chdir("./329") = 0 [pid 6071] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6071] setpgid(0, 0) = 0 [pid 6071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6071] write(3, "1000", 4) = 4 [pid 6071] close(3) = 0 [pid 6071] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6071] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6071] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6072 attached , parent_tid=[6072], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6072 [pid 6072] set_robust_list(0x7f54a22979e0, 24 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6072] <... set_robust_list resumed>) = 0 [pid 6072] memfd_create("syzkaller", 0) = 3 [pid 6072] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6072] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6072] munmap(0x7f5499e77000, 2097152) = 0 [pid 6072] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6072] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6072] close(3) = 0 [pid 6072] mkdir("./bus", 0777) = 0 [pid 6072] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6072] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6072] chdir("./bus") = 0 [pid 6072] ioctl(4, LOOP_CLR_FD) = 0 [pid 6072] close(4) = 0 [pid 6072] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... futex resumed>) = 1 [pid 6072] creat("./bus", 000) = 4 [pid 6072] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... futex resumed>) = 1 [pid 6072] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6072] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... futex resumed>) = 1 [pid 6072] ftruncate(4, 2048) = 0 [pid 6072] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... futex resumed>) = 1 [pid 6072] lseek(4, 0, SEEK_END) = 2048 [pid 6072] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... futex resumed>) = 1 [pid 6072] open("./bus", O_RDONLY) = 5 [pid 6072] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] <... futex resumed>) = 0 [pid 6071] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6072] <... futex resumed>) = 1 [ 180.834413][ T6072] loop0: detected capacity change from 0 to 4096 [ 180.844218][ T6072] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6072] sendfile(4, 5, NULL, 145139829833722 [pid 6071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6071] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6071] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6071] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6073], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6073 [pid 6071] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6071] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6073 attached [pid 6073] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6073] sendfile(4, 5, NULL, 145139829833722 [pid 6071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6071] exit_group(0) = ? [pid 6072] <... sendfile resumed>) = ? [pid 6072] +++ exited with 0 +++ [pid 6073] <... sendfile resumed>) = ? [pid 6073] +++ exited with 0 +++ [pid 6071] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6071, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./329/binderfs") = 0 umount2("./329/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./329/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./329/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6074 ./strace-static-x86_64: Process 6074 attached [pid 6074] set_robust_list(0x5555556365e0, 24) = 0 [pid 6074] chdir("./330") = 0 [pid 6074] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6074] setpgid(0, 0) = 0 [pid 6074] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6074] write(3, "1000", 4) = 4 [pid 6074] close(3) = 0 [pid 6074] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6074] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6074] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6075], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6075 ./strace-static-x86_64: Process 6075 attached [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] set_robust_list(0x7f54a22979e0, 24 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6075] <... set_robust_list resumed>) = 0 [pid 6075] memfd_create("syzkaller", 0) = 3 [pid 6075] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6075] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6075] munmap(0x7f5499e77000, 2097152) = 0 [pid 6075] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6075] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6075] close(3) = 0 [pid 6075] mkdir("./bus", 0777) = 0 [pid 6075] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6075] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6075] chdir("./bus") = 0 [pid 6075] ioctl(4, LOOP_CLR_FD) = 0 [pid 6075] close(4) = 0 [pid 6075] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] creat("./bus", 000) = 4 [pid 6075] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] <... futex resumed>) = 0 [pid 6075] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6074] <... futex resumed>) = 1 [pid 6075] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... fcntl resumed>) = 0 [pid 6075] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... futex resumed>) = 1 [pid 6075] ftruncate(4, 2048) = 0 [pid 6075] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... futex resumed>) = 1 [pid 6075] lseek(4, 0, SEEK_END) = 2048 [pid 6075] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... futex resumed>) = 1 [ 181.201530][ T6075] loop0: detected capacity change from 0 to 4096 [ 181.210767][ T6075] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6075] open("./bus", O_RDONLY) = 5 [pid 6075] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6075] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6074] <... futex resumed>) = 0 [pid 6074] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6074] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6075] <... futex resumed>) = 0 [pid 6075] sendfile(4, 5, NULL, 145139829833722 [pid 6074] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6074] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6074] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6074] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6074] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6076], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6076 [pid 6074] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6076 attached [pid 6076] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6076] sendfile(4, 5, NULL, 145139829833722 [pid 6074] <... futex resumed>) = 0 [ 181.260278][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 181.260290][ T27] audit: type=1804 audit(1671454761.999:332): pid=6075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/330/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6074] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6074] exit_group(0) = ? [pid 6075] <... sendfile resumed>) = ? [pid 6075] +++ exited with 0 +++ [pid 6076] <... sendfile resumed>) = ? [pid 6076] +++ exited with 0 +++ [pid 6074] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6074, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./330/binderfs") = 0 umount2("./330/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./330/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./330/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./330/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6077 ./strace-static-x86_64: Process 6077 attached [pid 6077] set_robust_list(0x5555556365e0, 24) = 0 [pid 6077] chdir("./331") = 0 [pid 6077] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6077] setpgid(0, 0) = 0 [pid 6077] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6077] write(3, "1000", 4) = 4 [pid 6077] close(3) = 0 [pid 6077] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6077] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6078], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6078 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6078 attached [pid 6078] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6078] memfd_create("syzkaller", 0) = 3 [pid 6078] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6078] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6078] munmap(0x7f5499e77000, 2097152) = 0 [pid 6078] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6078] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6078] close(3) = 0 [pid 6078] mkdir("./bus", 0777) = 0 [pid 6078] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6078] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6078] chdir("./bus") = 0 [pid 6078] ioctl(4, LOOP_CLR_FD) = 0 [pid 6078] close(4) = 0 [pid 6078] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [ 181.581971][ T6078] loop0: detected capacity change from 0 to 4096 [ 181.590966][ T6078] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6078] creat("./bus", 000) = 4 [pid 6078] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [pid 6078] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6078] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [pid 6078] ftruncate(4, 2048) = 0 [pid 6078] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [pid 6078] lseek(4, 0, SEEK_END) = 2048 [pid 6078] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... futex resumed>) = 0 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6078] <... futex resumed>) = 1 [pid 6078] open("./bus", O_RDONLY) = 5 [pid 6078] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6077] <... futex resumed>) = 0 [pid 6078] sendfile(4, 5, NULL, 145139829833722 [pid 6077] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 181.625088][ T27] audit: type=1804 audit(1671454762.369:333): pid=6078 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/331/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6077] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6077] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6077] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6077] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6079], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6079 [pid 6077] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6077] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6079 attached [pid 6079] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6079] sendfile(4, 5, NULL, 145139829833722 [pid 6077] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6077] exit_group(0) = ? [pid 6079] <... sendfile resumed>) = ? [pid 6078] <... sendfile resumed>) = ? [pid 6079] +++ exited with 0 +++ [pid 6078] +++ exited with 0 +++ [pid 6077] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6077, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./331/binderfs") = 0 umount2("./331/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./331/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./331/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6080 ./strace-static-x86_64: Process 6080 attached [pid 6080] set_robust_list(0x5555556365e0, 24) = 0 [pid 6080] chdir("./332") = 0 [pid 6080] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6080] setpgid(0, 0) = 0 [pid 6080] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6080] write(3, "1000", 4) = 4 [pid 6080] close(3) = 0 [pid 6080] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6080] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6080] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6081], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6081 ./strace-static-x86_64: Process 6081 attached [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] set_robust_list(0x7f54a22979e0, 24 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6081] <... set_robust_list resumed>) = 0 [pid 6081] memfd_create("syzkaller", 0) = 3 [pid 6081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6081] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6081] munmap(0x7f5499e77000, 2097152) = 0 [pid 6081] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6081] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6081] close(3) = 0 [pid 6081] mkdir("./bus", 0777) = 0 [pid 6081] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6081] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6081] chdir("./bus") = 0 [pid 6081] ioctl(4, LOOP_CLR_FD) = 0 [pid 6081] close(4) = 0 [pid 6081] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... futex resumed>) = 1 [pid 6081] creat("./bus", 000) = 4 [pid 6081] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... futex resumed>) = 1 [pid 6081] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6081] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... futex resumed>) = 1 [pid 6081] ftruncate(4, 2048) = 0 [pid 6081] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... futex resumed>) = 1 [pid 6081] lseek(4, 0, SEEK_END) = 2048 [pid 6081] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 181.975624][ T6081] loop0: detected capacity change from 0 to 4096 [ 181.984734][ T6081] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6081] open("./bus", O_RDONLY) = 5 [pid 6081] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6080] <... futex resumed>) = 0 [pid 6080] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6081] <... futex resumed>) = 1 [ 182.030281][ T27] audit: type=1804 audit(1671454762.769:334): pid=6081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/332/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6081] sendfile(4, 5, NULL, 145139829833722 [pid 6080] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6080] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6080] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6080] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6080] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6082 attached , parent_tid=[6082], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6082 [pid 6082] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6082] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6080] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6080] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 0 [pid 6082] sendfile(4, 5, NULL, 145139829833722 [pid 6080] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6080] exit_group(0) = ? [pid 6081] <... sendfile resumed>) = ? [pid 6082] <... sendfile resumed>) = ? [pid 6081] +++ exited with 0 +++ [pid 6082] +++ exited with 0 +++ [pid 6080] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6080, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./332/binderfs") = 0 umount2("./332/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./332/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./332/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6083 ./strace-static-x86_64: Process 6083 attached [pid 6083] set_robust_list(0x5555556365e0, 24) = 0 [pid 6083] chdir("./333") = 0 [pid 6083] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6083] setpgid(0, 0) = 0 [pid 6083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6083] write(3, "1000", 4) = 4 [pid 6083] close(3) = 0 [pid 6083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6083] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6083] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6084], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6084 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6084 attached [pid 6084] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6084] memfd_create("syzkaller", 0) = 3 [pid 6084] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6084] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6084] munmap(0x7f5499e77000, 2097152) = 0 [pid 6084] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6084] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6084] close(3) = 0 [pid 6084] mkdir("./bus", 0777) = 0 [pid 6084] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6084] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6084] chdir("./bus") = 0 [pid 6084] ioctl(4, LOOP_CLR_FD) = 0 [pid 6084] close(4) = 0 [pid 6084] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... futex resumed>) = 1 [pid 6084] creat("./bus", 000) = 4 [pid 6084] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... futex resumed>) = 1 [pid 6084] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6084] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... futex resumed>) = 1 [pid 6084] ftruncate(4, 2048) = 0 [pid 6084] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... futex resumed>) = 1 [pid 6084] lseek(4, 0, SEEK_END) = 2048 [ 182.373199][ T6084] loop0: detected capacity change from 0 to 4096 [ 182.382838][ T6084] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6084] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... futex resumed>) = 1 [pid 6084] open("./bus", O_RDONLY) = 5 [pid 6084] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6084] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6083] <... futex resumed>) = 0 [pid 6083] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6084] <... futex resumed>) = 0 [pid 6084] sendfile(4, 5, NULL, 145139829833722 [pid 6083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6083] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6083] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 182.422182][ T27] audit: type=1804 audit(1671454763.169:335): pid=6084 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/333/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6083] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6083] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6085 attached , parent_tid=[6085], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6085 [pid 6083] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6083] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6085] sendfile(4, 5, NULL, 145139829833722 [pid 6083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6083] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6083] exit_group(0 [pid 6084] <... sendfile resumed>) = ? [pid 6083] <... exit_group resumed>) = ? [pid 6084] +++ exited with 0 +++ [pid 6085] <... sendfile resumed>) = ? [pid 6085] +++ exited with 0 +++ [pid 6083] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6083, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./333/binderfs") = 0 umount2("./333/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./333/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./333/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6086 ./strace-static-x86_64: Process 6086 attached [pid 6086] set_robust_list(0x5555556365e0, 24) = 0 [pid 6086] chdir("./334") = 0 [pid 6086] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6086] setpgid(0, 0) = 0 [pid 6086] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6086] write(3, "1000", 4) = 4 [pid 6086] close(3) = 0 [pid 6086] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6086] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6086] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6087 attached , parent_tid=[6087], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6087 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6087] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6087] memfd_create("syzkaller", 0) = 3 [pid 6087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6087] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6087] munmap(0x7f5499e77000, 2097152) = 0 [pid 6087] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6087] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6087] close(3) = 0 [pid 6087] mkdir("./bus", 0777) = 0 [pid 6087] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6087] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6087] chdir("./bus") = 0 [pid 6087] ioctl(4, LOOP_CLR_FD) = 0 [pid 6087] close(4) = 0 [pid 6087] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 1 [pid 6087] creat("./bus", 000) = 4 [pid 6087] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 1 [pid 6087] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6087] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 1 [pid 6087] ftruncate(4, 2048) = 0 [pid 6087] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 1 [pid 6087] lseek(4, 0, SEEK_END) = 2048 [pid 6087] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 1 [ 182.752111][ T6087] loop0: detected capacity change from 0 to 4096 [ 182.761438][ T6087] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6087] open("./bus", O_RDONLY) = 5 [pid 6087] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6086] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6087] <... futex resumed>) = 0 [ 182.801703][ T27] audit: type=1804 audit(1671454763.549:336): pid=6087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/334/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6087] sendfile(4, 5, NULL, 145139829833722 [pid 6086] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6086] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6086] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6086] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6086] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6088 attached [pid 6088] set_robust_list(0x7f549a0769e0, 24 [pid 6086] <... clone resumed>, parent_tid=[6088], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6088 [pid 6088] <... set_robust_list resumed>) = 0 [pid 6086] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] sendfile(4, 5, NULL, 145139829833722 [pid 6086] <... futex resumed>) = 0 [pid 6086] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6086] exit_group(0) = ? [pid 6088] <... sendfile resumed>) = ? [pid 6088] +++ exited with 0 +++ [pid 6087] <... sendfile resumed>) = ? [pid 6087] +++ exited with 0 +++ [pid 6086] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6086, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./334/binderfs") = 0 umount2("./334/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./334/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./334/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6089 ./strace-static-x86_64: Process 6089 attached [pid 6089] set_robust_list(0x5555556365e0, 24) = 0 [pid 6089] chdir("./335") = 0 [pid 6089] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6089] setpgid(0, 0) = 0 [pid 6089] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6089] write(3, "1000", 4) = 4 [pid 6089] close(3) = 0 [pid 6089] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6089] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6089] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6090 attached , parent_tid=[6090], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6090 [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6090] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6090] memfd_create("syzkaller", 0) = 3 [pid 6090] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6090] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6090] munmap(0x7f5499e77000, 2097152) = 0 [pid 6090] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6090] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6090] close(3) = 0 [pid 6090] mkdir("./bus", 0777) = 0 [pid 6090] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6090] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6090] chdir("./bus") = 0 [pid 6090] ioctl(4, LOOP_CLR_FD) = 0 [pid 6090] close(4) = 0 [pid 6090] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = 0 [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] <... futex resumed>) = 1 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] creat("./bus", 000) = 4 [pid 6090] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] <... futex resumed>) = 0 [pid 6090] <... futex resumed>) = 1 [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6089] <... futex resumed>) = 0 [pid 6090] <... fcntl resumed>) = 0 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6089] <... futex resumed>) = 0 [pid 6090] ftruncate(4, 2048 [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... ftruncate resumed>) = 0 [pid 6089] <... futex resumed>) = 0 [pid 6090] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] lseek(4, 0, SEEK_END [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... lseek resumed>) = 2048 [pid 6089] <... futex resumed>) = 0 [pid 6090] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6090] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6090] open("./bus", O_RDONLY [ 183.138326][ T6090] loop0: detected capacity change from 0 to 4096 [ 183.147819][ T6090] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] <... open resumed>) = 5 [pid 6090] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6089] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6089] <... futex resumed>) = 1 [pid 6090] sendfile(4, 5, NULL, 145139829833722 [pid 6089] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6089] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6089] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 183.198207][ T27] audit: type=1804 audit(1671454763.939:337): pid=6090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/335/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6089] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6089] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6091 attached , parent_tid=[6091], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6091 [pid 6091] set_robust_list(0x7f549a0769e0, 24 [pid 6089] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... set_robust_list resumed>) = 0 [pid 6091] sendfile(4, 5, NULL, 145139829833722 [pid 6089] <... futex resumed>) = 0 [pid 6089] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6089] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6089] exit_group(0) = ? [pid 6091] <... sendfile resumed>) = ? [pid 6091] +++ exited with 0 +++ [pid 6090] <... sendfile resumed>) = ? [pid 6090] +++ exited with 0 +++ [pid 6089] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6089, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./335/binderfs") = 0 umount2("./335/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./335/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./335/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6092 ./strace-static-x86_64: Process 6092 attached [pid 6092] set_robust_list(0x5555556365e0, 24) = 0 [pid 6092] chdir("./336") = 0 [pid 6092] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6092] setpgid(0, 0) = 0 [pid 6092] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6092] write(3, "1000", 4) = 4 [pid 6092] close(3) = 0 [pid 6092] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6092] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6092] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6093 attached [pid 6093] set_robust_list(0x7f54a22979e0, 24 [pid 6092] <... clone resumed>, parent_tid=[6093], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6093 [pid 6093] <... set_robust_list resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6093] memfd_create("syzkaller", 0) = 3 [pid 6093] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6093] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6093] munmap(0x7f5499e77000, 2097152) = 0 [pid 6093] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6093] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6093] close(3) = 0 [pid 6093] mkdir("./bus", 0777) = 0 [pid 6093] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6093] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6093] chdir("./bus") = 0 [pid 6093] ioctl(4, LOOP_CLR_FD) = 0 [pid 6093] close(4) = 0 [pid 6093] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6093] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... futex resumed>) = 0 [pid 6093] creat("./bus", 000) = 4 [pid 6093] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6093] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... futex resumed>) = 1 [pid 6093] ftruncate(4, 2048) = 0 [pid 6093] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] lseek(4, 0, SEEK_END) = 2048 [pid 6093] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] open("./bus", O_RDONLY) = 5 [pid 6093] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 183.532462][ T6093] loop0: detected capacity change from 0 to 4096 [ 183.542038][ T6093] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6093] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6092] <... futex resumed>) = 0 [pid 6092] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6092] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6093] <... futex resumed>) = 0 [pid 6093] sendfile(4, 5, NULL, 145139829833722 [pid 6092] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6092] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6092] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6092] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [ 183.584325][ T27] audit: type=1804 audit(1671454764.329:338): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/336/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6092] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6094], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6094 ./strace-static-x86_64: Process 6094 attached [pid 6092] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6094] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6094] sendfile(4, 5, NULL, 145139829833722 [pid 6092] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6092] exit_group(0) = ? [pid 6094] <... sendfile resumed>) = ? [pid 6093] <... sendfile resumed>) = ? [pid 6094] +++ exited with 0 +++ [pid 6093] +++ exited with 0 +++ [pid 6092] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6092, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./336/binderfs") = 0 umount2("./336/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./336/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./336/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6095 ./strace-static-x86_64: Process 6095 attached [pid 6095] set_robust_list(0x5555556365e0, 24) = 0 [pid 6095] chdir("./337") = 0 [pid 6095] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6095] setpgid(0, 0) = 0 [pid 6095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6095] write(3, "1000", 4) = 4 [pid 6095] close(3) = 0 [pid 6095] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6095] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6095] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6096 attached , parent_tid=[6096], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6096 [pid 6096] set_robust_list(0x7f54a22979e0, 24 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... set_robust_list resumed>) = 0 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6096] memfd_create("syzkaller", 0) = 3 [pid 6096] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6096] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6096] munmap(0x7f5499e77000, 2097152) = 0 [pid 6096] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6096] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6096] close(3) = 0 [pid 6096] mkdir("./bus", 0777) = 0 [pid 6096] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6096] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6096] chdir("./bus") = 0 [pid 6096] ioctl(4, LOOP_CLR_FD) = 0 [pid 6096] close(4) = 0 [pid 6096] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... futex resumed>) = 0 [pid 6096] creat("./bus", 000) = 4 [pid 6096] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... futex resumed>) = 1 [pid 6096] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6096] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... futex resumed>) = 1 [pid 6096] ftruncate(4, 2048) = 0 [pid 6096] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... futex resumed>) = 1 [pid 6096] lseek(4, 0, SEEK_END) = 2048 [pid 6096] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] open("./bus", O_RDONLY) = 5 [ 183.913591][ T6096] loop0: detected capacity change from 0 to 4096 [ 183.922925][ T6096] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6096] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6095] <... futex resumed>) = 0 [pid 6095] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6095] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6096] <... futex resumed>) = 0 [pid 6096] sendfile(4, 5, NULL, 145139829833722 [pid 6095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6095] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6095] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6095] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6097], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6097 [ 183.972683][ T27] audit: type=1804 audit(1671454764.719:339): pid=6096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/337/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6095] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6095] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6097 attached [pid 6097] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6097] sendfile(4, 5, NULL, 145139829833722 [pid 6095] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6095] exit_group(0) = ? [pid 6097] <... sendfile resumed>) = ? [pid 6097] +++ exited with 0 +++ [pid 6096] <... sendfile resumed>) = ? [pid 6096] +++ exited with 0 +++ [pid 6095] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6095, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./337/binderfs") = 0 umount2("./337/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./337/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./337/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6098 ./strace-static-x86_64: Process 6098 attached [pid 6098] set_robust_list(0x5555556365e0, 24) = 0 [pid 6098] chdir("./338") = 0 [pid 6098] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6098] setpgid(0, 0) = 0 [pid 6098] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6098] write(3, "1000", 4) = 4 [pid 6098] close(3) = 0 [pid 6098] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6098] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6098] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6099], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6099 [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6099 attached [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6099] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6099] memfd_create("syzkaller", 0) = 3 [pid 6099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6099] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6099] munmap(0x7f5499e77000, 2097152) = 0 [pid 6099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6099] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6099] close(3) = 0 [pid 6099] mkdir("./bus", 0777) = 0 [pid 6099] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6099] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6099] chdir("./bus") = 0 [pid 6099] ioctl(4, LOOP_CLR_FD) = 0 [pid 6099] close(4) = 0 [pid 6099] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] <... futex resumed>) = 0 [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... futex resumed>) = 1 [pid 6099] creat("./bus", 000) = 4 [pid 6099] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6098] <... futex resumed>) = 0 [pid 6099] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... fcntl resumed>) = 0 [pid 6099] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6098] <... futex resumed>) = 0 [pid 6099] ftruncate(4, 2048 [ 184.285539][ T6099] loop0: detected capacity change from 0 to 4096 [ 184.294869][ T6099] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... ftruncate resumed>) = 0 [pid 6099] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6098] <... futex resumed>) = 0 [pid 6099] lseek(4, 0, SEEK_END [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... lseek resumed>) = 2048 [pid 6098] <... futex resumed>) = 0 [pid 6099] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6099] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] open("./bus", O_RDONLY [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] <... open resumed>) = 5 [pid 6099] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6098] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6099] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = 1 [pid 6099] sendfile(4, 5, NULL, 145139829833722 [pid 6098] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6098] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6098] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6098] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6098] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6100 attached [pid 6100] set_robust_list(0x7f549a0769e0, 24) = 0 [ 184.348905][ T27] audit: type=1804 audit(1671454765.089:340): pid=6099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/338/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6100] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6098] <... clone resumed>, parent_tid=[6100], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6100 [pid 6098] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6098] <... futex resumed>) = 1 [pid 6100] sendfile(4, 5, NULL, 145139829833722 [pid 6098] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6098] exit_group(0) = ? [pid 6099] <... sendfile resumed>) = ? [pid 6100] <... sendfile resumed>) = ? [pid 6099] +++ exited with 0 +++ [pid 6100] +++ exited with 0 +++ [pid 6098] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6098, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./338/binderfs") = 0 umount2("./338/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./338/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./338/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6101 ./strace-static-x86_64: Process 6101 attached [pid 6101] set_robust_list(0x5555556365e0, 24) = 0 [pid 6101] chdir("./339") = 0 [pid 6101] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6101] setpgid(0, 0) = 0 [pid 6101] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6101] write(3, "1000", 4) = 4 [pid 6101] close(3) = 0 [pid 6101] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6101] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6101] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6102 attached , parent_tid=[6102], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6102 [pid 6102] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6102] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 0 [pid 6102] memfd_create("syzkaller", 0) = 3 [pid 6102] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6102] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6102] munmap(0x7f5499e77000, 2097152) = 0 [pid 6102] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6102] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6102] close(3) = 0 [pid 6102] mkdir("./bus", 0777) = 0 [pid 6102] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6102] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6102] chdir("./bus") = 0 [pid 6102] ioctl(4, LOOP_CLR_FD) = 0 [ 184.687231][ T6102] loop0: detected capacity change from 0 to 4096 [ 184.696515][ T6102] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6102] close(4) = 0 [pid 6102] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 1 [pid 6102] creat("./bus", 000) = 4 [pid 6102] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 1 [pid 6102] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6102] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 1 [pid 6102] ftruncate(4, 2048) = 0 [pid 6102] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 1 [pid 6102] lseek(4, 0, SEEK_END) = 2048 [pid 6102] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] <... futex resumed>) = 0 [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 1 [pid 6102] open("./bus", O_RDONLY) = 5 [pid 6102] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] <... futex resumed>) = 0 [pid 6102] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6101] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6102] <... futex resumed>) = 0 [ 184.727944][ T27] audit: type=1804 audit(1671454765.469:341): pid=6102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/339/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6102] sendfile(4, 5, NULL, 145139829833722 [pid 6101] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6101] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6101] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6101] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6101] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6103], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6103 ./strace-static-x86_64: Process 6103 attached [pid 6103] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6103] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6101] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6103] <... futex resumed>) = 0 [pid 6103] sendfile(4, 5, NULL, 145139829833722 [pid 6101] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6101] exit_group(0) = ? [pid 6102] <... sendfile resumed>) = ? [pid 6102] +++ exited with 0 +++ [pid 6103] <... sendfile resumed>) = ? [pid 6103] +++ exited with 0 +++ [pid 6101] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6101, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./339/binderfs") = 0 umount2("./339/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./339/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./339/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6104 ./strace-static-x86_64: Process 6104 attached [pid 6104] set_robust_list(0x5555556365e0, 24) = 0 [pid 6104] chdir("./340") = 0 [pid 6104] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6104] setpgid(0, 0) = 0 [pid 6104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6104] write(3, "1000", 4) = 4 [pid 6104] close(3) = 0 [pid 6104] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6104] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6104] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6105], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6105 ./strace-static-x86_64: Process 6105 attached [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6105] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6105] memfd_create("syzkaller", 0) = 3 [pid 6105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6105] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6105] munmap(0x7f5499e77000, 2097152) = 0 [pid 6105] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6105] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6105] close(3) = 0 [pid 6105] mkdir("./bus", 0777) = 0 [pid 6105] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6105] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6105] chdir("./bus") = 0 [pid 6105] ioctl(4, LOOP_CLR_FD) = 0 [pid 6105] close(4) = 0 [pid 6105] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6105] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... futex resumed>) = 0 [pid 6105] creat("./bus", 000) = 4 [pid 6105] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... futex resumed>) = 1 [pid 6105] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6105] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... futex resumed>) = 1 [pid 6105] ftruncate(4, 2048) = 0 [pid 6105] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = 0 [pid 6105] <... futex resumed>) = 1 [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] lseek(4, 0, SEEK_END [pid 6104] <... futex resumed>) = 0 [pid 6105] <... lseek resumed>) = 2048 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6104] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6105] <... futex resumed>) = 0 [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] open("./bus", O_RDONLY [pid 6104] <... futex resumed>) = 0 [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6105] <... open resumed>) = 5 [pid 6105] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6104] <... futex resumed>) = 0 [pid 6105] sendfile(4, 5, NULL, 145139829833722 [pid 6104] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 185.076134][ T6105] loop0: detected capacity change from 0 to 4096 [ 185.096268][ T6105] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6104] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6104] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6104] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6104] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6106 attached , parent_tid=[6106], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6106 [pid 6106] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6106] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6104] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6106] <... futex resumed>) = 0 [pid 6104] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] sendfile(4, 5, NULL, 145139829833722 [pid 6104] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6104] exit_group(0 [pid 6106] <... sendfile resumed>) = ? [pid 6104] <... exit_group resumed>) = ? [pid 6106] +++ exited with 0 +++ [pid 6105] <... sendfile resumed>) = ? [pid 6105] +++ exited with 0 +++ [pid 6104] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6104, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./340/binderfs") = 0 umount2("./340/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./340/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./340/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6107 ./strace-static-x86_64: Process 6107 attached [pid 6107] set_robust_list(0x5555556365e0, 24) = 0 [pid 6107] chdir("./341") = 0 [pid 6107] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6107] setpgid(0, 0) = 0 [pid 6107] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6107] write(3, "1000", 4) = 4 [pid 6107] close(3) = 0 [pid 6107] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6107] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6107] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6108], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6108 [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6108 attached [pid 6108] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6108] memfd_create("syzkaller", 0) = 3 [pid 6108] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6108] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6108] munmap(0x7f5499e77000, 2097152) = 0 [pid 6108] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6108] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6108] close(3) = 0 [pid 6108] mkdir("./bus", 0777) = 0 [pid 6108] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6108] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6108] chdir("./bus") = 0 [pid 6108] ioctl(4, LOOP_CLR_FD) = 0 [pid 6108] close(4) = 0 [pid 6108] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6107] <... futex resumed>) = 0 [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... futex resumed>) = 0 [pid 6108] creat("./bus", 000) = 4 [pid 6108] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] <... futex resumed>) = 0 [pid 6108] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6107] <... futex resumed>) = 0 [pid 6108] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... fcntl resumed>) = 0 [pid 6108] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] <... futex resumed>) = 0 [pid 6108] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] ftruncate(4, 2048) = 0 [pid 6108] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6107] <... futex resumed>) = 0 [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] lseek(4, 0, SEEK_END) = 2048 [pid 6108] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] <... futex resumed>) = 0 [pid 6108] open("./bus", O_RDONLY [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6108] <... open resumed>) = 5 [pid 6108] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6107] <... futex resumed>) = 0 [pid 6108] sendfile(4, 5, NULL, 145139829833722 [pid 6107] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 185.469772][ T6108] loop0: detected capacity change from 0 to 4096 [ 185.479174][ T6108] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6107] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6107] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6107] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6107] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6109], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6109 [pid 6107] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6107] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6109 attached [pid 6109] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6109] sendfile(4, 5, NULL, 145139829833722 [pid 6107] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6107] exit_group(0) = ? [pid 6108] <... sendfile resumed>) = ? [pid 6108] +++ exited with 0 +++ [pid 6109] <... sendfile resumed>) = ? [pid 6109] +++ exited with 0 +++ [pid 6107] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6107, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./341/binderfs") = 0 umount2("./341/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./341/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./341/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6110 ./strace-static-x86_64: Process 6110 attached [pid 6110] set_robust_list(0x5555556365e0, 24) = 0 [pid 6110] chdir("./342") = 0 [pid 6110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6110] setpgid(0, 0) = 0 [pid 6110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6110] write(3, "1000", 4) = 4 [pid 6110] close(3) = 0 [pid 6110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6110] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6110] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6111], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6111 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6111] memfd_create("syzkaller", 0) = 3 [pid 6111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6111] munmap(0x7f5499e77000, 2097152) = 0 [pid 6111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6111] close(3) = 0 [pid 6111] mkdir("./bus", 0777) = 0 [pid 6111] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6111] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6111] chdir("./bus") = 0 [pid 6111] ioctl(4, LOOP_CLR_FD) = 0 [pid 6111] close(4) = 0 [pid 6111] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... futex resumed>) = 1 [pid 6111] creat("./bus", 000) = 4 [pid 6111] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... futex resumed>) = 1 [pid 6111] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6111] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... futex resumed>) = 1 [pid 6111] ftruncate(4, 2048) = 0 [pid 6111] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... futex resumed>) = 1 [pid 6111] lseek(4, 0, SEEK_END) = 2048 [pid 6111] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... futex resumed>) = 1 [pid 6111] open("./bus", O_RDONLY) = 5 [pid 6111] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6110] <... futex resumed>) = 0 [pid 6110] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6111] <... futex resumed>) = 1 [ 185.852319][ T6111] loop0: detected capacity change from 0 to 4096 [ 185.861395][ T6111] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6111] sendfile(4, 5, NULL, 145139829833722 [pid 6110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6110] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6110] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6110] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6110] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6112 attached , parent_tid=[6112], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6112 [pid 6110] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6110] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6112] sendfile(4, 5, NULL, 145139829833722 [pid 6110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6110] exit_group(0) = ? [pid 6111] <... sendfile resumed>) = ? [pid 6112] <... sendfile resumed>) = ? [pid 6112] +++ exited with 0 +++ [pid 6111] +++ exited with 0 +++ [pid 6110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6110, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./342/binderfs") = 0 umount2("./342/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./342/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./342/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6113 ./strace-static-x86_64: Process 6113 attached [pid 6113] set_robust_list(0x5555556365e0, 24) = 0 [pid 6113] chdir("./343") = 0 [pid 6113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6113] setpgid(0, 0) = 0 [pid 6113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6113] write(3, "1000", 4) = 4 [pid 6113] close(3) = 0 [pid 6113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6113] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6113] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6114], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6114 ./strace-static-x86_64: Process 6114 attached [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6114] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6114] memfd_create("syzkaller", 0) = 3 [pid 6114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6114] munmap(0x7f5499e77000, 2097152) = 0 [pid 6114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6114] close(3) = 0 [pid 6114] mkdir("./bus", 0777) = 0 [pid 6114] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6114] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6114] chdir("./bus") = 0 [pid 6114] ioctl(4, LOOP_CLR_FD) = 0 [pid 6114] close(4) = 0 [pid 6114] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 1 [pid 6114] creat("./bus", 000) = 4 [pid 6114] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 1 [pid 6114] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6114] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] ftruncate(4, 2048) = 0 [pid 6114] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 1 [pid 6114] lseek(4, 0, SEEK_END) = 2048 [pid 6114] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 1 [pid 6114] open("./bus", O_RDONLY) = 5 [ 186.219261][ T6114] loop0: detected capacity change from 0 to 4096 [ 186.228996][ T6114] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6114] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6113] <... futex resumed>) = 0 [pid 6113] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6113] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6114] <... futex resumed>) = 0 [pid 6114] sendfile(4, 5, NULL, 145139829833722 [pid 6113] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6113] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6113] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6113] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6115 attached , parent_tid=[6115], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6115 [pid 6113] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] set_robust_list(0x7f549a0769e0, 24 [pid 6113] <... futex resumed>) = 0 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6115] sendfile(4, 5, NULL, 145139829833722 [ 186.277382][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 186.277395][ T27] audit: type=1804 audit(1671454767.019:345): pid=6114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/343/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6113] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6113] exit_group(0) = ? [pid 6115] <... sendfile resumed>) = ? [pid 6115] +++ exited with 0 +++ [pid 6114] <... sendfile resumed>) = ? [pid 6114] +++ exited with 0 +++ [pid 6113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6113, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./343/binderfs") = 0 umount2("./343/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./343/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./343/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./343/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6116 ./strace-static-x86_64: Process 6116 attached [pid 6116] set_robust_list(0x5555556365e0, 24) = 0 [pid 6116] chdir("./344") = 0 [pid 6116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6116] setpgid(0, 0) = 0 [pid 6116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6116] write(3, "1000", 4) = 4 [pid 6116] close(3) = 0 [pid 6116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6116] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6116] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6117], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6117 [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6117 attached [pid 6117] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6117] memfd_create("syzkaller", 0) = 3 [pid 6117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6117] munmap(0x7f5499e77000, 2097152) = 0 [pid 6117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6117] close(3) = 0 [pid 6117] mkdir("./bus", 0777) = 0 [pid 6117] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6117] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6117] chdir("./bus") = 0 [pid 6117] ioctl(4, LOOP_CLR_FD) = 0 [pid 6117] close(4) = 0 [pid 6117] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6117] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6116] <... futex resumed>) = 0 [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] <... futex resumed>) = 0 [pid 6117] creat("./bus", 000) = 4 [pid 6117] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6116] <... futex resumed>) = 0 [pid 6117] <... futex resumed>) = 1 [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6116] <... futex resumed>) = 0 [pid 6117] <... fcntl resumed>) = 0 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6116] <... futex resumed>) = 0 [pid 6117] ftruncate(4, 2048 [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] <... ftruncate resumed>) = 0 [pid 6117] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6116] <... futex resumed>) = 0 [pid 6117] lseek(4, 0, SEEK_END [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... lseek resumed>) = 2048 [pid 6116] <... futex resumed>) = 0 [pid 6117] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] <... futex resumed>) = 0 [pid 6116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] open("./bus", O_RDONLY [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... open resumed>) = 5 [pid 6116] <... futex resumed>) = 0 [ 186.601438][ T6117] loop0: detected capacity change from 0 to 4096 [ 186.610686][ T6117] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6117] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6117] <... futex resumed>) = 0 [pid 6116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] sendfile(4, 5, NULL, 145139829833722 [pid 6116] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6116] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6116] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6116] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6118], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6118 ./strace-static-x86_64: Process 6118 attached [pid 6116] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6116] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] set_robust_list(0x7f549a0769e0, 24) = 0 [ 186.656226][ T27] audit: type=1804 audit(1671454767.399:346): pid=6117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/344/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6118] sendfile(4, 5, NULL, 145139829833722 [pid 6116] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6116] exit_group(0) = ? [pid 6117] <... sendfile resumed>) = ? [pid 6118] <... sendfile resumed>) = ? [pid 6117] +++ exited with 0 +++ [pid 6118] +++ exited with 0 +++ [pid 6116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6116, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./344/binderfs") = 0 umount2("./344/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./344/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./344/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6119 ./strace-static-x86_64: Process 6119 attached [pid 6119] set_robust_list(0x5555556365e0, 24) = 0 [pid 6119] chdir("./345") = 0 [pid 6119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6119] setpgid(0, 0) = 0 [pid 6119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6119] write(3, "1000", 4) = 4 [pid 6119] close(3) = 0 [pid 6119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6119] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6120], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6120 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6120 attached [pid 6120] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6120] memfd_create("syzkaller", 0) = 3 [pid 6120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6120] munmap(0x7f5499e77000, 2097152) = 0 [pid 6120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6120] close(3) = 0 [pid 6120] mkdir("./bus", 0777) = 0 [pid 6120] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6120] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6120] chdir("./bus") = 0 [pid 6120] ioctl(4, LOOP_CLR_FD) = 0 [pid 6120] close(4) = 0 [pid 6120] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... futex resumed>) = 0 [pid 6120] creat("./bus", 000) = 4 [pid 6120] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... futex resumed>) = 1 [pid 6120] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6120] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] ftruncate(4, 2048) = 0 [pid 6120] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... futex resumed>) = 1 [pid 6120] lseek(4, 0, SEEK_END) = 2048 [pid 6120] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... futex resumed>) = 1 [ 186.981611][ T6120] loop0: detected capacity change from 0 to 4096 [ 186.990579][ T6120] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6120] open("./bus", O_RDONLY) = 5 [pid 6120] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6120] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6119] <... futex resumed>) = 0 [pid 6119] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6119] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6120] <... futex resumed>) = 0 [pid 6120] sendfile(4, 5, NULL, 145139829833722 [pid 6119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6119] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6119] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6121], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6121 ./strace-static-x86_64: Process 6121 attached [pid 6119] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6119] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] set_robust_list(0x7f549a0769e0, 24) = 0 [ 187.034172][ T27] audit: type=1804 audit(1671454767.779:347): pid=6120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/345/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6121] sendfile(4, 5, NULL, 145139829833722 [pid 6119] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6119] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6119] exit_group(0) = ? [pid 6120] <... sendfile resumed>) = ? [pid 6121] <... sendfile resumed>) = ? [pid 6121] +++ exited with 0 +++ [pid 6120] +++ exited with 0 +++ [pid 6119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6119, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./345/binderfs") = 0 umount2("./345/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./345/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./345/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6122 ./strace-static-x86_64: Process 6122 attached [pid 6122] set_robust_list(0x5555556365e0, 24) = 0 [pid 6122] chdir("./346") = 0 [pid 6122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6122] setpgid(0, 0) = 0 [pid 6122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6122] write(3, "1000", 4) = 4 [pid 6122] close(3) = 0 [pid 6122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6122] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6123], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6123 ./strace-static-x86_64: Process 6123 attached [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] set_robust_list(0x7f54a22979e0, 24 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6123] <... set_robust_list resumed>) = 0 [pid 6123] memfd_create("syzkaller", 0) = 3 [pid 6123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6123] munmap(0x7f5499e77000, 2097152) = 0 [pid 6123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6123] close(3) = 0 [pid 6123] mkdir("./bus", 0777) = 0 [pid 6123] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6123] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6123] chdir("./bus") = 0 [pid 6123] ioctl(4, LOOP_CLR_FD) = 0 [pid 6123] close(4) = 0 [pid 6123] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... futex resumed>) = 1 [pid 6123] creat("./bus", 000) = 4 [pid 6123] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6123] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] ftruncate(4, 2048) = 0 [pid 6123] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... futex resumed>) = 1 [pid 6123] lseek(4, 0, SEEK_END) = 2048 [pid 6123] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... futex resumed>) = 1 [ 187.360664][ T6123] loop0: detected capacity change from 0 to 4096 [ 187.370063][ T6123] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6123] open("./bus", O_RDONLY) = 5 [pid 6123] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6122] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6123] <... futex resumed>) = 0 [ 187.407676][ T27] audit: type=1804 audit(1671454768.149:348): pid=6123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/346/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6123] sendfile(4, 5, NULL, 145139829833722 [pid 6122] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6122] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6122] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6122] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6124 attached [pid 6124] set_robust_list(0x7f549a0769e0, 24 [pid 6122] <... clone resumed>, parent_tid=[6124], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6124 [pid 6124] <... set_robust_list resumed>) = 0 [pid 6122] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] sendfile(4, 5, NULL, 145139829833722 [pid 6122] <... futex resumed>) = 0 [pid 6122] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6122] exit_group(0) = ? [pid 6124] <... sendfile resumed>) = ? [pid 6124] +++ exited with 0 +++ [pid 6123] <... sendfile resumed>) = ? [pid 6123] +++ exited with 0 +++ [pid 6122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6122, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./346/binderfs") = 0 umount2("./346/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./346/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./346/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6125 ./strace-static-x86_64: Process 6125 attached [pid 6125] set_robust_list(0x5555556365e0, 24) = 0 [pid 6125] chdir("./347") = 0 [pid 6125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6125] setpgid(0, 0) = 0 [pid 6125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6125] write(3, "1000", 4) = 4 [pid 6125] close(3) = 0 [pid 6125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6125] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6125] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6126], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6126 [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6126 attached [pid 6126] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6126] memfd_create("syzkaller", 0) = 3 [pid 6126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6126] munmap(0x7f5499e77000, 2097152) = 0 [pid 6126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6126] close(3) = 0 [pid 6126] mkdir("./bus", 0777) = 0 [pid 6126] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6126] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6126] chdir("./bus") = 0 [pid 6126] ioctl(4, LOOP_CLR_FD) = 0 [pid 6126] close(4) = 0 [pid 6126] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6125] <... futex resumed>) = 0 [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] <... futex resumed>) = 1 [pid 6126] creat("./bus", 000) = 4 [pid 6126] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6126] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... fcntl resumed>) = 0 [pid 6125] <... futex resumed>) = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] ftruncate(4, 2048) = 0 [pid 6126] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] lseek(4, 0, SEEK_END) = 2048 [pid 6126] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6125] <... futex resumed>) = 0 [pid 6126] open("./bus", O_RDONLY [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6126] <... open resumed>) = 5 [pid 6126] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 187.736774][ T6126] loop0: detected capacity change from 0 to 4096 [ 187.745748][ T6126] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6126] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6125] <... futex resumed>) = 0 [pid 6125] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6126] <... futex resumed>) = 0 [pid 6125] <... futex resumed>) = 1 [pid 6126] sendfile(4, 5, NULL, 145139829833722 [pid 6125] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6125] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6125] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6125] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6127], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6127 [pid 6125] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6125] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6127 attached [pid 6127] set_robust_list(0x7f549a0769e0, 24) = 0 [ 187.788993][ T27] audit: type=1804 audit(1671454768.529:349): pid=6126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/347/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6127] sendfile(4, 5, NULL, 145139829833722 [pid 6125] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6125] exit_group(0) = ? [pid 6126] <... sendfile resumed>) = ? [pid 6126] +++ exited with 0 +++ [pid 6127] <... sendfile resumed>) = ? [pid 6127] +++ exited with 0 +++ [pid 6125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6125, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./347/binderfs") = 0 umount2("./347/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./347/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./347/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6128 ./strace-static-x86_64: Process 6128 attached [pid 6128] set_robust_list(0x5555556365e0, 24) = 0 [pid 6128] chdir("./348") = 0 [pid 6128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6128] setpgid(0, 0) = 0 [pid 6128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6128] write(3, "1000", 4) = 4 [pid 6128] close(3) = 0 [pid 6128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6128] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6128] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6129 attached [pid 6129] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6129] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] <... clone resumed>, parent_tid=[6129], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6129 [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] <... futex resumed>) = 0 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6129] memfd_create("syzkaller", 0) = 3 [pid 6129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6129] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6129] munmap(0x7f5499e77000, 2097152) = 0 [pid 6129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6129] close(3) = 0 [pid 6129] mkdir("./bus", 0777) = 0 [pid 6129] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6129] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6129] chdir("./bus") = 0 [pid 6129] ioctl(4, LOOP_CLR_FD) = 0 [pid 6129] close(4) = 0 [pid 6129] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] <... futex resumed>) = 0 [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] creat("./bus", 000) = 4 [pid 6129] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] <... futex resumed>) = 0 [pid 6129] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] <... futex resumed>) = 0 [pid 6129] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6129] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... futex resumed>) = 0 [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] <... futex resumed>) = 1 [pid 6129] ftruncate(4, 2048) = 0 [pid 6129] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] <... futex resumed>) = 0 [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6129] <... futex resumed>) = 0 [pid 6129] lseek(4, 0, SEEK_END) = 2048 [pid 6129] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6128] <... futex resumed>) = 0 [pid 6129] open("./bus", O_RDONLY [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] <... open resumed>) = 5 [ 188.124876][ T6129] loop0: detected capacity change from 0 to 4096 [ 188.133982][ T6129] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6129] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6128] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... futex resumed>) = 0 [pid 6128] <... futex resumed>) = 1 [pid 6129] sendfile(4, 5, NULL, 145139829833722 [pid 6128] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6128] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6128] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6128] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6130 attached [pid 6130] set_robust_list(0x7f549a0769e0, 24 [pid 6128] <... clone resumed>, parent_tid=[6130], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6130 [pid 6130] <... set_robust_list resumed>) = 0 [pid 6128] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6130] sendfile(4, 5, NULL, 145139829833722 [pid 6128] <... futex resumed>) = 0 [ 188.178955][ T27] audit: type=1804 audit(1671454768.919:350): pid=6129 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/348/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6128] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6128] exit_group(0 [pid 6130] <... sendfile resumed>) = ? [pid 6128] <... exit_group resumed>) = ? [pid 6129] <... sendfile resumed>) = ? [pid 6130] +++ exited with 0 +++ [pid 6129] +++ exited with 0 +++ [pid 6128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6128, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./348/binderfs") = 0 umount2("./348/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./348/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./348/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6131 ./strace-static-x86_64: Process 6131 attached [pid 6131] set_robust_list(0x5555556365e0, 24) = 0 [pid 6131] chdir("./349") = 0 [pid 6131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6131] setpgid(0, 0) = 0 [pid 6131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6131] write(3, "1000", 4) = 4 [pid 6131] close(3) = 0 [pid 6131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6131] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6131] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6132], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6132 [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6132 attached [pid 6132] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6132] memfd_create("syzkaller", 0) = 3 [pid 6132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6132] munmap(0x7f5499e77000, 2097152) = 0 [pid 6132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6132] close(3) = 0 [pid 6132] mkdir("./bus", 0777) = 0 [pid 6132] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6132] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6132] chdir("./bus") = 0 [pid 6132] ioctl(4, LOOP_CLR_FD) = 0 [pid 6132] close(4) = 0 [pid 6132] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] <... futex resumed>) = 0 [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... futex resumed>) = 0 [pid 6132] creat("./bus", 000) = 4 [pid 6132] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = 0 [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] <... futex resumed>) = 1 [pid 6132] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6132] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] ftruncate(4, 2048) = 0 [pid 6132] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6131] <... futex resumed>) = 0 [pid 6132] lseek(4, 0, SEEK_END [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... lseek resumed>) = 2048 [pid 6131] <... futex resumed>) = 0 [pid 6132] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] <... futex resumed>) = 0 [pid 6131] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6132] open("./bus", O_RDONLY [ 188.509092][ T6132] loop0: detected capacity change from 0 to 4096 [ 188.518741][ T6132] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6132] <... open resumed>) = 5 [pid 6131] <... futex resumed>) = 0 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6132] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6131] <... futex resumed>) = 0 [pid 6131] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] <... futex resumed>) = 1 [pid 6131] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 188.556817][ T27] audit: type=1804 audit(1671454769.299:351): pid=6132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/349/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6132] sendfile(4, 5, NULL, 145139829833722 [pid 6131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6131] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6131] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6131] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6133], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6133 [pid 6131] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6131] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6133 attached [pid 6133] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6133] sendfile(4, 5, NULL, 145139829833722 [pid 6131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6131] exit_group(0) = ? [pid 6132] <... sendfile resumed>) = ? [pid 6132] +++ exited with 0 +++ [pid 6133] <... sendfile resumed>) = ? [pid 6133] +++ exited with 0 +++ [pid 6131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6131, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./349/binderfs") = 0 umount2("./349/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./349/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./349/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6134 ./strace-static-x86_64: Process 6134 attached [pid 6134] set_robust_list(0x5555556365e0, 24) = 0 [pid 6134] chdir("./350") = 0 [pid 6134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6134] setpgid(0, 0) = 0 [pid 6134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6134] write(3, "1000", 4) = 4 [pid 6134] close(3) = 0 [pid 6134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6134] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6135], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6135 [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6135 attached [pid 6135] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6135] memfd_create("syzkaller", 0) = 3 [pid 6135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6135] munmap(0x7f5499e77000, 2097152) = 0 [pid 6135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6135] close(3) = 0 [pid 6135] mkdir("./bus", 0777) = 0 [pid 6135] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6135] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6135] chdir("./bus") = 0 [pid 6135] ioctl(4, LOOP_CLR_FD) = 0 [pid 6135] close(4) = 0 [pid 6135] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... futex resumed>) = 0 [pid 6135] creat("./bus", 000) = 4 [pid 6135] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] <... futex resumed>) = 0 [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... futex resumed>) = 1 [pid 6135] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6135] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] ftruncate(4, 2048 [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] <... ftruncate resumed>) = 0 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6134] <... futex resumed>) = 0 [pid 6135] lseek(4, 0, SEEK_END [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... lseek resumed>) = 2048 [pid 6134] <... futex resumed>) = 0 [ 188.886274][ T6135] loop0: detected capacity change from 0 to 4096 [ 188.895541][ T6135] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6135] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] open("./bus", O_RDONLY [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... open resumed>) = 5 [pid 6134] <... futex resumed>) = 0 [pid 6135] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6135] <... futex resumed>) = 0 [pid 6134] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] sendfile(4, 5, NULL, 145139829833722 [pid 6134] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6134] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6134] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6134] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6136 attached [pid 6136] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6134] <... clone resumed>, parent_tid=[6136], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6136 [pid 6136] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6134] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] sendfile(4, 5, NULL, 145139829833722 [pid 6134] <... futex resumed>) = 0 [ 188.949733][ T27] audit: type=1804 audit(1671454769.689:352): pid=6135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/350/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6134] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6134] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6134] exit_group(0) = ? [pid 6135] <... sendfile resumed>) = ? [pid 6135] +++ exited with 0 +++ [pid 6136] <... sendfile resumed>) = ? [pid 6136] +++ exited with 0 +++ [pid 6134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6134, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./350/binderfs") = 0 umount2("./350/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./350/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./350/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./350/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6137 ./strace-static-x86_64: Process 6137 attached [pid 6137] set_robust_list(0x5555556365e0, 24) = 0 [pid 6137] chdir("./351") = 0 [pid 6137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6137] setpgid(0, 0) = 0 [pid 6137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6137] write(3, "1000", 4) = 4 [pid 6137] close(3) = 0 [pid 6137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6137] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6138], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6138 ./strace-static-x86_64: Process 6138 attached [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6138] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6138] memfd_create("syzkaller", 0) = 3 [pid 6138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6138] munmap(0x7f5499e77000, 2097152) = 0 [pid 6138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6138] close(3) = 0 [pid 6138] mkdir("./bus", 0777) = 0 [pid 6138] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6138] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6138] chdir("./bus") = 0 [pid 6138] ioctl(4, LOOP_CLR_FD) = 0 [pid 6138] close(4) = 0 [pid 6138] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 1 [ 189.278038][ T6138] loop0: detected capacity change from 0 to 4096 [ 189.287481][ T6138] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6138] creat("./bus", 000) = 4 [pid 6138] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 1 [pid 6138] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6138] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 1 [pid 6138] ftruncate(4, 2048) = 0 [pid 6138] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 1 [pid 6138] lseek(4, 0, SEEK_END) = 2048 [pid 6138] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 1 [pid 6138] open("./bus", O_RDONLY) = 5 [pid 6138] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6137] <... futex resumed>) = 0 [pid 6137] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6137] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6138] <... futex resumed>) = 0 [ 189.318612][ T27] audit: type=1804 audit(1671454770.059:353): pid=6138 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/351/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6138] sendfile(4, 5, NULL, 145139829833722 [pid 6137] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6137] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6137] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6137] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6139], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6139 [pid 6137] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6139 attached [pid 6139] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6139] sendfile(4, 5, NULL, 145139829833722 [pid 6137] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6137] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6137] exit_group(0) = ? [pid 6138] <... sendfile resumed>) = ? [pid 6138] +++ exited with 0 +++ [pid 6139] <... sendfile resumed>) = ? [pid 6139] +++ exited with 0 +++ [pid 6137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6137, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./351/binderfs") = 0 umount2("./351/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./351/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./351/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./351/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6140 ./strace-static-x86_64: Process 6140 attached [pid 6140] set_robust_list(0x5555556365e0, 24) = 0 [pid 6140] chdir("./352") = 0 [pid 6140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6140] setpgid(0, 0) = 0 [pid 6140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6140] write(3, "1000", 4) = 4 [pid 6140] close(3) = 0 [pid 6140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6140] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6141 attached , parent_tid=[6141], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6141 [pid 6141] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6141] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 0 [pid 6141] memfd_create("syzkaller", 0) = 3 [pid 6141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6141] munmap(0x7f5499e77000, 2097152) = 0 [pid 6141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6141] close(3) = 0 [pid 6141] mkdir("./bus", 0777) = 0 [pid 6141] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6141] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6141] chdir("./bus") = 0 [pid 6141] ioctl(4, LOOP_CLR_FD) = 0 [pid 6141] close(4) = 0 [pid 6141] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] creat("./bus", 000) = 4 [pid 6141] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6141] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] ftruncate(4, 2048) = 0 [pid 6141] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [pid 6141] lseek(4, 0, SEEK_END) = 2048 [pid 6141] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 1 [ 189.656496][ T6141] loop0: detected capacity change from 0 to 4096 [ 189.666386][ T6141] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6141] open("./bus", O_RDONLY) = 5 [pid 6141] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6141] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] <... futex resumed>) = 0 [pid 6140] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6140] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6141] <... futex resumed>) = 0 [pid 6141] sendfile(4, 5, NULL, 145139829833722 [pid 6140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6140] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6140] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6140] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6142 attached [ 189.696182][ T27] audit: type=1804 audit(1671454770.439:354): pid=6141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/352/bus/bus" dev="loop0" ino=33 res=1 errno=0 , parent_tid=[6142], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6142 [pid 6140] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6140] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6142] sendfile(4, 5, NULL, 145139829833722 [pid 6140] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6140] exit_group(0) = ? [pid 6142] <... sendfile resumed>) = ? [pid 6142] +++ exited with 0 +++ [pid 6141] <... sendfile resumed>) = ? [pid 6141] +++ exited with 0 +++ [pid 6140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6140, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./352/binderfs") = 0 umount2("./352/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./352/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./352/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6143 ./strace-static-x86_64: Process 6143 attached [pid 6143] set_robust_list(0x5555556365e0, 24) = 0 [pid 6143] chdir("./353") = 0 [pid 6143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6143] setpgid(0, 0) = 0 [pid 6143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6143] write(3, "1000", 4) = 4 [pid 6143] close(3) = 0 [pid 6143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6143] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6143] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6144 attached , parent_tid=[6144], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6144 [pid 6144] set_robust_list(0x7f54a22979e0, 24 [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... set_robust_list resumed>) = 0 [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6144] memfd_create("syzkaller", 0) = 3 [pid 6144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6144] munmap(0x7f5499e77000, 2097152) = 0 [pid 6144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6144] close(3) = 0 [pid 6144] mkdir("./bus", 0777) = 0 [pid 6144] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6144] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6144] chdir("./bus") = 0 [pid 6144] ioctl(4, LOOP_CLR_FD) = 0 [pid 6144] close(4) = 0 [pid 6144] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] <... futex resumed>) = 0 [pid 6144] creat("./bus", 000) = 4 [pid 6144] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] <... futex resumed>) = 1 [pid 6144] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6144] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] ftruncate(4, 2048) = 0 [pid 6144] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] lseek(4, 0, SEEK_END [pid 6143] <... futex resumed>) = 0 [pid 6144] <... lseek resumed>) = 2048 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6144] open("./bus", O_RDONLY [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] <... open resumed>) = 5 [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6144] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6143] <... futex resumed>) = 0 [pid 6144] sendfile(4, 5, NULL, 145139829833722 [pid 6143] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 190.022755][ T6144] loop0: detected capacity change from 0 to 4096 [ 190.033115][ T6144] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6143] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6143] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6143] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6143] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6145 attached , parent_tid=[6145], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6145 [pid 6145] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6145] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6143] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6145] <... futex resumed>) = 0 [pid 6143] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] sendfile(4, 5, NULL, 145139829833722 [pid 6143] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6143] exit_group(0) = ? [pid 6144] <... sendfile resumed>) = ? [pid 6144] +++ exited with 0 +++ [pid 6145] <... sendfile resumed>) = ? [pid 6145] +++ exited with 0 +++ [pid 6143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6143, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./353/binderfs") = 0 umount2("./353/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./353/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./353/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./353/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6146 ./strace-static-x86_64: Process 6146 attached [pid 6146] set_robust_list(0x5555556365e0, 24) = 0 [pid 6146] chdir("./354") = 0 [pid 6146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6146] setpgid(0, 0) = 0 [pid 6146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6146] write(3, "1000", 4) = 4 [pid 6146] close(3) = 0 [pid 6146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6146] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6147], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6147 [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6147 attached [pid 6147] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6147] memfd_create("syzkaller", 0) = 3 [pid 6147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6147] munmap(0x7f5499e77000, 2097152) = 0 [pid 6147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6147] close(3) = 0 [pid 6147] mkdir("./bus", 0777) = 0 [pid 6147] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6147] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6147] chdir("./bus") = 0 [pid 6147] ioctl(4, LOOP_CLR_FD) = 0 [pid 6147] close(4) = 0 [pid 6147] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... futex resumed>) = 1 [pid 6147] creat("./bus", 000) = 4 [pid 6147] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... futex resumed>) = 1 [pid 6147] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6147] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... futex resumed>) = 1 [pid 6147] ftruncate(4, 2048) = 0 [pid 6147] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... futex resumed>) = 1 [pid 6147] lseek(4, 0, SEEK_END) = 2048 [pid 6147] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6146] <... futex resumed>) = 0 [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6147] <... futex resumed>) = 1 [pid 6147] open("./bus", O_RDONLY) = 5 [pid 6147] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6146] <... futex resumed>) = 0 [pid 6147] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6146] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6146] <... futex resumed>) = 0 [pid 6147] sendfile(4, 5, NULL, 145139829833722 [ 190.392731][ T6147] loop0: detected capacity change from 0 to 4096 [ 190.402255][ T6147] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6146] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6146] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6146] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6146] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6148], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6148 [pid 6146] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6146] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6148 attached [pid 6148] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6148] sendfile(4, 5, NULL, 145139829833722 [pid 6146] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6146] exit_group(0) = ? [pid 6147] <... sendfile resumed>) = ? [pid 6147] +++ exited with 0 +++ [pid 6148] <... sendfile resumed>) = ? [pid 6148] +++ exited with 0 +++ [pid 6146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6146, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./354/binderfs") = 0 umount2("./354/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./354/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./354/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./354/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6149 ./strace-static-x86_64: Process 6149 attached [pid 6149] set_robust_list(0x5555556365e0, 24) = 0 [pid 6149] chdir("./355") = 0 [pid 6149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6149] setpgid(0, 0) = 0 [pid 6149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6149] write(3, "1000", 4) = 4 [pid 6149] close(3) = 0 [pid 6149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6149] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6149] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6150], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6150 ./strace-static-x86_64: Process 6150 attached [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6150] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6150] memfd_create("syzkaller", 0) = 3 [pid 6150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6150] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6150] munmap(0x7f5499e77000, 2097152) = 0 [pid 6150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6150] close(3) = 0 [pid 6150] mkdir("./bus", 0777) = 0 [pid 6150] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6150] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6150] chdir("./bus") = 0 [pid 6150] ioctl(4, LOOP_CLR_FD) = 0 [pid 6150] close(4) = 0 [pid 6150] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... futex resumed>) = 1 [pid 6150] creat("./bus", 000) = 4 [pid 6150] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... futex resumed>) = 1 [pid 6150] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6150] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... futex resumed>) = 1 [pid 6150] ftruncate(4, 2048) = 0 [pid 6150] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] lseek(4, 0, SEEK_END) = 2048 [pid 6150] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] open("./bus", O_RDONLY [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6150] <... open resumed>) = 5 [pid 6150] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6149] <... futex resumed>) = 0 [pid 6149] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] sendfile(4, 5, NULL, 145139829833722 [ 190.763274][ T6150] loop0: detected capacity change from 0 to 4096 [ 190.772792][ T6150] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6149] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6149] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6149] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6149] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6151 attached , parent_tid=[6151], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6151 [pid 6149] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6151] sendfile(4, 5, NULL, 145139829833722 [pid 6149] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6149] exit_group(0 [pid 6151] <... sendfile resumed>) = ? [pid 6149] <... exit_group resumed>) = ? [pid 6151] +++ exited with 0 +++ [pid 6150] <... sendfile resumed>) = ? [pid 6150] +++ exited with 0 +++ [pid 6149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6149, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./355/binderfs") = 0 umount2("./355/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./355/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./355/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6152 ./strace-static-x86_64: Process 6152 attached [pid 6152] set_robust_list(0x5555556365e0, 24) = 0 [pid 6152] chdir("./356") = 0 [pid 6152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6152] setpgid(0, 0) = 0 [pid 6152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6152] write(3, "1000", 4) = 4 [pid 6152] close(3) = 0 [pid 6152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6152] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6153 attached , parent_tid=[6153], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6153 [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6153] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6153] memfd_create("syzkaller", 0) = 3 [pid 6153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6153] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6153] munmap(0x7f5499e77000, 2097152) = 0 [pid 6153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6153] close(3) = 0 [pid 6153] mkdir("./bus", 0777) = 0 [pid 6153] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6153] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6153] chdir("./bus") = 0 [pid 6153] ioctl(4, LOOP_CLR_FD) = 0 [pid 6153] close(4) = 0 [pid 6153] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] creat("./bus", 000 [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... creat resumed>) = 4 [pid 6153] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... fcntl resumed>) = 0 [pid 6153] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] ftruncate(4, 2048 [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... ftruncate resumed>) = 0 [pid 6153] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] lseek(4, 0, SEEK_END [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... lseek resumed>) = 2048 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... futex resumed>) = 0 [pid 6152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] open("./bus", O_RDONLY) = 5 [pid 6153] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6152] <... futex resumed>) = 0 [pid 6153] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6152] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 191.140928][ T6153] loop0: detected capacity change from 0 to 4096 [ 191.150238][ T6153] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6153] sendfile(4, 5, NULL, 145139829833722 [pid 6152] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6152] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6152] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6152] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6154 attached [pid 6154] set_robust_list(0x7f549a0769e0, 24 [pid 6152] <... clone resumed>, parent_tid=[6154], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6154 [pid 6154] <... set_robust_list resumed>) = 0 [pid 6152] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] sendfile(4, 5, NULL, 145139829833722 [pid 6152] <... futex resumed>) = 0 [pid 6152] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6152] exit_group(0) = ? [pid 6153] <... sendfile resumed>) = ? [pid 6153] +++ exited with 0 +++ [pid 6154] <... sendfile resumed>) = ? [pid 6154] +++ exited with 0 +++ [pid 6152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6152, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./356/binderfs") = 0 umount2("./356/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./356/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./356/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./356/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6155 ./strace-static-x86_64: Process 6155 attached [pid 6155] set_robust_list(0x5555556365e0, 24) = 0 [pid 6155] chdir("./357") = 0 [pid 6155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6155] setpgid(0, 0) = 0 [pid 6155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6155] write(3, "1000", 4) = 4 [pid 6155] close(3) = 0 [pid 6155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6155] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6155] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6156], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6156 [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6156 attached ) = 0 [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6156] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6156] memfd_create("syzkaller", 0) = 3 [pid 6156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6156] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6156] munmap(0x7f5499e77000, 2097152) = 0 [pid 6156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6156] close(3) = 0 [pid 6156] mkdir("./bus", 0777) = 0 [pid 6156] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6156] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6156] chdir("./bus") = 0 [pid 6156] ioctl(4, LOOP_CLR_FD) = 0 [pid 6156] close(4) = 0 [pid 6156] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] <... futex resumed>) = 0 [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... futex resumed>) = 0 [pid 6156] creat("./bus", 000) = 4 [pid 6156] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6156] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6155] <... futex resumed>) = 0 [pid 6156] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... fcntl resumed>) = 0 [pid 6156] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6156] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6156] ftruncate(4, 2048) = 0 [pid 6156] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] lseek(4, 0, SEEK_END) = 2048 [pid 6156] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6156] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [ 191.517160][ T6156] loop0: detected capacity change from 0 to 4096 [ 191.526315][ T6156] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6156] open("./bus", O_RDONLY) = 5 [pid 6156] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6155] <... futex resumed>) = 0 [pid 6156] sendfile(4, 5, NULL, 145139829833722 [pid 6155] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6155] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6155] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6155] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6157], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6157 ./strace-static-x86_64: Process 6157 attached [pid 6157] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6157] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6155] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] <... futex resumed>) = 0 [pid 6155] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 191.566095][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 191.566108][ T27] audit: type=1804 audit(1671454772.309:359): pid=6156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/357/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6157] sendfile(4, 5, NULL, 145139829833722 [pid 6155] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6155] exit_group(0) = ? [pid 6156] <... sendfile resumed>) = ? [pid 6156] +++ exited with 0 +++ [pid 6157] <... sendfile resumed>) = ? [pid 6157] +++ exited with 0 +++ [pid 6155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6155, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./357/binderfs") = 0 umount2("./357/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./357/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./357/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6158 ./strace-static-x86_64: Process 6158 attached [pid 6158] set_robust_list(0x5555556365e0, 24) = 0 [pid 6158] chdir("./358") = 0 [pid 6158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6158] setpgid(0, 0) = 0 [pid 6158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6158] write(3, "1000", 4) = 4 [pid 6158] close(3) = 0 [pid 6158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6158] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6158] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6159], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6159 [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6159 attached [pid 6159] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6159] memfd_create("syzkaller", 0) = 3 [pid 6159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6159] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6159] munmap(0x7f5499e77000, 2097152) = 0 [pid 6159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6159] close(3) = 0 [pid 6159] mkdir("./bus", 0777) = 0 [pid 6159] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6159] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6159] chdir("./bus") = 0 [pid 6159] ioctl(4, LOOP_CLR_FD) = 0 [pid 6159] close(4) = 0 [pid 6159] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6159] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] <... futex resumed>) = 0 [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] <... futex resumed>) = 0 [pid 6159] creat("./bus", 000) = 4 [pid 6159] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] <... futex resumed>) = 0 [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6159] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] <... futex resumed>) = 0 [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 1 [pid 6158] <... futex resumed>) = 0 [pid 6159] ftruncate(4, 2048 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] <... ftruncate resumed>) = 0 [pid 6159] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6158] <... futex resumed>) = 0 [pid 6159] lseek(4, 0, SEEK_END [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... lseek resumed>) = 2048 [pid 6158] <... futex resumed>) = 0 [ 191.903331][ T6159] loop0: detected capacity change from 0 to 4096 [ 191.912528][ T6159] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6159] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6159] <... futex resumed>) = 0 [pid 6158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6159] open("./bus", O_RDONLY [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] <... open resumed>) = 5 [pid 6159] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6158] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6158] <... futex resumed>) = 1 [pid 6159] sendfile(4, 5, NULL, 145139829833722 [pid 6158] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6158] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6158] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [ 191.966369][ T27] audit: type=1804 audit(1671454772.709:360): pid=6159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/358/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6158] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6160 attached , parent_tid=[6160], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6160 [pid 6160] set_robust_list(0x7f549a0769e0, 24 [pid 6158] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6160] sendfile(4, 5, NULL, 145139829833722 [pid 6158] <... futex resumed>) = 0 [pid 6158] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6158] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6158] exit_group(0) = ? [pid 6160] <... sendfile resumed>) = ? [pid 6159] <... sendfile resumed>) = ? [pid 6159] +++ exited with 0 +++ [pid 6160] +++ exited with 0 +++ [pid 6158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6158, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./358/binderfs") = 0 umount2("./358/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./358/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./358/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6161 ./strace-static-x86_64: Process 6161 attached [pid 6161] set_robust_list(0x5555556365e0, 24) = 0 [pid 6161] chdir("./359") = 0 [pid 6161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6161] setpgid(0, 0) = 0 [pid 6161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6161] write(3, "1000", 4) = 4 [pid 6161] close(3) = 0 [pid 6161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6161] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6161] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6162], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6162 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6162 attached [pid 6162] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6162] memfd_create("syzkaller", 0) = 3 [pid 6162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6162] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6162] munmap(0x7f5499e77000, 2097152) = 0 [pid 6162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6162] close(3) = 0 [pid 6162] mkdir("./bus", 0777) = 0 [pid 6162] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6162] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6162] chdir("./bus") = 0 [pid 6162] ioctl(4, LOOP_CLR_FD) = 0 [pid 6162] close(4) = 0 [pid 6162] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... futex resumed>) = 1 [pid 6162] creat("./bus", 000) = 4 [pid 6162] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... futex resumed>) = 1 [pid 6162] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6162] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... futex resumed>) = 1 [pid 6162] ftruncate(4, 2048) = 0 [pid 6162] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... futex resumed>) = 1 [pid 6162] lseek(4, 0, SEEK_END) = 2048 [pid 6162] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... futex resumed>) = 1 [ 192.282794][ T6162] loop0: detected capacity change from 0 to 4096 [ 192.292734][ T6162] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6162] open("./bus", O_RDONLY) = 5 [pid 6162] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6161] <... futex resumed>) = 0 [pid 6161] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6162] <... futex resumed>) = 1 [ 192.327938][ T27] audit: type=1804 audit(1671454773.069:361): pid=6162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/359/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6162] sendfile(4, 5, NULL, 145139829833722 [pid 6161] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6161] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6161] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6161] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6163], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6163 ./strace-static-x86_64: Process 6163 attached [pid 6161] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6161] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6163] sendfile(4, 5, NULL, 145139829833722 [pid 6161] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6161] exit_group(0) = ? [pid 6162] <... sendfile resumed>) = ? [pid 6163] <... sendfile resumed>) = ? [pid 6163] +++ exited with 0 +++ [pid 6162] +++ exited with 0 +++ [pid 6161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6161, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./359/binderfs") = 0 umount2("./359/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./359/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./359/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6164 ./strace-static-x86_64: Process 6164 attached [pid 6164] set_robust_list(0x5555556365e0, 24) = 0 [pid 6164] chdir("./360") = 0 [pid 6164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6164] setpgid(0, 0) = 0 [pid 6164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6164] write(3, "1000", 4) = 4 [pid 6164] close(3) = 0 [pid 6164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6164] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6164] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6165 attached , parent_tid=[6165], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6165 [pid 6165] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6165] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6165] memfd_create("syzkaller", 0) = 3 [pid 6165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6165] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6165] munmap(0x7f5499e77000, 2097152) = 0 [pid 6165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6165] close(3) = 0 [pid 6165] mkdir("./bus", 0777) = 0 [pid 6165] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6165] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6165] chdir("./bus") = 0 [pid 6165] ioctl(4, LOOP_CLR_FD) = 0 [pid 6165] close(4) = 0 [pid 6165] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6165] <... futex resumed>) = 1 [pid 6165] creat("./bus", 000) = 4 [pid 6165] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6164] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6165] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6165] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6165] <... futex resumed>) = 1 [pid 6165] ftruncate(4, 2048) = 0 [pid 6165] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6165] <... futex resumed>) = 1 [pid 6165] lseek(4, 0, SEEK_END) = 2048 [pid 6165] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 192.671743][ T6165] loop0: detected capacity change from 0 to 4096 [ 192.681183][ T6165] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6165] <... futex resumed>) = 1 [pid 6165] open("./bus", O_RDONLY) = 5 [pid 6165] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6164] <... futex resumed>) = 0 [pid 6164] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6164] <... futex resumed>) = 1 [pid 6165] sendfile(4, 5, NULL, 145139829833722 [ 192.726742][ T27] audit: type=1804 audit(1671454773.469:362): pid=6165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/360/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6164] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6164] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6164] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6164] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6166], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6166 [pid 6164] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6164] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6166 attached [pid 6166] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6166] sendfile(4, 5, NULL, 145139829833722 [pid 6164] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6164] exit_group(0) = ? [pid 6165] <... sendfile resumed>) = ? [pid 6165] +++ exited with 0 +++ [pid 6166] <... sendfile resumed>) = ? [pid 6166] +++ exited with 0 +++ [pid 6164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6164, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./360/binderfs") = 0 umount2("./360/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./360/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./360/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./360/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6167 ./strace-static-x86_64: Process 6167 attached [pid 6167] set_robust_list(0x5555556365e0, 24) = 0 [pid 6167] chdir("./361") = 0 [pid 6167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6167] setpgid(0, 0) = 0 [pid 6167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6167] write(3, "1000", 4) = 4 [pid 6167] close(3) = 0 [pid 6167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6167] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6167] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6168 attached , parent_tid=[6168], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6168 [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6168] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6168] memfd_create("syzkaller", 0) = 3 [pid 6168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6168] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6168] munmap(0x7f5499e77000, 2097152) = 0 [pid 6168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6168] close(3) = 0 [pid 6168] mkdir("./bus", 0777) = 0 [pid 6168] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6168] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6168] chdir("./bus") = 0 [pid 6168] ioctl(4, LOOP_CLR_FD) = 0 [pid 6168] close(4) = 0 [pid 6168] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 1 [pid 6168] creat("./bus", 000) = 4 [pid 6168] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 1 [pid 6168] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6168] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 1 [pid 6168] ftruncate(4, 2048) = 0 [pid 6168] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... futex resumed>) = 1 [pid 6168] lseek(4, 0, SEEK_END) = 2048 [pid 6168] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] <... futex resumed>) = 0 [pid 6168] open("./bus", O_RDONLY [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6168] <... open resumed>) = 5 [ 193.072458][ T6168] loop0: detected capacity change from 0 to 4096 [ 193.082379][ T6168] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6168] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6167] <... futex resumed>) = 0 [pid 6167] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] <... futex resumed>) = 0 [pid 6167] <... futex resumed>) = 1 [pid 6168] sendfile(4, 5, NULL, 145139829833722 [ 193.122379][ T27] audit: type=1804 audit(1671454773.869:363): pid=6168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/361/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6167] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6167] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6167] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6167] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6169 attached [pid 6169] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6169] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6167] <... clone resumed>, parent_tid=[6169], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6169 [pid 6167] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6167] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] <... futex resumed>) = 0 [pid 6169] sendfile(4, 5, NULL, 145139829833722 [pid 6167] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6167] exit_group(0) = ? [pid 6169] <... sendfile resumed>) = ? [pid 6168] <... sendfile resumed>) = ? [pid 6169] +++ exited with 0 +++ [pid 6168] +++ exited with 0 +++ [pid 6167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6167, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./361/binderfs") = 0 umount2("./361/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./361/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./361/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./361/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6170 ./strace-static-x86_64: Process 6170 attached [pid 6170] set_robust_list(0x5555556365e0, 24) = 0 [pid 6170] chdir("./362") = 0 [pid 6170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6170] setpgid(0, 0) = 0 [pid 6170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6170] write(3, "1000", 4) = 4 [pid 6170] close(3) = 0 [pid 6170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6170] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6170] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6171], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6171 [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6171 attached [pid 6171] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6171] memfd_create("syzkaller", 0) = 3 [pid 6171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6171] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6171] munmap(0x7f5499e77000, 2097152) = 0 [pid 6171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6171] close(3) = 0 [pid 6171] mkdir("./bus", 0777) = 0 [pid 6171] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6171] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6171] chdir("./bus") = 0 [pid 6171] ioctl(4, LOOP_CLR_FD) = 0 [pid 6171] close(4) = 0 [pid 6171] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] creat("./bus", 000) = 4 [pid 6171] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... futex resumed>) = 1 [pid 6171] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6171] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... futex resumed>) = 1 [pid 6171] ftruncate(4, 2048) = 0 [pid 6171] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6170] <... futex resumed>) = 0 [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... futex resumed>) = 1 [pid 6171] lseek(4, 0, SEEK_END) = 2048 [pid 6171] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6170] <... futex resumed>) = 0 [pid 6171] open("./bus", O_RDONLY [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] <... open resumed>) = 5 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.453699][ T6171] loop0: detected capacity change from 0 to 4096 [ 193.463280][ T6171] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6171] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6170] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6170] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6171] <... futex resumed>) = 0 [pid 6171] sendfile(4, 5, NULL, 145139829833722 [pid 6170] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6170] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6170] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6170] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6172], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6172 [pid 6170] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6170] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6172 attached [ 193.509065][ T27] audit: type=1804 audit(1671454774.249:364): pid=6171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/362/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6172] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6172] sendfile(4, 5, NULL, 145139829833722 [pid 6170] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6170] exit_group(0) = ? [pid 6171] <... sendfile resumed>) = ? [pid 6171] +++ exited with 0 +++ [pid 6172] <... sendfile resumed>) = ? [pid 6172] +++ exited with 0 +++ [pid 6170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6170, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./362/binderfs") = 0 umount2("./362/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./362/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./362/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6173 ./strace-static-x86_64: Process 6173 attached [pid 6173] set_robust_list(0x5555556365e0, 24) = 0 [pid 6173] chdir("./363") = 0 [pid 6173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6173] setpgid(0, 0) = 0 [pid 6173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6173] write(3, "1000", 4) = 4 [pid 6173] close(3) = 0 [pid 6173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6173] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6173] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6174 attached [pid 6174] set_robust_list(0x7f54a22979e0, 24 [pid 6173] <... clone resumed>, parent_tid=[6174], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6174 [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6174] <... set_robust_list resumed>) = 0 [pid 6174] memfd_create("syzkaller", 0) = 3 [pid 6174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6174] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6174] munmap(0x7f5499e77000, 2097152) = 0 [pid 6174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6174] close(3) = 0 [pid 6174] mkdir("./bus", 0777) = 0 [pid 6174] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6174] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6174] chdir("./bus") = 0 [pid 6174] ioctl(4, LOOP_CLR_FD) = 0 [pid 6174] close(4) = 0 [pid 6174] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] creat("./bus", 000) = 4 [ 193.836854][ T6174] loop0: detected capacity change from 0 to 4096 [ 193.846281][ T6174] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6174] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... futex resumed>) = 1 [pid 6174] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6174] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... futex resumed>) = 0 [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... futex resumed>) = 1 [pid 6174] ftruncate(4, 2048) = 0 [pid 6174] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6174] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] <... futex resumed>) = 0 [pid 6174] lseek(4, 0, SEEK_END [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... lseek resumed>) = 2048 [pid 6174] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] <... futex resumed>) = 0 [pid 6174] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6174] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6173] <... futex resumed>) = 0 [pid 6174] open("./bus", O_RDONLY [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... open resumed>) = 5 [pid 6174] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6173] <... futex resumed>) = 0 [pid 6173] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6173] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6174] <... futex resumed>) = 0 [pid 6174] sendfile(4, 5, NULL, 145139829833722 [pid 6173] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6173] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6173] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6173] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6175], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6175 [pid 6173] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 193.912143][ T27] audit: type=1804 audit(1671454774.659:365): pid=6174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/363/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6173] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6175 attached [pid 6175] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6175] sendfile(4, 5, NULL, 145139829833722 [pid 6173] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6173] exit_group(0) = ? [pid 6175] <... sendfile resumed>) = ? [pid 6175] +++ exited with 0 +++ [pid 6174] <... sendfile resumed>) = ? [pid 6174] +++ exited with 0 +++ [pid 6173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6173, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./363/binderfs") = 0 umount2("./363/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./363/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./363/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6176 ./strace-static-x86_64: Process 6176 attached [pid 6176] set_robust_list(0x5555556365e0, 24) = 0 [pid 6176] chdir("./364") = 0 [pid 6176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6176] setpgid(0, 0) = 0 [pid 6176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6176] write(3, "1000", 4) = 4 [pid 6176] close(3) = 0 [pid 6176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6176] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6177], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6177 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6177 attached [pid 6177] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6177] memfd_create("syzkaller", 0) = 3 [pid 6177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6177] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6177] munmap(0x7f5499e77000, 2097152) = 0 [pid 6177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6177] close(3) = 0 [pid 6177] mkdir("./bus", 0777) = 0 [pid 6177] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6177] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6177] chdir("./bus") = 0 [pid 6177] ioctl(4, LOOP_CLR_FD) = 0 [pid 6177] close(4) = 0 [pid 6177] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [ 194.301283][ T6177] loop0: detected capacity change from 0 to 4096 [ 194.311513][ T6177] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6177] creat("./bus", 000) = 4 [pid 6177] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6177] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] ftruncate(4, 2048) = 0 [pid 6177] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] lseek(4, 0, SEEK_END) = 2048 [pid 6177] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] open("./bus", O_RDONLY) = 5 [pid 6177] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] <... futex resumed>) = 0 [pid 6176] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6177] <... futex resumed>) = 1 [pid 6177] sendfile(4, 5, NULL, 145139829833722 [pid 6176] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6176] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6176] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6176] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6178], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6178 [pid 6176] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6176] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6178 attached [pid 6178] set_robust_list(0x7f549a0769e0, 24) = 0 [ 194.369474][ T27] audit: type=1804 audit(1671454775.109:366): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/364/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6178] sendfile(4, 5, NULL, 145139829833722 [pid 6176] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6176] exit_group(0) = ? [pid 6178] <... sendfile resumed>) = ? [pid 6178] +++ exited with 0 +++ [pid 6177] <... sendfile resumed>) = ? [pid 6177] +++ exited with 0 +++ [pid 6176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6176, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./364/binderfs") = 0 umount2("./364/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./364/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./364/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6179 ./strace-static-x86_64: Process 6179 attached [pid 6179] set_robust_list(0x5555556365e0, 24) = 0 [pid 6179] chdir("./365") = 0 [pid 6179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6179] setpgid(0, 0) = 0 [pid 6179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6179] write(3, "1000", 4) = 4 [pid 6179] close(3) = 0 [pid 6179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6179] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6179] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6180 attached , parent_tid=[6180], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6180 [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6180] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6180] memfd_create("syzkaller", 0) = 3 [pid 6180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6180] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6180] munmap(0x7f5499e77000, 2097152) = 0 [pid 6180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6180] close(3) = 0 [pid 6180] mkdir("./bus", 0777) = 0 [pid 6180] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6180] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6180] chdir("./bus") = 0 [pid 6180] ioctl(4, LOOP_CLR_FD) = 0 [pid 6180] close(4) = 0 [pid 6180] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6179] <... futex resumed>) = 0 [pid 6180] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 0 [pid 6180] creat("./bus", 000) = 4 [pid 6180] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 0 [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 1 [pid 6180] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6180] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 0 [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 1 [pid 6180] ftruncate(4, 2048) = 0 [pid 6180] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 0 [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 1 [pid 6180] lseek(4, 0, SEEK_END) = 2048 [pid 6180] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 0 [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 1 [pid 6180] open("./bus", O_RDONLY) = 5 [ 194.708204][ T6180] loop0: detected capacity change from 0 to 4096 [ 194.717322][ T6180] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6180] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... futex resumed>) = 0 [pid 6179] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6180] <... futex resumed>) = 1 [pid 6180] sendfile(4, 5, NULL, 145139829833722 [pid 6179] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6179] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6179] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6179] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6181 attached [pid 6181] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6181] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6179] <... clone resumed>, parent_tid=[6181], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6181 [pid 6179] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6179] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... futex resumed>) = 0 [ 194.758523][ T27] audit: type=1804 audit(1671454775.499:367): pid=6180 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/365/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6181] sendfile(4, 5, NULL, 145139829833722 [pid 6179] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6179] exit_group(0) = ? [pid 6181] <... sendfile resumed>) = ? [pid 6181] +++ exited with 0 +++ [pid 6180] <... sendfile resumed>) = ? [pid 6180] +++ exited with 0 +++ [pid 6179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6179, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./365/binderfs") = 0 umount2("./365/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./365/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./365/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6182 ./strace-static-x86_64: Process 6182 attached [pid 6182] set_robust_list(0x5555556365e0, 24) = 0 [pid 6182] chdir("./366") = 0 [pid 6182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6182] setpgid(0, 0) = 0 [pid 6182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6182] write(3, "1000", 4) = 4 [pid 6182] close(3) = 0 [pid 6182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6182] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6182] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6183], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6183 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6183 attached [pid 6183] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6183] memfd_create("syzkaller", 0) = 3 [pid 6183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6183] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6183] munmap(0x7f5499e77000, 2097152) = 0 [pid 6183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6183] close(3) = 0 [pid 6183] mkdir("./bus", 0777) = 0 [pid 6183] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6183] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6183] chdir("./bus") = 0 [pid 6183] ioctl(4, LOOP_CLR_FD) = 0 [pid 6183] close(4) = 0 [pid 6183] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] <... futex resumed>) = 0 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] <... futex resumed>) = 1 [pid 6183] creat("./bus", 000) = 4 [pid 6183] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6183] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] ftruncate(4, 2048) = 0 [pid 6183] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] <... futex resumed>) = 0 [pid 6183] <... futex resumed>) = 1 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] lseek(4, 0, SEEK_END [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] <... lseek resumed>) = 2048 [pid 6183] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6182] <... futex resumed>) = 0 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 195.079940][ T6183] loop0: detected capacity change from 0 to 4096 [ 195.089540][ T6183] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] open("./bus", O_RDONLY) = 5 [pid 6183] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6182] <... futex resumed>) = 0 [pid 6182] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] <... futex resumed>) = 1 [pid 6182] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6183] sendfile(4, 5, NULL, 145139829833722 [pid 6182] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6182] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6182] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6182] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6184 attached , parent_tid=[6184], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6184 [pid 6184] set_robust_list(0x7f549a0769e0, 24 [pid 6182] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 195.132792][ T27] audit: type=1804 audit(1671454775.879:368): pid=6183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/366/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6184] <... set_robust_list resumed>) = 0 [pid 6182] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] sendfile(4, 5, NULL, 145139829833722 [pid 6182] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6182] exit_group(0) = ? [pid 6183] <... sendfile resumed>) = ? [pid 6183] +++ exited with 0 +++ [pid 6184] <... sendfile resumed>) = ? [pid 6184] +++ exited with 0 +++ [pid 6182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6182, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./366/binderfs") = 0 umount2("./366/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./366/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./366/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./366/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6185 attached , child_tidptr=0x5555556365d0) = 6185 [pid 6185] set_robust_list(0x5555556365e0, 24) = 0 [pid 6185] chdir("./367") = 0 [pid 6185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6185] setpgid(0, 0) = 0 [pid 6185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6185] write(3, "1000", 4) = 4 [pid 6185] close(3) = 0 [pid 6185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6185] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6185] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6186 attached , parent_tid=[6186], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6186 [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6186] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6186] memfd_create("syzkaller", 0) = 3 [pid 6186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6186] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6186] munmap(0x7f5499e77000, 2097152) = 0 [pid 6186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6186] close(3) = 0 [pid 6186] mkdir("./bus", 0777) = 0 [pid 6186] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6186] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6186] chdir("./bus") = 0 [pid 6186] ioctl(4, LOOP_CLR_FD) = 0 [pid 6186] close(4) = 0 [pid 6186] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6186] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6186] creat("./bus", 000 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] <... creat resumed>) = 4 [pid 6186] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6186] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] <... fcntl resumed>) = 0 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6186] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = 1 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] ftruncate(4, 2048) = 0 [pid 6186] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6185] <... futex resumed>) = 0 [pid 6186] lseek(4, 0, SEEK_END [ 195.458808][ T6186] loop0: detected capacity change from 0 to 4096 [ 195.468364][ T6186] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... lseek resumed>) = 2048 [pid 6185] <... futex resumed>) = 0 [pid 6186] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] <... futex resumed>) = 0 [pid 6185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] open("./bus", O_RDONLY) = 5 [pid 6186] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6185] <... futex resumed>) = 0 [pid 6185] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6186] <... futex resumed>) = 1 [pid 6186] sendfile(4, 5, NULL, 145139829833722 [pid 6185] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6185] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6185] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6185] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6187 attached [pid 6187] set_robust_list(0x7f549a0769e0, 24 [pid 6185] <... clone resumed>, parent_tid=[6187], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6187 [pid 6187] <... set_robust_list resumed>) = 0 [pid 6185] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] sendfile(4, 5, NULL, 145139829833722 [pid 6185] <... futex resumed>) = 0 [pid 6185] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6185] exit_group(0) = ? [pid 6186] <... sendfile resumed>) = ? [pid 6187] <... sendfile resumed>) = ? [pid 6187] +++ exited with 0 +++ [pid 6186] +++ exited with 0 +++ [pid 6185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6185, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./367/binderfs") = 0 umount2("./367/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./367/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./367/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6188 ./strace-static-x86_64: Process 6188 attached [pid 6188] set_robust_list(0x5555556365e0, 24) = 0 [pid 6188] chdir("./368") = 0 [pid 6188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6188] setpgid(0, 0) = 0 [pid 6188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6188] write(3, "1000", 4) = 4 [pid 6188] close(3) = 0 [pid 6188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6188] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6189], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6189 ./strace-static-x86_64: Process 6189 attached [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] set_robust_list(0x7f54a22979e0, 24 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6189] <... set_robust_list resumed>) = 0 [pid 6189] memfd_create("syzkaller", 0) = 3 [pid 6189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6189] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6189] munmap(0x7f5499e77000, 2097152) = 0 [pid 6189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6189] close(3) = 0 [pid 6189] mkdir("./bus", 0777) = 0 [pid 6189] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6189] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6189] chdir("./bus") = 0 [pid 6189] ioctl(4, LOOP_CLR_FD) = 0 [pid 6189] close(4) = 0 [pid 6189] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] <... futex resumed>) = 1 [pid 6189] creat("./bus", 000) = 4 [pid 6189] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] <... futex resumed>) = 1 [pid 6189] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [ 195.850166][ T6189] loop0: detected capacity change from 0 to 4096 [ 195.859369][ T6189] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6189] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] ftruncate(4, 2048) = 0 [pid 6189] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] <... futex resumed>) = 1 [pid 6189] lseek(4, 0, SEEK_END) = 2048 [pid 6189] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] open("./bus", O_RDONLY) = 5 [pid 6189] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6188] <... futex resumed>) = 0 [pid 6188] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6188] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6189] sendfile(4, 5, NULL, 145139829833722 [pid 6188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6188] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6188] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6188] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6190 attached [pid 6190] set_robust_list(0x7f549a0769e0, 24 [pid 6188] <... clone resumed>, parent_tid=[6190], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6190 [pid 6190] <... set_robust_list resumed>) = 0 [pid 6188] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] sendfile(4, 5, NULL, 145139829833722 [pid 6188] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6188] exit_group(0) = ? [pid 6189] <... sendfile resumed>) = ? [pid 6189] +++ exited with 0 +++ [pid 6190] <... sendfile resumed>) = ? [pid 6190] +++ exited with 0 +++ [pid 6188] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6188, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./368/binderfs") = 0 umount2("./368/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./368/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./368/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./368/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6191 ./strace-static-x86_64: Process 6191 attached [pid 6191] set_robust_list(0x5555556365e0, 24) = 0 [pid 6191] chdir("./369") = 0 [pid 6191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6191] setpgid(0, 0) = 0 [pid 6191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6191] write(3, "1000", 4) = 4 [pid 6191] close(3) = 0 [pid 6191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6191] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6191] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6192 attached , parent_tid=[6192], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6192 [pid 6192] set_robust_list(0x7f54a22979e0, 24 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6192] <... set_robust_list resumed>) = 0 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6192] memfd_create("syzkaller", 0) = 3 [pid 6192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6192] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6192] munmap(0x7f5499e77000, 2097152) = 0 [pid 6192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6192] close(3) = 0 [pid 6192] mkdir("./bus", 0777) = 0 [pid 6192] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6192] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6192] chdir("./bus") = 0 [pid 6192] ioctl(4, LOOP_CLR_FD) = 0 [pid 6192] close(4) = 0 [pid 6192] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6192] <... futex resumed>) = 1 [pid 6192] creat("./bus", 000) = 4 [pid 6192] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6192] <... futex resumed>) = 1 [pid 6192] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6192] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6192] <... futex resumed>) = 1 [pid 6192] ftruncate(4, 2048) = 0 [pid 6192] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6192] <... futex resumed>) = 1 [pid 6192] lseek(4, 0, SEEK_END) = 2048 [pid 6192] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6192] <... futex resumed>) = 1 [pid 6192] open("./bus", O_RDONLY) = 5 [pid 6192] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6192] <... futex resumed>) = 1 [ 196.234160][ T6192] loop0: detected capacity change from 0 to 4096 [ 196.243511][ T6192] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6192] sendfile(4, 5, NULL, 145139829833722 [pid 6191] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6191] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6191] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6191] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6191] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6193 attached [pid 6193] set_robust_list(0x7f549a0769e0, 24 [pid 6191] <... clone resumed>, parent_tid=[6193], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6193 [pid 6193] <... set_robust_list resumed>) = 0 [pid 6191] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] sendfile(4, 5, NULL, 145139829833722 [pid 6191] <... futex resumed>) = 0 [pid 6191] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6191] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6191] exit_group(0) = ? [pid 6193] <... sendfile resumed>) = ? [pid 6193] +++ exited with 0 +++ [pid 6192] <... sendfile resumed>) = ? [pid 6192] +++ exited with 0 +++ [pid 6191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6191, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./369/binderfs") = 0 umount2("./369/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./369/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./369/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6194 ./strace-static-x86_64: Process 6194 attached [pid 6194] set_robust_list(0x5555556365e0, 24) = 0 [pid 6194] chdir("./370") = 0 [pid 6194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6194] setpgid(0, 0) = 0 [pid 6194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6194] write(3, "1000", 4) = 4 [pid 6194] close(3) = 0 [pid 6194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6194] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6194] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6195 attached , parent_tid=[6195], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6195 [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6195] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6195] memfd_create("syzkaller", 0) = 3 [pid 6195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6195] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6195] munmap(0x7f5499e77000, 2097152) = 0 [pid 6195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6195] close(3) = 0 [pid 6195] mkdir("./bus", 0777) = 0 [pid 6195] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6195] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6195] chdir("./bus") = 0 [pid 6195] ioctl(4, LOOP_CLR_FD) = 0 [pid 6195] close(4) = 0 [pid 6195] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6194] <... futex resumed>) = 0 [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... futex resumed>) = 0 [pid 6195] creat("./bus", 000) = 4 [pid 6195] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] <... futex resumed>) = 0 [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... futex resumed>) = 1 [pid 6195] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6195] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] <... futex resumed>) = 0 [pid 6195] <... futex resumed>) = 1 [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] ftruncate(4, 2048) = 0 [pid 6195] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] <... futex resumed>) = 0 [pid 6195] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6194] <... futex resumed>) = 0 [pid 6195] lseek(4, 0, SEEK_END [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... lseek resumed>) = 2048 [pid 6195] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] <... futex resumed>) = 0 [pid 6195] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6194] <... futex resumed>) = 0 [pid 6195] open("./bus", O_RDONLY [ 196.608317][ T6195] loop0: detected capacity change from 0 to 4096 [ 196.617407][ T6195] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... open resumed>) = 5 [pid 6195] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6194] <... futex resumed>) = 0 [pid 6194] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6194] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6195] <... futex resumed>) = 0 [pid 6195] sendfile(4, 5, NULL, 145139829833722 [pid 6194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6194] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6194] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6194] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6196 attached , parent_tid=[6196], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6196 [pid 6194] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6194] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] set_robust_list(0x7f549a0769e0, 24) = 0 [ 196.654810][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 196.654823][ T27] audit: type=1804 audit(1671454777.399:372): pid=6195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/370/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6196] sendfile(4, 5, NULL, 145139829833722 [pid 6194] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6194] exit_group(0) = ? [pid 6195] <... sendfile resumed>) = ? [pid 6195] +++ exited with 0 +++ [pid 6196] <... sendfile resumed>) = ? [pid 6196] +++ exited with 0 +++ [pid 6194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6194, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./370/binderfs") = 0 umount2("./370/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./370/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./370/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6197 ./strace-static-x86_64: Process 6197 attached [pid 6197] set_robust_list(0x5555556365e0, 24) = 0 [pid 6197] chdir("./371") = 0 [pid 6197] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6197] setpgid(0, 0) = 0 [pid 6197] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6197] write(3, "1000", 4) = 4 [pid 6197] close(3) = 0 [pid 6197] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6197] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6197] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6198 attached , parent_tid=[6198], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6198 [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] set_robust_list(0x7f54a22979e0, 24 [pid 6197] <... futex resumed>) = 0 [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6198] <... set_robust_list resumed>) = 0 [pid 6198] memfd_create("syzkaller", 0) = 3 [pid 6198] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6198] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6198] munmap(0x7f5499e77000, 2097152) = 0 [pid 6198] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6198] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6198] close(3) = 0 [pid 6198] mkdir("./bus", 0777) = 0 [pid 6198] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6198] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6198] chdir("./bus") = 0 [pid 6198] ioctl(4, LOOP_CLR_FD) = 0 [pid 6198] close(4) = 0 [pid 6198] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6198] creat("./bus", 000 [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... creat resumed>) = 4 [pid 6198] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6198] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... fcntl resumed>) = 0 [pid 6198] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] ftruncate(4, 2048 [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... ftruncate resumed>) = 0 [pid 6198] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6197] <... futex resumed>) = 0 [pid 6198] lseek(4, 0, SEEK_END [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... lseek resumed>) = 2048 [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... futex resumed>) = 0 [pid 6197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6198] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6198] open("./bus", O_RDONLY [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6198] <... open resumed>) = 5 [pid 6198] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 197.000169][ T6198] loop0: detected capacity change from 0 to 4096 [ 197.010197][ T6198] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6197] <... futex resumed>) = 0 [pid 6198] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6198] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6197] <... futex resumed>) = 0 [pid 6198] sendfile(4, 5, NULL, 145139829833722 [pid 6197] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6197] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6197] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6197] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6197] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6199 attached , parent_tid=[6199], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6199 [pid 6199] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6199] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6197] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6199] <... futex resumed>) = 0 [pid 6199] sendfile(4, 5, NULL, 145139829833722 [ 197.054332][ T27] audit: type=1804 audit(1671454777.799:373): pid=6198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/371/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6197] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6197] exit_group(0) = ? [pid 6198] <... sendfile resumed>) = ? [pid 6199] <... sendfile resumed>) = ? [pid 6199] +++ exited with 0 +++ [pid 6198] +++ exited with 0 +++ [pid 6197] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6197, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./371/binderfs") = 0 umount2("./371/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./371/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./371/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6200 ./strace-static-x86_64: Process 6200 attached [pid 6200] set_robust_list(0x5555556365e0, 24) = 0 [pid 6200] chdir("./372") = 0 [pid 6200] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6200] setpgid(0, 0) = 0 [pid 6200] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6200] write(3, "1000", 4) = 4 [pid 6200] close(3) = 0 [pid 6200] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6200] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6200] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6201], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6201 ./strace-static-x86_64: Process 6201 attached [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6201] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6201] memfd_create("syzkaller", 0) = 3 [pid 6201] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6201] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6201] munmap(0x7f5499e77000, 2097152) = 0 [pid 6201] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6201] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6201] close(3) = 0 [pid 6201] mkdir("./bus", 0777) = 0 [pid 6201] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6201] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6201] chdir("./bus") = 0 [pid 6201] ioctl(4, LOOP_CLR_FD) = 0 [pid 6201] close(4) = 0 [pid 6201] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6201] creat("./bus", 000) = 4 [pid 6201] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6201] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6201] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6201] ftruncate(4, 2048) = 0 [ 197.383586][ T6201] loop0: detected capacity change from 0 to 4096 [ 197.393505][ T6201] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6201] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6201] <... futex resumed>) = 0 [pid 6201] lseek(4, 0, SEEK_END) = 2048 [pid 6201] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6201] <... futex resumed>) = 1 [pid 6201] open("./bus", O_RDONLY) = 5 [pid 6201] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6200] <... futex resumed>) = 0 [pid 6200] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6201] <... futex resumed>) = 0 [pid 6201] sendfile(4, 5, NULL, 145139829833722 [pid 6200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6200] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6200] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6200] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6200] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6202], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6202 [pid 6200] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6200] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6202 attached [pid 6202] set_robust_list(0x7f549a0769e0, 24) = 0 [ 197.448900][ T27] audit: type=1804 audit(1671454778.189:374): pid=6201 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/372/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6202] sendfile(4, 5, NULL, 145139829833722 [pid 6200] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6200] exit_group(0) = ? [pid 6202] <... sendfile resumed>) = ? [pid 6202] +++ exited with 0 +++ [pid 6201] <... sendfile resumed>) = ? [pid 6201] +++ exited with 0 +++ [pid 6200] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6200, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./372/binderfs") = 0 umount2("./372/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./372/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./372/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6203 ./strace-static-x86_64: Process 6203 attached [pid 6203] set_robust_list(0x5555556365e0, 24) = 0 [pid 6203] chdir("./373") = 0 [pid 6203] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6203] setpgid(0, 0) = 0 [pid 6203] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6203] write(3, "1000", 4) = 4 [pid 6203] close(3) = 0 [pid 6203] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6203] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6203] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6204], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6204 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6204 attached [pid 6204] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6204] memfd_create("syzkaller", 0) = 3 [pid 6204] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6204] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6204] munmap(0x7f5499e77000, 2097152) = 0 [pid 6204] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6204] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6204] close(3) = 0 [pid 6204] mkdir("./bus", 0777) = 0 [pid 6204] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6204] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6204] chdir("./bus") = 0 [pid 6204] ioctl(4, LOOP_CLR_FD) = 0 [pid 6204] close(4) = 0 [pid 6204] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 0 [pid 6204] creat("./bus", 000) = 4 [pid 6204] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 1 [pid 6204] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6204] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 1 [pid 6204] ftruncate(4, 2048) = 0 [pid 6204] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 1 [pid 6204] lseek(4, 0, SEEK_END) = 2048 [pid 6204] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 1 [ 197.772916][ T6204] loop0: detected capacity change from 0 to 4096 [ 197.782167][ T6204] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6204] open("./bus", O_RDONLY) = 5 [pid 6204] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6203] <... futex resumed>) = 0 [pid 6203] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6203] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6204] <... futex resumed>) = 0 [pid 6204] sendfile(4, 5, NULL, 145139829833722 [pid 6203] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6203] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6203] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6203] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6205], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6205 [pid 6203] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6203] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6205 attached [pid 6205] set_robust_list(0x7f549a0769e0, 24) = 0 [ 197.835174][ T27] audit: type=1804 audit(1671454778.579:375): pid=6204 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/373/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6205] sendfile(4, 5, NULL, 145139829833722 [pid 6203] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6203] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6203] exit_group(0) = ? [pid 6204] <... sendfile resumed>) = ? [pid 6204] +++ exited with 0 +++ [pid 6205] <... sendfile resumed>) = ? [pid 6205] +++ exited with 0 +++ [pid 6203] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6203, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./373/binderfs") = 0 umount2("./373/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./373/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./373/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6206 ./strace-static-x86_64: Process 6206 attached [pid 6206] set_robust_list(0x5555556365e0, 24) = 0 [pid 6206] chdir("./374") = 0 [pid 6206] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6206] setpgid(0, 0) = 0 [pid 6206] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6206] write(3, "1000", 4) = 4 [pid 6206] close(3) = 0 [pid 6206] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6206] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6206] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6207], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6207 ./strace-static-x86_64: Process 6207 attached [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6207] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6207] memfd_create("syzkaller", 0) = 3 [pid 6207] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6207] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6207] munmap(0x7f5499e77000, 2097152) = 0 [pid 6207] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6207] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6207] close(3) = 0 [pid 6207] mkdir("./bus", 0777) = 0 [pid 6207] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6207] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6207] chdir("./bus") = 0 [pid 6207] ioctl(4, LOOP_CLR_FD) = 0 [pid 6207] close(4) = 0 [pid 6207] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] creat("./bus", 000) = 4 [pid 6207] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6207] <... futex resumed>) = 1 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6207] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] <... futex resumed>) = 1 [pid 6207] ftruncate(4, 2048) = 0 [pid 6207] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] <... futex resumed>) = 1 [pid 6207] lseek(4, 0, SEEK_END) = 2048 [pid 6207] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] <... futex resumed>) = 1 [ 198.145400][ T6207] loop0: detected capacity change from 0 to 4096 [ 198.154446][ T6207] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6207] open("./bus", O_RDONLY) = 5 [pid 6207] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6206] <... futex resumed>) = 0 [pid 6206] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6207] <... futex resumed>) = 1 [pid 6207] sendfile(4, 5, NULL, 145139829833722 [pid 6206] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6206] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6206] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6206] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6208 attached , parent_tid=[6208], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6208 [pid 6206] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] set_robust_list(0x7f549a0769e0, 24) = 0 [ 198.203814][ T27] audit: type=1804 audit(1671454778.949:376): pid=6207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/374/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6208] sendfile(4, 5, NULL, 145139829833722 [pid 6206] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6206] exit_group(0 [pid 6208] <... sendfile resumed>) = ? [pid 6206] <... exit_group resumed>) = ? [pid 6208] +++ exited with 0 +++ [pid 6207] <... sendfile resumed>) = ? [pid 6207] +++ exited with 0 +++ [pid 6206] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6206, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./374/binderfs") = 0 umount2("./374/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./374/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./374/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6209 ./strace-static-x86_64: Process 6209 attached [pid 6209] set_robust_list(0x5555556365e0, 24) = 0 [pid 6209] chdir("./375") = 0 [pid 6209] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6209] setpgid(0, 0) = 0 [pid 6209] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6209] write(3, "1000", 4) = 4 [pid 6209] close(3) = 0 [pid 6209] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6209] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6209] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6210], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6210 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6210 attached [pid 6210] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6210] memfd_create("syzkaller", 0) = 3 [pid 6210] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6210] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6210] munmap(0x7f5499e77000, 2097152) = 0 [pid 6210] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6210] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6210] close(3) = 0 [pid 6210] mkdir("./bus", 0777) = 0 [pid 6210] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6210] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6210] chdir("./bus") = 0 [pid 6210] ioctl(4, LOOP_CLR_FD) = 0 [pid 6210] close(4) = 0 [pid 6210] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = 0 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] <... futex resumed>) = 1 [pid 6210] creat("./bus", 000) = 4 [pid 6210] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6210] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = 0 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] <... futex resumed>) = 1 [pid 6210] ftruncate(4, 2048) = 0 [pid 6210] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6209] <... futex resumed>) = 0 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] lseek(4, 0, SEEK_END) = 2048 [pid 6210] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] <... futex resumed>) = 0 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6210] <... futex resumed>) = 1 [ 198.532562][ T6210] loop0: detected capacity change from 0 to 4096 [ 198.541905][ T6210] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6210] open("./bus", O_RDONLY) = 5 [pid 6210] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6210] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6209] <... futex resumed>) = 0 [pid 6209] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6209] <... futex resumed>) = 1 [pid 6210] sendfile(4, 5, NULL, 145139829833722 [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6209] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6209] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6209] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6209] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6211 attached , parent_tid=[6211], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6211 [pid 6209] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6209] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] set_robust_list(0x7f549a0769e0, 24) = 0 [ 198.592835][ T27] audit: type=1804 audit(1671454779.339:377): pid=6210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/375/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6211] sendfile(4, 5, NULL, 145139829833722 [pid 6209] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6209] exit_group(0 [pid 6211] <... sendfile resumed>) = ? [pid 6209] <... exit_group resumed>) = ? [pid 6211] +++ exited with 0 +++ [pid 6210] <... sendfile resumed>) = ? [pid 6210] +++ exited with 0 +++ [pid 6209] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6209, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./375/binderfs") = 0 umount2("./375/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./375/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./375/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6212 ./strace-static-x86_64: Process 6212 attached [pid 6212] set_robust_list(0x5555556365e0, 24) = 0 [pid 6212] chdir("./376") = 0 [pid 6212] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6212] setpgid(0, 0) = 0 [pid 6212] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6212] write(3, "1000", 4) = 4 [pid 6212] close(3) = 0 [pid 6212] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6212] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6212] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6213], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6213 [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6213 attached [pid 6213] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6213] memfd_create("syzkaller", 0) = 3 [pid 6213] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6213] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6213] munmap(0x7f5499e77000, 2097152) = 0 [pid 6213] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6213] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6213] close(3) = 0 [pid 6213] mkdir("./bus", 0777) = 0 [pid 6213] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6213] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6213] chdir("./bus") = 0 [pid 6213] ioctl(4, LOOP_CLR_FD) = 0 [pid 6213] close(4) = 0 [pid 6213] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] <... futex resumed>) = 0 [pid 6213] creat("./bus", 000) = 4 [pid 6213] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] <... futex resumed>) = 1 [pid 6213] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6213] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] <... futex resumed>) = 0 [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] ftruncate(4, 2048 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] <... ftruncate resumed>) = 0 [pid 6213] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] <... futex resumed>) = 0 [pid 6213] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6213] <... futex resumed>) = 0 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] lseek(4, 0, SEEK_END) = 2048 [pid 6213] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6212] <... futex resumed>) = 0 [pid 6213] open("./bus", O_RDONLY [ 198.914887][ T6213] loop0: detected capacity change from 0 to 4096 [ 198.924247][ T6213] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... open resumed>) = 5 [pid 6212] <... futex resumed>) = 0 [pid 6213] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6213] <... futex resumed>) = 0 [pid 6212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6213] sendfile(4, 5, NULL, 145139829833722 [pid 6212] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6212] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6212] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6212] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6214], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6214 [pid 6212] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6212] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6214 attached [pid 6214] set_robust_list(0x7f549a0769e0, 24) = 0 [ 198.971583][ T27] audit: type=1804 audit(1671454779.719:378): pid=6213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/376/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6214] sendfile(4, 5, NULL, 145139829833722 [pid 6212] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6212] exit_group(0) = ? [pid 6213] <... sendfile resumed>) = ? [pid 6214] <... sendfile resumed>) = ? [pid 6214] +++ exited with 0 +++ [pid 6213] +++ exited with 0 +++ [pid 6212] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6212, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./376/binderfs") = 0 umount2("./376/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./376/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./376/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6215 ./strace-static-x86_64: Process 6215 attached [pid 6215] set_robust_list(0x5555556365e0, 24) = 0 [pid 6215] chdir("./377") = 0 [pid 6215] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6215] setpgid(0, 0) = 0 [pid 6215] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6215] write(3, "1000", 4) = 4 [pid 6215] close(3) = 0 [pid 6215] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6215] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6215] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6216 attached [pid 6216] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6215] <... clone resumed>, parent_tid=[6216], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6216 [pid 6216] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6216] memfd_create("syzkaller", 0) = 3 [pid 6216] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6216] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6216] munmap(0x7f5499e77000, 2097152) = 0 [pid 6216] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6216] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6216] close(3) = 0 [pid 6216] mkdir("./bus", 0777) = 0 [pid 6216] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6216] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6216] chdir("./bus") = 0 [pid 6216] ioctl(4, LOOP_CLR_FD) = 0 [pid 6216] close(4) = 0 [pid 6216] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 1 [pid 6216] creat("./bus", 000) = 4 [pid 6216] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 1 [pid 6216] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6216] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 1 [pid 6216] ftruncate(4, 2048) = 0 [pid 6216] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 1 [pid 6216] lseek(4, 0, SEEK_END) = 2048 [pid 6216] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 1 [pid 6216] open("./bus", O_RDONLY) = 5 [pid 6216] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6215] <... futex resumed>) = 0 [pid 6215] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 199.309221][ T6216] loop0: detected capacity change from 0 to 4096 [ 199.318687][ T6216] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6216] <... futex resumed>) = 1 [pid 6216] sendfile(4, 5, NULL, 145139829833722 [pid 6215] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6215] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6215] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6215] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6215] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6217], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6217 [pid 6215] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6215] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6217 attached [pid 6217] set_robust_list(0x7f549a0769e0, 24) = 0 [ 199.370971][ T27] audit: type=1804 audit(1671454780.109:379): pid=6216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/377/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6217] sendfile(4, 5, NULL, 145139829833722 [pid 6215] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6215] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6215] exit_group(0) = ? [pid 6217] <... sendfile resumed>) = ? [pid 6217] +++ exited with 0 +++ [pid 6216] <... sendfile resumed>) = ? [pid 6216] +++ exited with 0 +++ [pid 6215] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6215, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=18 /* 0.18 s */} --- umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./377/binderfs") = 0 umount2("./377/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./377/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./377/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6218 ./strace-static-x86_64: Process 6218 attached [pid 6218] set_robust_list(0x5555556365e0, 24) = 0 [pid 6218] chdir("./378") = 0 [pid 6218] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6218] setpgid(0, 0) = 0 [pid 6218] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6218] write(3, "1000", 4) = 4 [pid 6218] close(3) = 0 [pid 6218] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6218] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6218] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6219 attached [pid 6219] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6219] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] <... clone resumed>, parent_tid=[6219], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6219 [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] <... futex resumed>) = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6219] memfd_create("syzkaller", 0) = 3 [pid 6219] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6219] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6219] munmap(0x7f5499e77000, 2097152) = 0 [pid 6219] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6219] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6219] close(3) = 0 [pid 6219] mkdir("./bus", 0777) = 0 [pid 6219] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6219] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6219] chdir("./bus") = 0 [pid 6219] ioctl(4, LOOP_CLR_FD) = 0 [pid 6219] close(4) = 0 [pid 6219] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... futex resumed>) = 1 [pid 6219] creat("./bus", 000) = 4 [pid 6219] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = 0 [pid 6219] <... futex resumed>) = 1 [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6219] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6219] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... futex resumed>) = 0 [pid 6219] ftruncate(4, 2048) = 0 [pid 6219] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] <... futex resumed>) = 0 [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... futex resumed>) = 1 [pid 6219] lseek(4, 0, SEEK_END) = 2048 [pid 6219] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] open("./bus", O_RDONLY [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6219] <... open resumed>) = 5 [ 199.695533][ T6219] loop0: detected capacity change from 0 to 4096 [ 199.704571][ T6219] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6219] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6218] <... futex resumed>) = 0 [pid 6219] sendfile(4, 5, NULL, 145139829833722 [pid 6218] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6218] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6218] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6218] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6218] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6220 attached [pid 6220] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6220] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6218] <... clone resumed>, parent_tid=[6220], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6220 [pid 6218] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6220] <... futex resumed>) = 0 [pid 6220] sendfile(4, 5, NULL, 145139829833722 [ 199.752529][ T27] audit: type=1804 audit(1671454780.499:380): pid=6219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/378/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6218] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6218] exit_group(0) = ? [pid 6220] <... sendfile resumed>) = ? [pid 6220] +++ exited with 0 +++ [pid 6219] <... sendfile resumed>) = ? [pid 6219] +++ exited with 0 +++ [pid 6218] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6218, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./378/binderfs") = 0 umount2("./378/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./378/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./378/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6221 ./strace-static-x86_64: Process 6221 attached [pid 6221] set_robust_list(0x5555556365e0, 24) = 0 [pid 6221] chdir("./379") = 0 [pid 6221] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6221] setpgid(0, 0) = 0 [pid 6221] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6221] write(3, "1000", 4) = 4 [pid 6221] close(3) = 0 [pid 6221] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6221] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6221] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6222 attached , parent_tid=[6222], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6222 [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6222] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6222] memfd_create("syzkaller", 0) = 3 [pid 6222] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6222] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6222] munmap(0x7f5499e77000, 2097152) = 0 [pid 6222] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6222] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6222] close(3) = 0 [pid 6222] mkdir("./bus", 0777) = 0 [pid 6222] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6222] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6222] chdir("./bus") = 0 [pid 6222] ioctl(4, LOOP_CLR_FD) = 0 [pid 6222] close(4) = 0 [pid 6222] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 1 [pid 6222] creat("./bus", 000) = 4 [pid 6222] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6222] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... fcntl resumed>) = 0 [pid 6222] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] ftruncate(4, 2048) = 0 [pid 6222] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [ 200.085219][ T6222] loop0: detected capacity change from 0 to 4096 [ 200.094596][ T6222] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 1 [pid 6222] lseek(4, 0, SEEK_END) = 2048 [pid 6222] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 1 [pid 6222] open("./bus", O_RDONLY) = 5 [pid 6222] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6221] <... futex resumed>) = 0 [pid 6221] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6222] <... futex resumed>) = 1 [pid 6222] sendfile(4, 5, NULL, 145139829833722 [pid 6221] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6221] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6221] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6221] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6223 attached , parent_tid=[6223], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6223 [pid 6221] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6221] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] set_robust_list(0x7f549a0769e0, 24) = 0 [ 200.150398][ T27] audit: type=1804 audit(1671454780.889:381): pid=6222 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/379/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6223] sendfile(4, 5, NULL, 145139829833722 [pid 6221] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6221] exit_group(0 [pid 6223] <... sendfile resumed>) = ? [pid 6221] <... exit_group resumed>) = ? [pid 6223] +++ exited with 0 +++ [pid 6222] <... sendfile resumed>) = ? [pid 6222] +++ exited with 0 +++ [pid 6221] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6221, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./379/binderfs") = 0 umount2("./379/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./379/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./379/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6224 attached , child_tidptr=0x5555556365d0) = 6224 [pid 6224] set_robust_list(0x5555556365e0, 24) = 0 [pid 6224] chdir("./380") = 0 [pid 6224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6224] setpgid(0, 0) = 0 [pid 6224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6224] write(3, "1000", 4) = 4 [pid 6224] close(3) = 0 [pid 6224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6224] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6224] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6225], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6225 [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6225 attached [pid 6225] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6225] memfd_create("syzkaller", 0) = 3 [pid 6225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6225] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6225] munmap(0x7f5499e77000, 2097152) = 0 [pid 6225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6225] close(3) = 0 [pid 6225] mkdir("./bus", 0777) = 0 [pid 6225] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6225] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6225] chdir("./bus") = 0 [pid 6225] ioctl(4, LOOP_CLR_FD) = 0 [pid 6225] close(4) = 0 [pid 6225] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6225] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6224] <... futex resumed>) = 0 [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6225] <... futex resumed>) = 0 [pid 6225] creat("./bus", 000) = 4 [pid 6225] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6224] <... futex resumed>) = 0 [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] <... futex resumed>) = 1 [pid 6225] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6225] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 200.478473][ T6225] loop0: detected capacity change from 0 to 4096 [ 200.487542][ T6225] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6225] <... futex resumed>) = 1 [pid 6224] <... futex resumed>) = 0 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 6225] ftruncate(4, 2048) = 0 [pid 6225] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6224] <... futex resumed>) = 0 [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6225] lseek(4, 0, SEEK_END) = 2048 [pid 6225] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6224] <... futex resumed>) = 0 [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] open("./bus", O_RDONLY [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6225] <... open resumed>) = 5 [pid 6225] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6224] <... futex resumed>) = 0 [pid 6225] sendfile(4, 5, NULL, 145139829833722 [pid 6224] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6224] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6224] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6224] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6224] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6226 attached , parent_tid=[6226], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6226 [pid 6224] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6226] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6226] sendfile(4, 5, NULL, 145139829833722 [pid 6224] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6224] exit_group(0) = ? [pid 6226] <... sendfile resumed>) = ? [pid 6225] <... sendfile resumed>) = ? [pid 6225] +++ exited with 0 +++ [pid 6226] +++ exited with 0 +++ [pid 6224] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6224, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./380/binderfs") = 0 umount2("./380/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./380/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./380/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./380/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6227 ./strace-static-x86_64: Process 6227 attached [pid 6227] set_robust_list(0x5555556365e0, 24) = 0 [pid 6227] chdir("./381") = 0 [pid 6227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6227] setpgid(0, 0) = 0 [pid 6227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6227] write(3, "1000", 4) = 4 [pid 6227] close(3) = 0 [pid 6227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6227] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6227] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6228], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6228 [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6228 attached [pid 6228] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6228] memfd_create("syzkaller", 0) = 3 [pid 6228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6228] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6228] munmap(0x7f5499e77000, 2097152) = 0 [pid 6228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6228] close(3) = 0 [pid 6228] mkdir("./bus", 0777) = 0 [pid 6228] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6228] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6228] chdir("./bus") = 0 [pid 6228] ioctl(4, LOOP_CLR_FD) = 0 [pid 6228] close(4) = 0 [pid 6228] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] <... futex resumed>) = 0 [pid 6228] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6227] <... futex resumed>) = 0 [pid 6228] creat("./bus", 000 [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... creat resumed>) = 4 [pid 6228] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] <... futex resumed>) = 0 [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6228] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... fcntl resumed>) = 0 [ 200.874341][ T6228] loop0: detected capacity change from 0 to 4096 [ 200.884217][ T6228] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6228] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] <... futex resumed>) = 0 [pid 6228] ftruncate(4, 2048 [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... ftruncate resumed>) = 0 [pid 6228] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] <... futex resumed>) = 0 [pid 6228] lseek(4, 0, SEEK_END [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... lseek resumed>) = 2048 [pid 6228] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] <... futex resumed>) = 0 [pid 6228] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6227] <... futex resumed>) = 0 [pid 6228] open("./bus", O_RDONLY [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] <... open resumed>) = 5 [pid 6228] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6227] <... futex resumed>) = 0 [pid 6228] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6227] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6228] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6227] <... futex resumed>) = 0 [pid 6227] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] sendfile(4, 5, NULL, 145139829833722 [pid 6227] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6227] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6227] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6227] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6229 attached , parent_tid=[6229], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6229 [pid 6229] set_robust_list(0x7f549a0769e0, 24 [pid 6227] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] <... set_robust_list resumed>) = 0 [pid 6227] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6229] sendfile(4, 5, NULL, 145139829833722 [pid 6227] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6227] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6227] exit_group(0) = ? [pid 6229] <... sendfile resumed>) = ? [pid 6229] +++ exited with 0 +++ [pid 6228] <... sendfile resumed>) = ? [pid 6228] +++ exited with 0 +++ [pid 6227] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6227, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./381/binderfs") = 0 umount2("./381/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./381/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./381/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./381/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6230 ./strace-static-x86_64: Process 6230 attached [pid 6230] set_robust_list(0x5555556365e0, 24) = 0 [pid 6230] chdir("./382") = 0 [pid 6230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6230] setpgid(0, 0) = 0 [pid 6230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6230] write(3, "1000", 4) = 4 [pid 6230] close(3) = 0 [pid 6230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6230] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6230] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6231 attached , parent_tid=[6231], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6231 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6231] set_robust_list(0x7f54a22979e0, 24 [pid 6230] <... futex resumed>) = 0 [pid 6231] <... set_robust_list resumed>) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6231] memfd_create("syzkaller", 0) = 3 [pid 6231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6231] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6231] munmap(0x7f5499e77000, 2097152) = 0 [pid 6231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6231] close(3) = 0 [pid 6231] mkdir("./bus", 0777) = 0 [pid 6231] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6231] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6231] chdir("./bus") = 0 [pid 6231] ioctl(4, LOOP_CLR_FD) = 0 [pid 6231] close(4) = 0 [pid 6231] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] creat("./bus", 000) = 4 [pid 6231] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] <... futex resumed>) = 1 [pid 6231] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6231] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] <... futex resumed>) = 1 [pid 6231] ftruncate(4, 2048) = 0 [pid 6231] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] <... futex resumed>) = 1 [pid 6231] lseek(4, 0, SEEK_END) = 2048 [pid 6231] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6231] <... futex resumed>) = 1 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] open("./bus", O_RDONLY) = 5 [pid 6231] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6231] <... futex resumed>) = 1 [ 201.267497][ T6231] loop0: detected capacity change from 0 to 4096 [ 201.276607][ T6231] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6231] sendfile(4, 5, NULL, 145139829833722 [pid 6230] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6230] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6230] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6230] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6230] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6232 attached [pid 6232] set_robust_list(0x7f549a0769e0, 24 [pid 6230] <... clone resumed>, parent_tid=[6232], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6232 [pid 6232] <... set_robust_list resumed>) = 0 [pid 6230] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] sendfile(4, 5, NULL, 145139829833722 [pid 6230] <... futex resumed>) = 0 [pid 6230] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6230] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6230] exit_group(0) = ? [pid 6232] <... sendfile resumed>) = ? [pid 6232] +++ exited with 0 +++ [pid 6231] <... sendfile resumed>) = ? [pid 6231] +++ exited with 0 +++ [pid 6230] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6230, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./382/binderfs") = 0 umount2("./382/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./382/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./382/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./382/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6233 ./strace-static-x86_64: Process 6233 attached [pid 6233] set_robust_list(0x5555556365e0, 24) = 0 [pid 6233] chdir("./383") = 0 [pid 6233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6233] setpgid(0, 0) = 0 [pid 6233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6233] write(3, "1000", 4) = 4 [pid 6233] close(3) = 0 [pid 6233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6233] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6234 attached , parent_tid=[6234], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6234 [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6234] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6234] memfd_create("syzkaller", 0) = 3 [pid 6234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6234] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6234] munmap(0x7f5499e77000, 2097152) = 0 [pid 6234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6234] close(3) = 0 [pid 6234] mkdir("./bus", 0777) = 0 [pid 6234] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6234] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6234] chdir("./bus") = 0 [pid 6234] ioctl(4, LOOP_CLR_FD) = 0 [pid 6234] close(4) = 0 [pid 6234] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... futex resumed>) = 1 [pid 6234] creat("./bus", 000) = 4 [pid 6234] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6234] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6234] ftruncate(4, 2048 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... ftruncate resumed>) = 0 [pid 6234] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] lseek(4, 0, SEEK_END [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... lseek resumed>) = 2048 [pid 6234] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6234] <... futex resumed>) = 1 [pid 6234] open("./bus", O_RDONLY) = 5 [ 201.643568][ T6234] loop0: detected capacity change from 0 to 4096 [ 201.653631][ T6234] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6234] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6234] <... futex resumed>) = 1 [pid 6233] <... futex resumed>) = 0 [pid 6234] sendfile(4, 5, NULL, 145139829833722 [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6233] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6233] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6233] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6235], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6235 [pid 6233] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6235 attached [pid 6235] set_robust_list(0x7f549a0769e0, 24) = 0 [ 201.698863][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 201.698876][ T27] audit: type=1804 audit(1671454782.439:385): pid=6234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/383/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6235] sendfile(4, 5, NULL, 145139829833722 [pid 6233] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6233] exit_group(0) = ? [pid 6235] <... sendfile resumed>) = ? [pid 6235] +++ exited with 0 +++ [pid 6234] <... sendfile resumed>) = ? [pid 6234] +++ exited with 0 +++ [pid 6233] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6233, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./383/binderfs") = 0 umount2("./383/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./383/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./383/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./383/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6236 ./strace-static-x86_64: Process 6236 attached [pid 6236] set_robust_list(0x5555556365e0, 24) = 0 [pid 6236] chdir("./384") = 0 [pid 6236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6236] setpgid(0, 0) = 0 [pid 6236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6236] write(3, "1000", 4) = 4 [pid 6236] close(3) = 0 [pid 6236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6236] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6236] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6237 attached , parent_tid=[6237], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6237 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6237] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6237] memfd_create("syzkaller", 0) = 3 [pid 6237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6237] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6237] munmap(0x7f5499e77000, 2097152) = 0 [pid 6237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6237] close(3) = 0 [pid 6237] mkdir("./bus", 0777) = 0 [pid 6237] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6237] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6237] chdir("./bus") = 0 [pid 6237] ioctl(4, LOOP_CLR_FD) = 0 [pid 6237] close(4) = 0 [pid 6237] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... futex resumed>) = 1 [pid 6237] creat("./bus", 000) = 4 [pid 6237] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... futex resumed>) = 1 [pid 6237] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6237] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... futex resumed>) = 1 [pid 6237] ftruncate(4, 2048) = 0 [pid 6237] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] lseek(4, 0, SEEK_END) = 2048 [pid 6237] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6237] open("./bus", O_RDONLY [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... open resumed>) = 5 [pid 6237] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 202.022585][ T6237] loop0: detected capacity change from 0 to 4096 [ 202.032795][ T6237] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6237] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6236] <... futex resumed>) = 0 [pid 6236] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] <... futex resumed>) = 0 [ 202.081110][ T27] audit: type=1804 audit(1671454782.829:386): pid=6237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/384/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6237] sendfile(4, 5, NULL, 145139829833722 [pid 6236] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6236] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6236] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6236] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6238 attached , parent_tid=[6238], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6238 [pid 6238] set_robust_list(0x7f549a0769e0, 24 [pid 6236] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6238] <... set_robust_list resumed>) = 0 [pid 6238] sendfile(4, 5, NULL, 145139829833722 [pid 6236] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6236] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6236] exit_group(0) = ? [pid 6238] <... sendfile resumed>) = ? [pid 6238] +++ exited with 0 +++ [pid 6237] <... sendfile resumed>) = ? [pid 6237] +++ exited with 0 +++ [pid 6236] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6236, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./384/binderfs") = 0 umount2("./384/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./384/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./384/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./384/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6239 ./strace-static-x86_64: Process 6239 attached [pid 6239] set_robust_list(0x5555556365e0, 24) = 0 [pid 6239] chdir("./385") = 0 [pid 6239] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6239] setpgid(0, 0) = 0 [pid 6239] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6239] write(3, "1000", 4) = 4 [pid 6239] close(3) = 0 [pid 6239] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6239] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6240 attached , parent_tid=[6240], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6240 [pid 6240] set_robust_list(0x7f54a22979e0, 24 [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6240] <... set_robust_list resumed>) = 0 [pid 6240] memfd_create("syzkaller", 0) = 3 [pid 6240] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6240] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6240] munmap(0x7f5499e77000, 2097152) = 0 [pid 6240] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6240] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6240] close(3) = 0 [pid 6240] mkdir("./bus", 0777) = 0 [pid 6240] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6240] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6240] chdir("./bus") = 0 [pid 6240] ioctl(4, LOOP_CLR_FD) = 0 [pid 6240] close(4) = 0 [pid 6240] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] <... futex resumed>) = 1 [pid 6240] creat("./bus", 000) = 4 [pid 6240] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] <... futex resumed>) = 1 [pid 6240] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6240] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] <... futex resumed>) = 1 [pid 6240] ftruncate(4, 2048) = 0 [pid 6240] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6240] <... futex resumed>) = 1 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] lseek(4, 0, SEEK_END) = 2048 [pid 6240] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6239] <... futex resumed>) = 0 [pid 6240] open("./bus", O_RDONLY [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6240] <... open resumed>) = 5 [pid 6240] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 202.415856][ T6240] loop0: detected capacity change from 0 to 4096 [ 202.426324][ T6240] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6240] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6239] <... futex resumed>) = 0 [pid 6239] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6240] <... futex resumed>) = 0 [pid 6239] <... futex resumed>) = 1 [pid 6240] sendfile(4, 5, NULL, 145139829833722 [pid 6239] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6239] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6239] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6239] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6241 attached [pid 6241] set_robust_list(0x7f549a0769e0, 24 [pid 6239] <... clone resumed>, parent_tid=[6241], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6241 [pid 6241] <... set_robust_list resumed>) = 0 [pid 6239] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] sendfile(4, 5, NULL, 145139829833722 [pid 6239] <... futex resumed>) = 0 [ 202.474586][ T27] audit: type=1804 audit(1671454783.219:387): pid=6240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/385/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6239] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6239] exit_group(0) = ? [pid 6241] <... sendfile resumed>) = ? [pid 6241] +++ exited with 0 +++ [pid 6240] <... sendfile resumed>) = ? [pid 6240] +++ exited with 0 +++ [pid 6239] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6239, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./385/binderfs") = 0 umount2("./385/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./385/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./385/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./385/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6242 ./strace-static-x86_64: Process 6242 attached [pid 6242] set_robust_list(0x5555556365e0, 24) = 0 [pid 6242] chdir("./386") = 0 [pid 6242] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6242] setpgid(0, 0) = 0 [pid 6242] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6242] write(3, "1000", 4) = 4 [pid 6242] close(3) = 0 [pid 6242] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6242] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6242] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6243], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6243 [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6243 attached [pid 6243] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6243] memfd_create("syzkaller", 0) = 3 [pid 6243] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6243] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6243] munmap(0x7f5499e77000, 2097152) = 0 [pid 6243] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6243] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6243] close(3) = 0 [pid 6243] mkdir("./bus", 0777) = 0 [pid 6243] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6243] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6243] chdir("./bus") = 0 [pid 6243] ioctl(4, LOOP_CLR_FD) = 0 [pid 6243] close(4) = 0 [pid 6243] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = 0 [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... futex resumed>) = 1 [pid 6243] creat("./bus", 000) = 4 [pid 6243] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = 0 [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... futex resumed>) = 1 [pid 6243] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6243] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6243] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] <... futex resumed>) = 0 [pid 6243] ftruncate(4, 2048 [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... ftruncate resumed>) = 0 [pid 6243] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6243] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] <... futex resumed>) = 0 [pid 6243] lseek(4, 0, SEEK_END [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... lseek resumed>) = 2048 [pid 6243] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6243] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6243] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6242] <... futex resumed>) = 0 [ 202.791739][ T6243] loop0: detected capacity change from 0 to 4096 [ 202.801301][ T6243] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6243] open("./bus", O_RDONLY [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... open resumed>) = 5 [pid 6243] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6242] <... futex resumed>) = 0 [pid 6243] sendfile(4, 5, NULL, 145139829833722 [pid 6242] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 202.851455][ T27] audit: type=1804 audit(1671454783.599:388): pid=6243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/386/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6242] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6242] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6242] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6242] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6242] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6244 attached , parent_tid=[6244], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6244 [pid 6244] set_robust_list(0x7f549a0769e0, 24 [pid 6242] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... set_robust_list resumed>) = 0 [pid 6242] <... futex resumed>) = 0 [pid 6244] sendfile(4, 5, NULL, 145139829833722 [pid 6242] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6242] exit_group(0) = ? [pid 6243] <... sendfile resumed>) = ? [pid 6243] +++ exited with 0 +++ [pid 6244] <... sendfile resumed>) = ? [pid 6244] +++ exited with 0 +++ [pid 6242] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6242, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./386/binderfs") = 0 umount2("./386/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./386/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./386/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./386/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6245 ./strace-static-x86_64: Process 6245 attached [pid 6245] set_robust_list(0x5555556365e0, 24) = 0 [pid 6245] chdir("./387") = 0 [pid 6245] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6245] setpgid(0, 0) = 0 [pid 6245] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6245] write(3, "1000", 4) = 4 [pid 6245] close(3) = 0 [pid 6245] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6245] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6245] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6246], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6246 [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6246 attached [pid 6246] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6245] <... futex resumed>) = 0 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6246] memfd_create("syzkaller", 0) = 3 [pid 6246] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6246] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6246] munmap(0x7f5499e77000, 2097152) = 0 [pid 6246] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6246] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6246] close(3) = 0 [pid 6246] mkdir("./bus", 0777) = 0 [pid 6246] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6246] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6246] chdir("./bus") = 0 [pid 6246] ioctl(4, LOOP_CLR_FD) = 0 [pid 6246] close(4) = 0 [pid 6246] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6245] <... futex resumed>) = 0 [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... futex resumed>) = 0 [pid 6246] creat("./bus", 000) = 4 [pid 6246] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] <... futex resumed>) = 0 [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... futex resumed>) = 1 [pid 6246] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6246] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] <... futex resumed>) = 0 [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... futex resumed>) = 1 [pid 6246] ftruncate(4, 2048) = 0 [pid 6246] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] <... futex resumed>) = 0 [pid 6246] <... futex resumed>) = 1 [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] lseek(4, 0, SEEK_END) = 2048 [pid 6246] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6246] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6245] <... futex resumed>) = 0 [pid 6246] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 203.191289][ T6246] loop0: detected capacity change from 0 to 4096 [ 203.200216][ T6246] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6246] open("./bus", O_RDONLY [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... open resumed>) = 5 [pid 6246] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6245] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6246] <... futex resumed>) = 0 [pid 6245] <... futex resumed>) = 1 [pid 6246] sendfile(4, 5, NULL, 145139829833722 [pid 6245] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6245] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6245] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6245] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6247], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6247 ./strace-static-x86_64: Process 6247 attached [pid 6245] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6247] set_robust_list(0x7f549a0769e0, 24) = 0 [ 203.253165][ T27] audit: type=1804 audit(1671454783.999:389): pid=6246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/387/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6247] sendfile(4, 5, NULL, 145139829833722 [pid 6245] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6245] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6245] exit_group(0) = ? [pid 6246] <... sendfile resumed>) = ? [pid 6246] +++ exited with 0 +++ [pid 6247] <... sendfile resumed>) = ? [pid 6247] +++ exited with 0 +++ [pid 6245] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6245, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./387/binderfs") = 0 umount2("./387/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./387/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./387/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./387/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6248 ./strace-static-x86_64: Process 6248 attached [pid 6248] set_robust_list(0x5555556365e0, 24) = 0 [pid 6248] chdir("./388") = 0 [pid 6248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6248] setpgid(0, 0) = 0 [pid 6248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6248] write(3, "1000", 4) = 4 [pid 6248] close(3) = 0 [pid 6248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6248] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6249], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6249 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6249 attached [pid 6249] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6249] memfd_create("syzkaller", 0) = 3 [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6249] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6249] munmap(0x7f5499e77000, 2097152) = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6249] close(3) = 0 [pid 6249] mkdir("./bus", 0777) = 0 [pid 6249] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6249] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6249] chdir("./bus") = 0 [pid 6249] ioctl(4, LOOP_CLR_FD) = 0 [pid 6249] close(4) = 0 [pid 6249] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 1 [ 203.579291][ T6249] loop0: detected capacity change from 0 to 4096 [ 203.589551][ T6249] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6249] creat("./bus", 000) = 4 [pid 6249] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 1 [pid 6249] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6249] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 1 [pid 6249] ftruncate(4, 2048) = 0 [pid 6249] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 1 [pid 6249] lseek(4, 0, SEEK_END) = 2048 [pid 6249] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 1 [pid 6249] open("./bus", O_RDONLY) = 5 [pid 6249] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... futex resumed>) = 1 [pid 6249] sendfile(4, 5, NULL, 145139829833722 [pid 6248] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6248] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6248] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6250], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6250 [pid 6248] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6250 attached [pid 6250] set_robust_list(0x7f549a0769e0, 24) = 0 [ 203.633059][ T27] audit: type=1804 audit(1671454784.379:390): pid=6249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/388/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6250] sendfile(4, 5, NULL, 145139829833722 [pid 6248] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6248] exit_group(0) = ? [pid 6249] <... sendfile resumed>) = ? [pid 6249] +++ exited with 0 +++ [pid 6250] <... sendfile resumed>) = ? [pid 6250] +++ exited with 0 +++ [pid 6248] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6248, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./388/binderfs") = 0 umount2("./388/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./388/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./388/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./388/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6251 ./strace-static-x86_64: Process 6251 attached [pid 6251] set_robust_list(0x5555556365e0, 24) = 0 [pid 6251] chdir("./389") = 0 [pid 6251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6251] setpgid(0, 0) = 0 [pid 6251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6251] write(3, "1000", 4) = 4 [pid 6251] close(3) = 0 [pid 6251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6251] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6251] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6252], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6252 ./strace-static-x86_64: Process 6252 attached [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6252] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6252] memfd_create("syzkaller", 0) = 3 [pid 6252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6252] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6252] munmap(0x7f5499e77000, 2097152) = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6252] close(3) = 0 [pid 6252] mkdir("./bus", 0777) = 0 [pid 6252] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6252] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6252] chdir("./bus") = 0 [pid 6252] ioctl(4, LOOP_CLR_FD) = 0 [pid 6252] close(4) = 0 [pid 6252] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... futex resumed>) = 0 [pid 6252] creat("./bus", 000) = 4 [pid 6252] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... futex resumed>) = 1 [pid 6252] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6252] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... futex resumed>) = 1 [pid 6252] ftruncate(4, 2048) = 0 [pid 6252] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... futex resumed>) = 1 [pid 6252] lseek(4, 0, SEEK_END) = 2048 [pid 6252] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... futex resumed>) = 1 [ 203.956413][ T6252] loop0: detected capacity change from 0 to 4096 [ 203.966103][ T6252] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6252] open("./bus", O_RDONLY) = 5 [pid 6252] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6252] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = 0 [pid 6251] <... futex resumed>) = 1 [pid 6252] sendfile(4, 5, NULL, 145139829833722 [ 204.004161][ T27] audit: type=1804 audit(1671454784.749:391): pid=6252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/389/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6251] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6251] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6251] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6251] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6253 attached [pid 6253] set_robust_list(0x7f549a0769e0, 24 [pid 6251] <... clone resumed>, parent_tid=[6253], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6253 [pid 6251] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] <... set_robust_list resumed>) = 0 [pid 6251] <... futex resumed>) = 0 [pid 6253] sendfile(4, 5, NULL, 145139829833722 [pid 6251] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6251] exit_group(0) = ? [pid 6253] <... sendfile resumed>) = ? [pid 6253] +++ exited with 0 +++ [pid 6252] <... sendfile resumed>) = ? [pid 6252] +++ exited with 0 +++ [pid 6251] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6251, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./389/binderfs") = 0 umount2("./389/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./389/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./389/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./389/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6254 ./strace-static-x86_64: Process 6254 attached [pid 6254] set_robust_list(0x5555556365e0, 24) = 0 [pid 6254] chdir("./390") = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6254] close(3) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6254] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6255], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6255 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6255 attached [pid 6255] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6255] memfd_create("syzkaller", 0) = 3 [pid 6255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6255] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6255] munmap(0x7f5499e77000, 2097152) = 0 [pid 6255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6255] close(3) = 0 [pid 6255] mkdir("./bus", 0777) = 0 [pid 6255] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6255] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6255] chdir("./bus") = 0 [pid 6255] ioctl(4, LOOP_CLR_FD) = 0 [pid 6255] close(4) = 0 [pid 6255] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 204.346102][ T6255] loop0: detected capacity change from 0 to 4096 [ 204.355637][ T6255] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 0 [pid 6255] creat("./bus", 000) = 4 [pid 6255] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6255] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 1 [pid 6255] ftruncate(4, 2048) = 0 [pid 6255] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 1 [pid 6255] lseek(4, 0, SEEK_END) = 2048 [pid 6255] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 1 [pid 6255] open("./bus", O_RDONLY) = 5 [pid 6255] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 0 [pid 6255] sendfile(4, 5, NULL, 145139829833722 [pid 6254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6254] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6254] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6256 attached , parent_tid=[6256], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6256 [pid 6256] set_robust_list(0x7f549a0769e0, 24 [pid 6254] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6256] <... set_robust_list resumed>) = 0 [pid 6254] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 204.415494][ T27] audit: type=1804 audit(1671454785.159:392): pid=6255 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/390/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6256] sendfile(4, 5, NULL, 145139829833722 [pid 6254] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6254] exit_group(0) = ? [pid 6255] <... sendfile resumed>) = ? [pid 6255] +++ exited with 0 +++ [pid 6256] <... sendfile resumed>) = ? [pid 6256] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./390/binderfs") = 0 umount2("./390/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./390/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./390/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./390/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6257 ./strace-static-x86_64: Process 6257 attached [pid 6257] set_robust_list(0x5555556365e0, 24) = 0 [pid 6257] chdir("./391") = 0 [pid 6257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6257] setpgid(0, 0) = 0 [pid 6257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6257] write(3, "1000", 4) = 4 [pid 6257] close(3) = 0 [pid 6257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6257] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6257] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6258 attached , parent_tid=[6258], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6258 [pid 6258] set_robust_list(0x7f54a22979e0, 24 [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6258] <... set_robust_list resumed>) = 0 [pid 6258] memfd_create("syzkaller", 0) = 3 [pid 6258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6258] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6258] munmap(0x7f5499e77000, 2097152) = 0 [pid 6258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6258] close(3) = 0 [pid 6258] mkdir("./bus", 0777) = 0 [pid 6258] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6258] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6258] chdir("./bus") = 0 [pid 6258] ioctl(4, LOOP_CLR_FD) = 0 [pid 6258] close(4) = 0 [pid 6258] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6258] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6257] <... futex resumed>) = 0 [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6257] <... futex resumed>) = 1 [pid 6258] creat("./bus", 000 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] <... creat resumed>) = 4 [pid 6258] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6257] <... futex resumed>) = 0 [pid 6258] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6257] <... futex resumed>) = 0 [pid 6258] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] <... fcntl resumed>) = 0 [pid 6258] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6257] <... futex resumed>) = 0 [pid 6258] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6257] <... futex resumed>) = 0 [pid 6258] ftruncate(4, 2048 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] <... ftruncate resumed>) = 0 [pid 6258] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6257] <... futex resumed>) = 0 [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 204.732021][ T6258] loop0: detected capacity change from 0 to 4096 [ 204.742285][ T6258] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6258] lseek(4, 0, SEEK_END [pid 6257] <... futex resumed>) = 0 [pid 6258] <... lseek resumed>) = 2048 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6258] <... futex resumed>) = 0 [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] open("./bus", O_RDONLY [pid 6257] <... futex resumed>) = 0 [pid 6258] <... open resumed>) = 5 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6258] <... futex resumed>) = 0 [pid 6257] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] sendfile(4, 5, NULL, 145139829833722 [pid 6257] <... futex resumed>) = 0 [pid 6257] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6257] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6257] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6257] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6259], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6259 [pid 6257] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6259 attached [pid 6259] set_robust_list(0x7f549a0769e0, 24) = 0 [ 204.794138][ T27] audit: type=1804 audit(1671454785.539:393): pid=6258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/391/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6259] sendfile(4, 5, NULL, 145139829833722 [pid 6257] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6257] exit_group(0) = ? [pid 6258] <... sendfile resumed>) = ? [pid 6259] <... sendfile resumed>) = ? [pid 6259] +++ exited with 0 +++ [pid 6258] +++ exited with 0 +++ [pid 6257] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6257, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./391/binderfs") = 0 umount2("./391/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./391/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./391/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./391/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6260 ./strace-static-x86_64: Process 6260 attached [pid 6260] set_robust_list(0x5555556365e0, 24) = 0 [pid 6260] chdir("./392") = 0 [pid 6260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6260] setpgid(0, 0) = 0 [pid 6260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6260] write(3, "1000", 4) = 4 [pid 6260] close(3) = 0 [pid 6260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6260] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6260] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6261], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6261 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6261 attached [pid 6261] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6261] memfd_create("syzkaller", 0) = 3 [pid 6261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6261] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6261] munmap(0x7f5499e77000, 2097152) = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6261] close(3) = 0 [pid 6261] mkdir("./bus", 0777) = 0 [pid 6261] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6261] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6261] chdir("./bus") = 0 [pid 6261] ioctl(4, LOOP_CLR_FD) = 0 [pid 6261] close(4) = 0 [pid 6261] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] <... futex resumed>) = 0 [pid 6261] creat("./bus", 000 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... creat resumed>) = 4 [pid 6261] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = 1 [pid 6261] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6261] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = 1 [pid 6261] ftruncate(4, 2048) = 0 [pid 6261] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = 1 [pid 6261] lseek(4, 0, SEEK_END) = 2048 [pid 6261] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = 1 [ 205.127369][ T6261] loop0: detected capacity change from 0 to 4096 [ 205.137027][ T6261] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6261] open("./bus", O_RDONLY) = 5 [pid 6261] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6260] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... futex resumed>) = 0 [pid 6261] sendfile(4, 5, NULL, 145139829833722 [pid 6260] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6260] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6260] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6260] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6262 attached , parent_tid=[6262], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6262 [pid 6260] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6262] set_robust_list(0x7f549a0769e0, 24 [pid 6260] <... futex resumed>) = 0 [pid 6262] <... set_robust_list resumed>) = 0 [pid 6260] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 205.183758][ T27] audit: type=1804 audit(1671454785.929:394): pid=6261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/392/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6262] sendfile(4, 5, NULL, 145139829833722 [pid 6260] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6260] exit_group(0 [pid 6261] <... sendfile resumed>) = ? [pid 6260] <... exit_group resumed>) = ? [pid 6261] +++ exited with 0 +++ [pid 6262] <... sendfile resumed>) = ? [pid 6262] +++ exited with 0 +++ [pid 6260] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6260, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./392/binderfs") = 0 umount2("./392/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./392/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./392/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./392/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6263 ./strace-static-x86_64: Process 6263 attached [pid 6263] set_robust_list(0x5555556365e0, 24) = 0 [pid 6263] chdir("./393") = 0 [pid 6263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6263] setpgid(0, 0) = 0 [pid 6263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6263] write(3, "1000", 4) = 4 [pid 6263] close(3) = 0 [pid 6263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6263] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6264 attached , parent_tid=[6264], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6264 [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] set_robust_list(0x7f54a22979e0, 24 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6264] <... set_robust_list resumed>) = 0 [pid 6264] memfd_create("syzkaller", 0) = 3 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6264] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6264] munmap(0x7f5499e77000, 2097152) = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6264] close(3) = 0 [pid 6264] mkdir("./bus", 0777) = 0 [pid 6264] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6264] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6264] chdir("./bus") = 0 [pid 6264] ioctl(4, LOOP_CLR_FD) = 0 [pid 6264] close(4) = 0 [pid 6264] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] creat("./bus", 000) = 4 [pid 6264] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... futex resumed>) = 1 [pid 6264] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6264] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] ftruncate(4, 2048 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... ftruncate resumed>) = 0 [pid 6264] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... futex resumed>) = 1 [pid 6264] lseek(4, 0, SEEK_END) = 2048 [pid 6264] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] open("./bus", O_RDONLY [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] <... open resumed>) = 5 [pid 6264] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 1 [pid 6263] <... futex resumed>) = 0 [pid 6264] sendfile(4, 5, NULL, 145139829833722 [ 205.519351][ T6264] loop0: detected capacity change from 0 to 4096 [ 205.528807][ T6264] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6263] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6263] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6263] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6265 attached [pid 6265] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6265] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] <... clone resumed>, parent_tid=[6265], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6265 [pid 6263] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6265] <... futex resumed>) = 0 [pid 6263] <... futex resumed>) = 1 [pid 6265] sendfile(4, 5, NULL, 145139829833722 [pid 6263] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6263] exit_group(0) = ? [pid 6265] <... sendfile resumed>) = ? [pid 6265] +++ exited with 0 +++ [pid 6264] <... sendfile resumed>) = ? [pid 6264] +++ exited with 0 +++ [pid 6263] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6263, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./393/binderfs") = 0 umount2("./393/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./393/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./393/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./393/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6266 ./strace-static-x86_64: Process 6266 attached [pid 6266] set_robust_list(0x5555556365e0, 24) = 0 [pid 6266] chdir("./394") = 0 [pid 6266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6266] setpgid(0, 0) = 0 [pid 6266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6266] write(3, "1000", 4) = 4 [pid 6266] close(3) = 0 [pid 6266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6266] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6266] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6267], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6267 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6267 attached [pid 6267] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6267] memfd_create("syzkaller", 0) = 3 [pid 6267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6267] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6267] munmap(0x7f5499e77000, 2097152) = 0 [pid 6267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6267] close(3) = 0 [pid 6267] mkdir("./bus", 0777) = 0 [pid 6267] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6267] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6267] chdir("./bus") = 0 [pid 6267] ioctl(4, LOOP_CLR_FD) = 0 [pid 6267] close(4) = 0 [pid 6267] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = 1 [pid 6267] creat("./bus", 000) = 4 [pid 6267] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = 1 [pid 6267] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6267] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = 1 [pid 6267] ftruncate(4, 2048) = 0 [pid 6267] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = 1 [pid 6267] lseek(4, 0, SEEK_END) = 2048 [pid 6267] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = 1 [pid 6267] open("./bus", O_RDONLY) = 5 [pid 6267] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = 1 [ 205.909812][ T6267] loop0: detected capacity change from 0 to 4096 [ 205.919501][ T6267] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6267] sendfile(4, 5, NULL, 145139829833722 [pid 6266] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6266] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6266] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6266] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6268 attached [pid 6268] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6266] <... clone resumed>, parent_tid=[6268], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6268 [pid 6268] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6266] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6268] <... futex resumed>) = 0 [pid 6268] sendfile(4, 5, NULL, 145139829833722 [pid 6266] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6266] exit_group(0) = ? [pid 6268] <... sendfile resumed>) = ? [pid 6268] +++ exited with 0 +++ [pid 6267] <... sendfile resumed>) = ? [pid 6267] +++ exited with 0 +++ [pid 6266] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6266, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./394/binderfs") = 0 umount2("./394/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./394/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./394/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./394/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./394/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6269 ./strace-static-x86_64: Process 6269 attached [pid 6269] set_robust_list(0x5555556365e0, 24) = 0 [pid 6269] chdir("./395") = 0 [pid 6269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6269] setpgid(0, 0) = 0 [pid 6269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6269] write(3, "1000", 4) = 4 [pid 6269] close(3) = 0 [pid 6269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6269] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6269] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6270 attached , parent_tid=[6270], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6270 [pid 6270] set_robust_list(0x7f54a22979e0, 24 [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6270] <... set_robust_list resumed>) = 0 [pid 6270] memfd_create("syzkaller", 0) = 3 [pid 6270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6270] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6270] munmap(0x7f5499e77000, 2097152) = 0 [pid 6270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6270] close(3) = 0 [pid 6270] mkdir("./bus", 0777) = 0 [pid 6270] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6270] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6270] chdir("./bus") = 0 [pid 6270] ioctl(4, LOOP_CLR_FD) = 0 [pid 6270] close(4) = 0 [pid 6270] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6269] <... futex resumed>) = 0 [pid 6270] creat("./bus", 000 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... creat resumed>) = 4 [pid 6270] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... fcntl resumed>) = 0 [pid 6270] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] ftruncate(4, 2048 [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... ftruncate resumed>) = 0 [pid 6270] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6269] <... futex resumed>) = 0 [pid 6270] lseek(4, 0, SEEK_END [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... lseek resumed>) = 2048 [pid 6270] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] open("./bus", O_RDONLY [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... open resumed>) = 5 [pid 6269] <... futex resumed>) = 0 [ 206.293132][ T6270] loop0: detected capacity change from 0 to 4096 [ 206.302339][ T6270] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6270] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... futex resumed>) = 0 [pid 6269] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6270] sendfile(4, 5, NULL, 145139829833722 [pid 6269] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6269] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6269] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6269] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6269] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6271 attached , parent_tid=[6271], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6271 [pid 6271] set_robust_list(0x7f549a0769e0, 24 [pid 6269] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] <... set_robust_list resumed>) = 0 [pid 6269] <... futex resumed>) = 0 [pid 6271] sendfile(4, 5, NULL, 145139829833722 [pid 6269] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6269] exit_group(0) = ? [pid 6270] <... sendfile resumed>) = ? [pid 6270] +++ exited with 0 +++ [pid 6271] <... sendfile resumed>) = ? [pid 6271] +++ exited with 0 +++ [pid 6269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6269, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./395/binderfs") = 0 umount2("./395/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./395/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./395/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./395/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6272 ./strace-static-x86_64: Process 6272 attached [pid 6272] set_robust_list(0x5555556365e0, 24) = 0 [pid 6272] chdir("./396") = 0 [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6272] setpgid(0, 0) = 0 [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6272] close(3) = 0 [pid 6272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6272] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6272] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6273 attached , parent_tid=[6273], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6273 [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6273] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6273] memfd_create("syzkaller", 0) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6273] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6273] munmap(0x7f5499e77000, 2097152) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6273] close(3) = 0 [pid 6273] mkdir("./bus", 0777) = 0 [pid 6273] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6273] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6273] chdir("./bus") = 0 [pid 6273] ioctl(4, LOOP_CLR_FD) = 0 [pid 6273] close(4) = 0 [pid 6273] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6273] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... futex resumed>) = 0 [pid 6273] creat("./bus", 000) = 4 [pid 6273] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6273] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6273] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] ftruncate(4, 2048) = 0 [pid 6273] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... futex resumed>) = 1 [pid 6273] lseek(4, 0, SEEK_END) = 2048 [pid 6273] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... futex resumed>) = 1 [ 206.699856][ T6273] loop0: detected capacity change from 0 to 4096 [ 206.709587][ T6273] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6273] open("./bus", O_RDONLY) = 5 [pid 6273] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... futex resumed>) = 1 [pid 6273] sendfile(4, 5, NULL, 145139829833722 [pid 6272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6272] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6272] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6272] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6274], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6274 [pid 6272] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6274 attached [pid 6274] set_robust_list(0x7f549a0769e0, 24) = 0 [ 206.761030][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 206.761044][ T27] audit: type=1804 audit(1671454787.499:398): pid=6273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/396/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6274] sendfile(4, 5, NULL, 145139829833722 [pid 6272] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6272] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6272] exit_group(0) = ? [pid 6273] <... sendfile resumed>) = ? [pid 6274] <... sendfile resumed>) = ? [pid 6273] +++ exited with 0 +++ [pid 6274] +++ exited with 0 +++ [pid 6272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6272, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./396/binderfs") = 0 umount2("./396/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./396/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./396/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./396/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6275 ./strace-static-x86_64: Process 6275 attached [pid 6275] set_robust_list(0x5555556365e0, 24) = 0 [pid 6275] chdir("./397") = 0 [pid 6275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6275] setpgid(0, 0) = 0 [pid 6275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6275] write(3, "1000", 4) = 4 [pid 6275] close(3) = 0 [pid 6275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6275] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6276], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6276 ./strace-static-x86_64: Process 6276 attached [pid 6276] set_robust_list(0x7f54a22979e0, 24 [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... set_robust_list resumed>) = 0 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6276] memfd_create("syzkaller", 0) = 3 [pid 6276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6276] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6276] munmap(0x7f5499e77000, 2097152) = 0 [pid 6276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6276] close(3) = 0 [pid 6276] mkdir("./bus", 0777) = 0 [pid 6276] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6276] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6276] chdir("./bus") = 0 [pid 6276] ioctl(4, LOOP_CLR_FD) = 0 [pid 6276] close(4) = 0 [pid 6276] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] creat("./bus", 000) = 4 [pid 6276] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6276] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] ftruncate(4, 2048) = 0 [pid 6276] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] lseek(4, 0, SEEK_END [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] <... lseek resumed>) = 2048 [ 207.085009][ T6276] loop0: detected capacity change from 0 to 4096 [ 207.094767][ T6276] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6276] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6276] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] open("./bus", O_RDONLY) = 5 [pid 6276] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6276] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] <... futex resumed>) = 0 [pid 6276] sendfile(4, 5, NULL, 145139829833722 [pid 6275] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6275] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6275] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6277], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6277 [pid 6275] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6277 attached [pid 6277] set_robust_list(0x7f549a0769e0, 24) = 0 [ 207.147679][ T27] audit: type=1804 audit(1671454787.889:399): pid=6276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/397/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6277] sendfile(4, 5, NULL, 145139829833722 [pid 6275] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6275] exit_group(0) = ? [pid 6276] <... sendfile resumed>) = ? [pid 6276] +++ exited with 0 +++ [pid 6277] <... sendfile resumed>) = ? [pid 6277] +++ exited with 0 +++ [pid 6275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6275, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./397/binderfs") = 0 umount2("./397/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./397/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./397/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./397/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6278 ./strace-static-x86_64: Process 6278 attached [pid 6278] set_robust_list(0x5555556365e0, 24) = 0 [pid 6278] chdir("./398") = 0 [pid 6278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6278] setpgid(0, 0) = 0 [pid 6278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6278] write(3, "1000", 4) = 4 [pid 6278] close(3) = 0 [pid 6278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6278] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6278] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6279 attached , parent_tid=[6279], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6279 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6279] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6279] memfd_create("syzkaller", 0) = 3 [pid 6279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6279] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6279] munmap(0x7f5499e77000, 2097152) = 0 [pid 6279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6279] close(3) = 0 [pid 6279] mkdir("./bus", 0777) = 0 [pid 6279] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6279] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6279] chdir("./bus") = 0 [pid 6279] ioctl(4, LOOP_CLR_FD) = 0 [pid 6279] close(4) = 0 [pid 6279] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... futex resumed>) = 1 [ 207.473130][ T6279] loop0: detected capacity change from 0 to 4096 [ 207.481961][ T6279] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6279] creat("./bus", 000) = 4 [pid 6279] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6279] <... futex resumed>) = 1 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... fcntl resumed>) = 0 [pid 6279] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... futex resumed>) = 1 [pid 6279] ftruncate(4, 2048) = 0 [pid 6279] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] lseek(4, 0, SEEK_END) = 2048 [pid 6279] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6279] <... futex resumed>) = 1 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] open("./bus", O_RDONLY) = 5 [pid 6279] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6279] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] <... futex resumed>) = 0 [pid 6278] <... futex resumed>) = 1 [pid 6279] sendfile(4, 5, NULL, 145139829833722 [pid 6278] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6278] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6278] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6278] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6280], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6280 [pid 6278] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6280 attached [pid 6280] set_robust_list(0x7f549a0769e0, 24) = 0 [ 207.557420][ T27] audit: type=1804 audit(1671454788.299:400): pid=6279 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/398/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6280] sendfile(4, 5, NULL, 145139829833722 [pid 6278] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6278] exit_group(0) = ? [pid 6280] <... sendfile resumed>) = ? [pid 6280] +++ exited with 0 +++ [pid 6279] <... sendfile resumed>) = ? [pid 6279] +++ exited with 0 +++ [pid 6278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6278, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./398/binderfs") = 0 umount2("./398/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./398/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./398/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./398/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6281 ./strace-static-x86_64: Process 6281 attached [pid 6281] set_robust_list(0x5555556365e0, 24) = 0 [pid 6281] chdir("./399") = 0 [pid 6281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6281] setpgid(0, 0) = 0 [pid 6281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6281] write(3, "1000", 4) = 4 [pid 6281] close(3) = 0 [pid 6281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6281] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6281] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6282 attached , parent_tid=[6282], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6282 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6282] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6282] memfd_create("syzkaller", 0) = 3 [pid 6282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6282] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6282] munmap(0x7f5499e77000, 2097152) = 0 [pid 6282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6282] close(3) = 0 [pid 6282] mkdir("./bus", 0777) = 0 [pid 6282] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6282] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6282] chdir("./bus") = 0 [pid 6282] ioctl(4, LOOP_CLR_FD) = 0 [pid 6282] close(4) = 0 [pid 6282] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... futex resumed>) = 1 [pid 6282] creat("./bus", 000) = 4 [pid 6282] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... futex resumed>) = 1 [pid 6282] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6282] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... futex resumed>) = 1 [pid 6282] ftruncate(4, 2048) = 0 [pid 6282] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... futex resumed>) = 1 [pid 6282] lseek(4, 0, SEEK_END) = 2048 [pid 6282] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... futex resumed>) = 1 [ 207.886281][ T6282] loop0: detected capacity change from 0 to 4096 [ 207.895281][ T6282] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6282] open("./bus", O_RDONLY) = 5 [pid 6282] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... futex resumed>) = 1 [pid 6282] sendfile(4, 5, NULL, 145139829833722 [pid 6281] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6281] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6281] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6281] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6281] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6283 attached [pid 6283] set_robust_list(0x7f549a0769e0, 24 [pid 6281] <... clone resumed>, parent_tid=[6283], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6283 [pid 6281] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6283] <... set_robust_list resumed>) = 0 [pid 6281] <... futex resumed>) = 0 [pid 6283] sendfile(4, 5, NULL, 145139829833722 [ 207.945382][ T27] audit: type=1804 audit(1671454788.689:401): pid=6282 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/399/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6281] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6281] exit_group(0) = ? [pid 6283] <... sendfile resumed>) = ? [pid 6283] +++ exited with 0 +++ [pid 6282] <... sendfile resumed>) = ? [pid 6282] +++ exited with 0 +++ [pid 6281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6281, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./399/binderfs") = 0 umount2("./399/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./399/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./399/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./399/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6284 ./strace-static-x86_64: Process 6284 attached [pid 6284] set_robust_list(0x5555556365e0, 24) = 0 [pid 6284] chdir("./400") = 0 [pid 6284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6284] setpgid(0, 0) = 0 [pid 6284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6284] write(3, "1000", 4) = 4 [pid 6284] close(3) = 0 [pid 6284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6284] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6284] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6285 attached , parent_tid=[6285], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6285 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6285] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6285] memfd_create("syzkaller", 0) = 3 [pid 6285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6285] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6285] munmap(0x7f5499e77000, 2097152) = 0 [pid 6285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6285] close(3) = 0 [pid 6285] mkdir("./bus", 0777) = 0 [pid 6285] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6285] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6285] chdir("./bus") = 0 [pid 6285] ioctl(4, LOOP_CLR_FD) = 0 [pid 6285] close(4) = 0 [pid 6285] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... futex resumed>) = 1 [pid 6285] creat("./bus", 000) = 4 [pid 6285] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6285] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... futex resumed>) = 1 [pid 6285] ftruncate(4, 2048) = 0 [pid 6285] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6284] <... futex resumed>) = 0 [pid 6285] <... futex resumed>) = 1 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] lseek(4, 0, SEEK_END) = 2048 [pid 6285] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 208.277171][ T6285] loop0: detected capacity change from 0 to 4096 [ 208.286945][ T6285] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] open("./bus", O_RDONLY) = 5 [pid 6285] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6285] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... futex resumed>) = 0 [ 208.339858][ T27] audit: type=1804 audit(1671454789.079:402): pid=6285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/400/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6285] sendfile(4, 5, NULL, 145139829833722 [pid 6284] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6284] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6284] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6284] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6286], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6286 [pid 6284] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6286 attached [pid 6286] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6286] sendfile(4, 5, NULL, 145139829833722 [pid 6284] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6284] exit_group(0) = ? [pid 6285] <... sendfile resumed>) = ? [pid 6285] +++ exited with 0 +++ [pid 6286] <... sendfile resumed>) = ? [pid 6286] +++ exited with 0 +++ [pid 6284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6284, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./400/binderfs") = 0 umount2("./400/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./400/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./400/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./400/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./400/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6287 ./strace-static-x86_64: Process 6287 attached [pid 6287] set_robust_list(0x5555556365e0, 24) = 0 [pid 6287] chdir("./401") = 0 [pid 6287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6287] setpgid(0, 0) = 0 [pid 6287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6287] write(3, "1000", 4) = 4 [pid 6287] close(3) = 0 [pid 6287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6287] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6287] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6288], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6288 [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6288 attached [pid 6288] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6288] memfd_create("syzkaller", 0) = 3 [pid 6288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6288] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6288] munmap(0x7f5499e77000, 2097152) = 0 [pid 6288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6288] close(3) = 0 [pid 6288] mkdir("./bus", 0777) = 0 [pid 6288] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6288] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6288] chdir("./bus") = 0 [pid 6288] ioctl(4, LOOP_CLR_FD) = 0 [pid 6288] close(4) = 0 [pid 6288] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] creat("./bus", 000 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] <... creat resumed>) = 4 [pid 6288] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] <... futex resumed>) = 0 [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] <... futex resumed>) = 1 [pid 6288] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6288] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6288] ftruncate(4, 2048 [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6288] <... ftruncate resumed>) = 0 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6288] lseek(4, 0, SEEK_END [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... lseek resumed>) = 2048 [pid 6287] <... futex resumed>) = 0 [pid 6288] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] <... futex resumed>) = 0 [pid 6287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 208.676834][ T6288] loop0: detected capacity change from 0 to 4096 [ 208.685985][ T6288] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6288] open("./bus", O_RDONLY [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... open resumed>) = 5 [pid 6287] <... futex resumed>) = 0 [pid 6288] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] <... futex resumed>) = 0 [pid 6287] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6288] sendfile(4, 5, NULL, 145139829833722 [pid 6287] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6287] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6287] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6287] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6289], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6289 [pid 6287] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6289 attached [pid 6289] set_robust_list(0x7f549a0769e0, 24) = 0 [ 208.737978][ T27] audit: type=1804 audit(1671454789.479:403): pid=6288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/401/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6289] sendfile(4, 5, NULL, 145139829833722 [pid 6287] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6287] exit_group(0) = ? [pid 6289] <... sendfile resumed>) = ? [pid 6288] <... sendfile resumed>) = ? [pid 6289] +++ exited with 0 +++ [pid 6288] +++ exited with 0 +++ [pid 6287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6287, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./401/binderfs") = 0 umount2("./401/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./401/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./401/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./401/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6290 ./strace-static-x86_64: Process 6290 attached [pid 6290] set_robust_list(0x5555556365e0, 24) = 0 [pid 6290] chdir("./402") = 0 [pid 6290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6290] setpgid(0, 0) = 0 [pid 6290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6290] write(3, "1000", 4) = 4 [pid 6290] close(3) = 0 [pid 6290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6290] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6290] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6291 attached , parent_tid=[6291], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6291 [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] set_robust_list(0x7f54a22979e0, 24 [pid 6290] <... futex resumed>) = 0 [pid 6291] <... set_robust_list resumed>) = 0 [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6291] memfd_create("syzkaller", 0) = 3 [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6291] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6291] munmap(0x7f5499e77000, 2097152) = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6291] close(3) = 0 [pid 6291] mkdir("./bus", 0777) = 0 [pid 6291] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6291] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6291] chdir("./bus") = 0 [pid 6291] ioctl(4, LOOP_CLR_FD) = 0 [pid 6291] close(4) = 0 [pid 6291] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... futex resumed>) = 1 [pid 6291] creat("./bus", 000) = 4 [pid 6291] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6290] <... futex resumed>) = 0 [pid 6291] <... fcntl resumed>) = 0 [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6291] <... futex resumed>) = 0 [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] ftruncate(4, 2048 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... ftruncate resumed>) = 0 [pid 6291] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] lseek(4, 0, SEEK_END [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... lseek resumed>) = 2048 [pid 6291] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] open("./bus", O_RDONLY [ 209.070223][ T6291] loop0: detected capacity change from 0 to 4096 [ 209.079338][ T6291] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... open resumed>) = 5 [pid 6291] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] sendfile(4, 5, NULL, 145139829833722 [pid 6290] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.130156][ T27] audit: type=1804 audit(1671454789.869:404): pid=6291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/402/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6290] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6290] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6290] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6290] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6292], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6292 [pid 6290] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6292 attached [pid 6292] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6292] sendfile(4, 5, NULL, 145139829833722 [pid 6290] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6290] exit_group(0) = ? [pid 6291] <... sendfile resumed>) = ? [pid 6291] +++ exited with 0 +++ [pid 6292] <... sendfile resumed>) = ? [pid 6292] +++ exited with 0 +++ [pid 6290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6290, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./402/binderfs") = 0 umount2("./402/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./402/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./402/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./402/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6293 ./strace-static-x86_64: Process 6293 attached [pid 6293] set_robust_list(0x5555556365e0, 24) = 0 [pid 6293] chdir("./403") = 0 [pid 6293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6293] setpgid(0, 0) = 0 [pid 6293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6293] write(3, "1000", 4) = 4 [pid 6293] close(3) = 0 [pid 6293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6293] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6293] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6294], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6294 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6294 attached [pid 6294] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6294] memfd_create("syzkaller", 0) = 3 [pid 6294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6294] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6294] munmap(0x7f5499e77000, 2097152) = 0 [pid 6294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6294] close(3) = 0 [pid 6294] mkdir("./bus", 0777) = 0 [pid 6294] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6294] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6294] chdir("./bus") = 0 [pid 6294] ioctl(4, LOOP_CLR_FD) = 0 [pid 6294] close(4) = 0 [pid 6294] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 1 [pid 6294] creat("./bus", 000) = 4 [pid 6294] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 1 [pid 6294] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6294] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 1 [pid 6294] ftruncate(4, 2048) = 0 [pid 6294] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 1 [pid 6294] lseek(4, 0, SEEK_END) = 2048 [pid 6294] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.477603][ T6294] loop0: detected capacity change from 0 to 4096 [ 209.487135][ T6294] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 1 [pid 6294] open("./bus", O_RDONLY) = 5 [pid 6294] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... futex resumed>) = 1 [pid 6294] sendfile(4, 5, NULL, 145139829833722 [pid 6293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6293] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6293] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6293] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6295 attached , parent_tid=[6295], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6295 [pid 6295] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6295] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6295] <... futex resumed>) = 0 [pid 6293] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 209.542084][ T27] audit: type=1804 audit(1671454790.289:405): pid=6294 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/403/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6295] sendfile(4, 5, NULL, 145139829833722 [pid 6293] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6293] exit_group(0) = ? [pid 6294] <... sendfile resumed>) = ? [pid 6294] +++ exited with 0 +++ [pid 6295] <... sendfile resumed>) = ? [pid 6295] +++ exited with 0 +++ [pid 6293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6293, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./403/binderfs") = 0 umount2("./403/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./403/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./403/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./403/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./403/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6296 ./strace-static-x86_64: Process 6296 attached [pid 6296] set_robust_list(0x5555556365e0, 24) = 0 [pid 6296] chdir("./404") = 0 [pid 6296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6296] setpgid(0, 0) = 0 [pid 6296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6296] write(3, "1000", 4) = 4 [pid 6296] close(3) = 0 [pid 6296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6296] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6297], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6297 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6297 attached [pid 6297] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6297] memfd_create("syzkaller", 0) = 3 [pid 6297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6297] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6297] munmap(0x7f5499e77000, 2097152) = 0 [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6297] close(3) = 0 [pid 6297] mkdir("./bus", 0777) = 0 [pid 6297] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6297] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6297] chdir("./bus") = 0 [pid 6297] ioctl(4, LOOP_CLR_FD) = 0 [pid 6297] close(4) = 0 [pid 6297] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 209.867995][ T6297] loop0: detected capacity change from 0 to 4096 [ 209.878069][ T6297] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... futex resumed>) = 1 [pid 6297] creat("./bus", 000) = 4 [pid 6297] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... futex resumed>) = 1 [pid 6297] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6297] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... futex resumed>) = 1 [pid 6297] ftruncate(4, 2048) = 0 [pid 6297] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... futex resumed>) = 1 [pid 6297] lseek(4, 0, SEEK_END) = 2048 [pid 6297] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... futex resumed>) = 1 [pid 6297] open("./bus", O_RDONLY) = 5 [pid 6297] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... futex resumed>) = 1 [pid 6297] sendfile(4, 5, NULL, 145139829833722 [pid 6296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6296] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6296] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6296] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6298], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6298 [pid 6296] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6298 attached [pid 6298] set_robust_list(0x7f549a0769e0, 24) = 0 [ 209.910378][ T27] audit: type=1804 audit(1671454790.649:406): pid=6297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/404/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6298] sendfile(4, 5, NULL, 145139829833722 [pid 6296] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6296] exit_group(0) = ? [pid 6298] <... sendfile resumed>) = ? [pid 6297] <... sendfile resumed>) = ? [pid 6297] +++ exited with 0 +++ [pid 6298] +++ exited with 0 +++ [pid 6296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6296, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./404/binderfs") = 0 umount2("./404/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./404/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./404/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./404/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6299 ./strace-static-x86_64: Process 6299 attached [pid 6299] set_robust_list(0x5555556365e0, 24) = 0 [pid 6299] chdir("./405") = 0 [pid 6299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6299] setpgid(0, 0) = 0 [pid 6299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6299] write(3, "1000", 4) = 4 [pid 6299] close(3) = 0 [pid 6299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6299] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6299] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6300], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6300 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6300 attached [pid 6300] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6300] memfd_create("syzkaller", 0) = 3 [pid 6300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6300] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6300] munmap(0x7f5499e77000, 2097152) = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6300] close(3) = 0 [pid 6300] mkdir("./bus", 0777) = 0 [pid 6300] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6300] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6300] chdir("./bus") = 0 [pid 6300] ioctl(4, LOOP_CLR_FD) = 0 [pid 6300] close(4) = 0 [pid 6300] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 1 [pid 6300] creat("./bus", 000) = 4 [pid 6300] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 1 [pid 6300] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6300] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 1 [pid 6300] ftruncate(4, 2048) = 0 [pid 6300] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 1 [pid 6300] lseek(4, 0, SEEK_END) = 2048 [pid 6300] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 1 [ 210.228076][ T6300] loop0: detected capacity change from 0 to 4096 [ 210.237629][ T6300] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6300] open("./bus", O_RDONLY) = 5 [pid 6300] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = 0 [ 210.282154][ T27] audit: type=1804 audit(1671454791.029:407): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/405/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6300] sendfile(4, 5, NULL, 145139829833722 [pid 6299] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6299] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6299] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6299] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6299] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6301], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6301 ./strace-static-x86_64: Process 6301 attached [pid 6301] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6301] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6301] <... futex resumed>) = 0 [pid 6301] sendfile(4, 5, NULL, 145139829833722 [pid 6299] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6299] exit_group(0) = ? [pid 6300] <... sendfile resumed>) = ? [pid 6300] +++ exited with 0 +++ [pid 6301] <... sendfile resumed>) = ? [pid 6301] +++ exited with 0 +++ [pid 6299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6299, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./405/binderfs") = 0 umount2("./405/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./405/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./405/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./405/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6302 ./strace-static-x86_64: Process 6302 attached [pid 6302] set_robust_list(0x5555556365e0, 24) = 0 [pid 6302] chdir("./406") = 0 [pid 6302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6302] setpgid(0, 0) = 0 [pid 6302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6302] write(3, "1000", 4) = 4 [pid 6302] close(3) = 0 [pid 6302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6302] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6302] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6303], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6303 [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6303 attached [pid 6303] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6303] memfd_create("syzkaller", 0) = 3 [pid 6303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6303] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6303] munmap(0x7f5499e77000, 2097152) = 0 [pid 6303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6303] close(3) = 0 [pid 6303] mkdir("./bus", 0777) = 0 [pid 6303] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6303] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6303] chdir("./bus") = 0 [pid 6303] ioctl(4, LOOP_CLR_FD) = 0 [pid 6303] close(4) = 0 [pid 6303] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] <... futex resumed>) = 0 [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... futex resumed>) = 1 [pid 6303] creat("./bus", 000) = 4 [pid 6303] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] <... futex resumed>) = 0 [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... futex resumed>) = 1 [pid 6303] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6303] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] <... futex resumed>) = 0 [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... futex resumed>) = 1 [pid 6303] ftruncate(4, 2048) = 0 [pid 6303] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] <... futex resumed>) = 0 [pid 6303] <... futex resumed>) = 1 [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] lseek(4, 0, SEEK_END [pid 6302] <... futex resumed>) = 0 [pid 6303] <... lseek resumed>) = 2048 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6302] <... futex resumed>) = 0 [pid 6303] open("./bus", O_RDONLY [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... open resumed>) = 5 [pid 6302] <... futex resumed>) = 0 [pid 6303] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... futex resumed>) = 0 [pid 6302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 210.616839][ T6303] loop0: detected capacity change from 0 to 4096 [ 210.626527][ T6303] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6303] sendfile(4, 5, NULL, 145139829833722 [pid 6302] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6302] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6302] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6302] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6304], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6304 [pid 6302] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6304 attached [pid 6304] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6304] sendfile(4, 5, NULL, 145139829833722 [pid 6302] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6302] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6302] exit_group(0) = ? [pid 6303] <... sendfile resumed>) = ? [pid 6304] <... sendfile resumed>) = ? [pid 6304] +++ exited with 0 +++ [pid 6303] +++ exited with 0 +++ [pid 6302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6302, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./406/binderfs") = 0 umount2("./406/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./406/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./406/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./406/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6305 ./strace-static-x86_64: Process 6305 attached [pid 6305] set_robust_list(0x5555556365e0, 24) = 0 [pid 6305] chdir("./407") = 0 [pid 6305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6305] setpgid(0, 0) = 0 [pid 6305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6305] write(3, "1000", 4) = 4 [pid 6305] close(3) = 0 [pid 6305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6305] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6305] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6306 attached [pid 6306] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6306] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] <... clone resumed>, parent_tid=[6306], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6306 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6306] memfd_create("syzkaller", 0) = 3 [pid 6306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6306] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6306] munmap(0x7f5499e77000, 2097152) = 0 [pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6306] close(3) = 0 [pid 6306] mkdir("./bus", 0777) = 0 [pid 6306] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6306] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6306] chdir("./bus") = 0 [pid 6306] ioctl(4, LOOP_CLR_FD) = 0 [pid 6306] close(4) = 0 [pid 6306] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6306] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 0 [pid 6306] creat("./bus", 000) = 4 [pid 6306] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 1 [pid 6306] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6306] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 1 [pid 6306] ftruncate(4, 2048) = 0 [pid 6306] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 1 [pid 6306] lseek(4, 0, SEEK_END) = 2048 [pid 6306] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 1 [pid 6306] open("./bus", O_RDONLY) = 5 [pid 6306] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 0 [pid 6305] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... futex resumed>) = 1 [ 211.009373][ T6306] loop0: detected capacity change from 0 to 4096 [ 211.019771][ T6306] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6306] sendfile(4, 5, NULL, 145139829833722 [pid 6305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6305] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6305] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6305] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6307 attached , parent_tid=[6307], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6307 [pid 6307] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6307] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6307] <... futex resumed>) = 0 [pid 6307] sendfile(4, 5, NULL, 145139829833722 [pid 6305] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6305] exit_group(0) = ? [pid 6306] <... sendfile resumed>) = ? [pid 6306] +++ exited with 0 +++ [pid 6307] <... sendfile resumed>) = ? [pid 6307] +++ exited with 0 +++ [pid 6305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6305, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./407/binderfs") = 0 umount2("./407/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./407/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./407/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./407/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6308 ./strace-static-x86_64: Process 6308 attached [pid 6308] set_robust_list(0x5555556365e0, 24) = 0 [pid 6308] chdir("./408") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6308] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6309], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6309 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6309 attached [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6309] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6309] memfd_create("syzkaller", 0) = 3 [pid 6309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6309] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6309] munmap(0x7f5499e77000, 2097152) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6309] close(3) = 0 [pid 6309] mkdir("./bus", 0777) = 0 [pid 6309] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6309] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6309] chdir("./bus") = 0 [pid 6309] ioctl(4, LOOP_CLR_FD) = 0 [pid 6309] close(4) = 0 [pid 6309] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] creat("./bus", 000) = 4 [pid 6309] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6309] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] ftruncate(4, 2048) = 0 [pid 6309] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] lseek(4, 0, SEEK_END) = 2048 [pid 6309] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [pid 6309] open("./bus", O_RDONLY) = 5 [pid 6309] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... futex resumed>) = 1 [ 211.372927][ T6309] loop0: detected capacity change from 0 to 4096 [ 211.382668][ T6309] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6309] sendfile(4, 5, NULL, 145139829833722 [pid 6308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6308] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6308] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6310], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6310 ./strace-static-x86_64: Process 6310 attached [pid 6308] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] set_robust_list(0x7f549a0769e0, 24 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6310] <... set_robust_list resumed>) = 0 [pid 6310] sendfile(4, 5, NULL, 145139829833722 [pid 6308] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6308] exit_group(0) = ? [pid 6309] <... sendfile resumed>) = ? [pid 6310] <... sendfile resumed>) = ? [pid 6310] +++ exited with 0 +++ [pid 6309] +++ exited with 0 +++ [pid 6308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6308, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./408/binderfs") = 0 umount2("./408/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./408/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./408/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./408/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./408/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6311 ./strace-static-x86_64: Process 6311 attached [pid 6311] set_robust_list(0x5555556365e0, 24) = 0 [pid 6311] chdir("./409") = 0 [pid 6311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6311] setpgid(0, 0) = 0 [pid 6311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6311] write(3, "1000", 4) = 4 [pid 6311] close(3) = 0 [pid 6311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6311] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6311] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6312], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6312 ./strace-static-x86_64: Process 6312 attached [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6312] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6312] memfd_create("syzkaller", 0) = 3 [pid 6312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6312] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6312] munmap(0x7f5499e77000, 2097152) = 0 [pid 6312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6312] close(3) = 0 [pid 6312] mkdir("./bus", 0777) = 0 [pid 6312] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6312] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6312] chdir("./bus") = 0 [pid 6312] ioctl(4, LOOP_CLR_FD) = 0 [pid 6312] close(4) = 0 [pid 6312] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6312] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] <... futex resumed>) = 0 [pid 6312] creat("./bus", 000) = 4 [pid 6312] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] <... futex resumed>) = 1 [pid 6312] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6312] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] <... futex resumed>) = 1 [pid 6312] ftruncate(4, 2048) = 0 [pid 6312] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 0 [pid 6312] <... futex resumed>) = 1 [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] lseek(4, 0, SEEK_END [pid 6311] <... futex resumed>) = 0 [pid 6312] <... lseek resumed>) = 2048 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 211.764699][ T6312] loop0: detected capacity change from 0 to 4096 [ 211.773657][ T6312] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6312] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] <... futex resumed>) = 0 [pid 6312] open("./bus", O_RDONLY [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] <... open resumed>) = 5 [pid 6312] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6311] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] <... futex resumed>) = 0 [pid 6311] <... futex resumed>) = 1 [pid 6312] sendfile(4, 5, NULL, 145139829833722 [pid 6311] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6311] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6311] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6311] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6313 attached [pid 6313] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6313] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6311] <... clone resumed>, parent_tid=[6313], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6313 [pid 6311] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... futex resumed>) = 0 [ 211.814894][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 211.814907][ T27] audit: type=1804 audit(1671454792.559:411): pid=6312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/409/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6313] sendfile(4, 5, NULL, 145139829833722 [pid 6311] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6311] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6311] exit_group(0) = ? [pid 6312] <... sendfile resumed>) = ? [pid 6312] +++ exited with 0 +++ [pid 6313] <... sendfile resumed>) = ? [pid 6313] +++ exited with 0 +++ [pid 6311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6311, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./409/binderfs") = 0 umount2("./409/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./409/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./409/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./409/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6314 ./strace-static-x86_64: Process 6314 attached [pid 6314] set_robust_list(0x5555556365e0, 24) = 0 [pid 6314] chdir("./410") = 0 [pid 6314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6314] setpgid(0, 0) = 0 [pid 6314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6314] write(3, "1000", 4) = 4 [pid 6314] close(3) = 0 [pid 6314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6314] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6314] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6315 attached , parent_tid=[6315], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6315 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6315] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6315] memfd_create("syzkaller", 0) = 3 [pid 6315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6315] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6315] munmap(0x7f5499e77000, 2097152) = 0 [pid 6315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6315] close(3) = 0 [pid 6315] mkdir("./bus", 0777) = 0 [pid 6315] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6315] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6315] chdir("./bus") = 0 [pid 6315] ioctl(4, LOOP_CLR_FD) = 0 [pid 6315] close(4) = 0 [pid 6315] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] creat("./bus", 000 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... creat resumed>) = 4 [pid 6315] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6315] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] ftruncate(4, 2048) = 0 [pid 6315] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... futex resumed>) = 1 [pid 6315] lseek(4, 0, SEEK_END) = 2048 [pid 6315] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... futex resumed>) = 1 [ 212.156743][ T6315] loop0: detected capacity change from 0 to 4096 [ 212.166376][ T6315] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6315] open("./bus", O_RDONLY) = 5 [pid 6315] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6315] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 0 [pid 6314] <... futex resumed>) = 1 [pid 6315] sendfile(4, 5, NULL, 145139829833722 [pid 6314] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6314] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6314] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6314] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6316], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6316 [ 212.209755][ T27] audit: type=1804 audit(1671454792.949:412): pid=6315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/410/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6314] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6316 attached [pid 6316] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6316] sendfile(4, 5, NULL, 145139829833722 [pid 6314] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6314] exit_group(0) = ? [pid 6316] <... sendfile resumed>) = ? [pid 6316] +++ exited with 0 +++ [pid 6315] <... sendfile resumed>) = ? [pid 6315] +++ exited with 0 +++ [pid 6314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6314, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./410/binderfs") = 0 umount2("./410/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./410/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./410/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./410/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6317 ./strace-static-x86_64: Process 6317 attached [pid 6317] set_robust_list(0x5555556365e0, 24) = 0 [pid 6317] chdir("./411") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6317] write(3, "1000", 4) = 4 [pid 6317] close(3) = 0 [pid 6317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6317] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6318], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6318 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6318 attached [pid 6318] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6318] memfd_create("syzkaller", 0) = 3 [pid 6318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6318] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6318] munmap(0x7f5499e77000, 2097152) = 0 [pid 6318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6318] close(3) = 0 [pid 6318] mkdir("./bus", 0777) = 0 [pid 6318] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6318] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6318] chdir("./bus") = 0 [pid 6318] ioctl(4, LOOP_CLR_FD) = 0 [pid 6318] close(4) = 0 [pid 6318] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] creat("./bus", 000) = 4 [pid 6318] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... futex resumed>) = 1 [pid 6318] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6318] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6318] <... futex resumed>) = 1 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 212.532246][ T6318] loop0: detected capacity change from 0 to 4096 [ 212.541851][ T6318] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6318] ftruncate(4, 2048 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... ftruncate resumed>) = 0 [pid 6318] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... futex resumed>) = 1 [pid 6318] lseek(4, 0, SEEK_END) = 2048 [pid 6318] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... futex resumed>) = 1 [pid 6318] open("./bus", O_RDONLY) = 5 [pid 6318] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... futex resumed>) = 1 [pid 6318] sendfile(4, 5, NULL, 145139829833722 [pid 6317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6317] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6319], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6319 [pid 6317] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6319 attached [pid 6319] set_robust_list(0x7f549a0769e0, 24) = 0 [ 212.598945][ T27] audit: type=1804 audit(1671454793.339:413): pid=6318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/411/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6319] sendfile(4, 5, NULL, 145139829833722 [pid 6317] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6317] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6317] exit_group(0) = ? [pid 6319] <... sendfile resumed>) = ? [pid 6319] +++ exited with 0 +++ [pid 6318] <... sendfile resumed>) = ? [pid 6318] +++ exited with 0 +++ [pid 6317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6317, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./411/binderfs") = 0 umount2("./411/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./411/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./411/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./411/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6320 ./strace-static-x86_64: Process 6320 attached [pid 6320] set_robust_list(0x5555556365e0, 24) = 0 [pid 6320] chdir("./412") = 0 [pid 6320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6320] setpgid(0, 0) = 0 [pid 6320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6320] write(3, "1000", 4) = 4 [pid 6320] close(3) = 0 [pid 6320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6320] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6320] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6321], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6321 [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6321 attached [pid 6321] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6321] memfd_create("syzkaller", 0) = 3 [pid 6321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6321] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6321] munmap(0x7f5499e77000, 2097152) = 0 [pid 6321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6321] close(3) = 0 [pid 6321] mkdir("./bus", 0777) = 0 [pid 6321] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6321] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6321] chdir("./bus") = 0 [pid 6321] ioctl(4, LOOP_CLR_FD) = 0 [pid 6321] close(4) = 0 [pid 6321] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... futex resumed>) = 1 [pid 6321] creat("./bus", 000) = 4 [pid 6321] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... futex resumed>) = 1 [pid 6321] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6321] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... futex resumed>) = 1 [pid 6321] ftruncate(4, 2048) = 0 [pid 6321] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] lseek(4, 0, SEEK_END [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... lseek resumed>) = 2048 [pid 6321] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6320] <... futex resumed>) = 0 [pid 6321] open("./bus", O_RDONLY [ 212.937384][ T6321] loop0: detected capacity change from 0 to 4096 [ 212.947572][ T6321] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] <... open resumed>) = 5 [pid 6321] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... futex resumed>) = 0 [pid 6320] <... futex resumed>) = 1 [pid 6321] sendfile(4, 5, NULL, 145139829833722 [ 212.985237][ T27] audit: type=1804 audit(1671454793.729:414): pid=6321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/412/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6320] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6320] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6320] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6320] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6322], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6322 [pid 6320] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6322 attached [pid 6322] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6322] sendfile(4, 5, NULL, 145139829833722 [pid 6320] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6320] exit_group(0) = ? [pid 6322] <... sendfile resumed>) = ? [pid 6321] <... sendfile resumed>) = ? [pid 6322] +++ exited with 0 +++ [pid 6321] +++ exited with 0 +++ [pid 6320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6320, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./412/binderfs") = 0 umount2("./412/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./412/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./412/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./412/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./412/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6323 ./strace-static-x86_64: Process 6323 attached [pid 6323] set_robust_list(0x5555556365e0, 24) = 0 [pid 6323] chdir("./413") = 0 [pid 6323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6323] setpgid(0, 0) = 0 [pid 6323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6323] write(3, "1000", 4) = 4 [pid 6323] close(3) = 0 [pid 6323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6323] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6323] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6324 attached , parent_tid=[6324], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6324 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6324] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6324] memfd_create("syzkaller", 0) = 3 [pid 6324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6324] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6324] munmap(0x7f5499e77000, 2097152) = 0 [pid 6324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6324] close(3) = 0 [pid 6324] mkdir("./bus", 0777) = 0 [pid 6324] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6324] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6324] chdir("./bus") = 0 [pid 6324] ioctl(4, LOOP_CLR_FD) = 0 [pid 6324] close(4) = 0 [pid 6324] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] <... futex resumed>) = 1 [pid 6324] creat("./bus", 000) = 4 [pid 6324] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] <... futex resumed>) = 1 [pid 6324] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6324] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] <... futex resumed>) = 1 [pid 6324] ftruncate(4, 2048) = 0 [pid 6324] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.347918][ T6324] loop0: detected capacity change from 0 to 4096 [ 213.357465][ T6324] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] lseek(4, 0, SEEK_END) = 2048 [pid 6324] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] open("./bus", O_RDONLY) = 5 [pid 6324] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] <... futex resumed>) = 1 [pid 6324] sendfile(4, 5, NULL, 145139829833722 [pid 6323] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6323] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6323] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6323] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6325 attached , parent_tid=[6325], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6325 [pid 6323] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 213.412964][ T27] audit: type=1804 audit(1671454794.159:415): pid=6324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/413/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6323] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6325] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6325] sendfile(4, 5, NULL, 145139829833722 [pid 6323] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6323] exit_group(0 [pid 6324] <... sendfile resumed>) = ? [pid 6323] <... exit_group resumed>) = ? [pid 6325] <... sendfile resumed>) = ? [pid 6325] +++ exited with 0 +++ [pid 6324] +++ exited with 0 +++ [pid 6323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6323, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./413/binderfs") = 0 umount2("./413/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./413/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./413/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./413/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6326 attached , child_tidptr=0x5555556365d0) = 6326 [pid 6326] set_robust_list(0x5555556365e0, 24) = 0 [pid 6326] chdir("./414") = 0 [pid 6326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6326] setpgid(0, 0) = 0 [pid 6326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6326] write(3, "1000", 4) = 4 [pid 6326] close(3) = 0 [pid 6326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6326] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6326] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6327 attached , parent_tid=[6327], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6327 [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6326] <... futex resumed>) = 0 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6327] memfd_create("syzkaller", 0) = 3 [pid 6327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6327] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6327] munmap(0x7f5499e77000, 2097152) = 0 [pid 6327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6327] close(3) = 0 [pid 6327] mkdir("./bus", 0777) = 0 [pid 6327] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6327] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6327] chdir("./bus") = 0 [pid 6327] ioctl(4, LOOP_CLR_FD) = 0 [pid 6327] close(4) = 0 [pid 6327] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] <... futex resumed>) = 0 [pid 6327] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6326] <... futex resumed>) = 0 [pid 6327] creat("./bus", 000 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] <... creat resumed>) = 4 [pid 6327] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] <... futex resumed>) = 0 [pid 6327] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] <... fcntl resumed>) = 0 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6327] <... futex resumed>) = 0 [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] ftruncate(4, 2048 [pid 6326] <... futex resumed>) = 0 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] <... ftruncate resumed>) = 0 [pid 6327] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] <... futex resumed>) = 0 [pid 6327] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6326] <... futex resumed>) = 0 [pid 6327] lseek(4, 0, SEEK_END [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] <... lseek resumed>) = 2048 [pid 6327] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] <... futex resumed>) = 0 [pid 6327] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 213.737269][ T6327] loop0: detected capacity change from 0 to 4096 [ 213.747198][ T6327] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6327] open("./bus", O_RDONLY [pid 6326] <... futex resumed>) = 0 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] <... open resumed>) = 5 [pid 6327] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] <... futex resumed>) = 0 [pid 6327] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6326] <... futex resumed>) = 0 [pid 6327] sendfile(4, 5, NULL, 145139829833722 [ 213.795025][ T27] audit: type=1804 audit(1671454794.539:416): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/414/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6326] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6326] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6326] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6326] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6328 attached , parent_tid=[6328], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6328 [pid 6328] set_robust_list(0x7f549a0769e0, 24 [pid 6326] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6326] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6328] <... set_robust_list resumed>) = 0 [pid 6328] sendfile(4, 5, NULL, 145139829833722 [pid 6326] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6326] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6326] exit_group(0) = ? [pid 6327] <... sendfile resumed>) = ? [pid 6327] +++ exited with 0 +++ [pid 6328] <... sendfile resumed>) = ? [pid 6328] +++ exited with 0 +++ [pid 6326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6326, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./414/binderfs") = 0 umount2("./414/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./414/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./414/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./414/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6329 ./strace-static-x86_64: Process 6329 attached [pid 6329] set_robust_list(0x5555556365e0, 24) = 0 [pid 6329] chdir("./415") = 0 [pid 6329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6329] setpgid(0, 0) = 0 [pid 6329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6329] write(3, "1000", 4) = 4 [pid 6329] close(3) = 0 [pid 6329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6329] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6329] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6330 attached , parent_tid=[6330], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6330 [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6330] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6330] memfd_create("syzkaller", 0) = 3 [pid 6330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6330] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6330] munmap(0x7f5499e77000, 2097152) = 0 [pid 6330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6330] close(3) = 0 [pid 6330] mkdir("./bus", 0777) = 0 [pid 6330] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6330] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6330] chdir("./bus") = 0 [pid 6330] ioctl(4, LOOP_CLR_FD) = 0 [pid 6330] close(4) = 0 [pid 6330] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] <... futex resumed>) = 0 [pid 6330] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6329] <... futex resumed>) = 0 [pid 6330] creat("./bus", 000 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] <... creat resumed>) = 4 [pid 6330] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] <... futex resumed>) = 0 [pid 6330] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6329] <... futex resumed>) = 0 [pid 6330] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] <... fcntl resumed>) = 0 [pid 6330] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] <... futex resumed>) = 0 [pid 6330] ftruncate(4, 2048 [ 214.136519][ T6330] loop0: detected capacity change from 0 to 4096 [ 214.145471][ T6330] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] <... ftruncate resumed>) = 0 [pid 6330] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] <... futex resumed>) = 0 [pid 6330] lseek(4, 0, SEEK_END [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... lseek resumed>) = 2048 [pid 6329] <... futex resumed>) = 0 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6330] <... futex resumed>) = 0 [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] open("./bus", O_RDONLY [pid 6329] <... futex resumed>) = 0 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] <... open resumed>) = 5 [pid 6330] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6330] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6329] <... futex resumed>) = 0 [pid 6329] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... futex resumed>) = 0 [pid 6329] <... futex resumed>) = 1 [pid 6330] sendfile(4, 5, NULL, 145139829833722 [pid 6329] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6329] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6329] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6329] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6331 attached , parent_tid=[6331], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6331 [pid 6331] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6331] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6329] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6331] <... futex resumed>) = 0 [ 214.202770][ T27] audit: type=1804 audit(1671454794.949:417): pid=6330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/415/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6331] sendfile(4, 5, NULL, 145139829833722 [pid 6329] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6329] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6329] exit_group(0) = ? [pid 6331] <... sendfile resumed>) = ? [pid 6331] +++ exited with 0 +++ [pid 6330] <... sendfile resumed>) = ? [pid 6330] +++ exited with 0 +++ [pid 6329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6329, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./415/binderfs") = 0 umount2("./415/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./415/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./415/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./415/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6332 ./strace-static-x86_64: Process 6332 attached [pid 6332] set_robust_list(0x5555556365e0, 24) = 0 [pid 6332] chdir("./416") = 0 [pid 6332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6332] setpgid(0, 0) = 0 [pid 6332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6332] write(3, "1000", 4) = 4 [pid 6332] close(3) = 0 [pid 6332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6332] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6332] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6333 attached , parent_tid=[6333], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6333 [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] set_robust_list(0x7f54a22979e0, 24 [pid 6332] <... futex resumed>) = 0 [pid 6333] <... set_robust_list resumed>) = 0 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6333] memfd_create("syzkaller", 0) = 3 [pid 6333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6333] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6333] munmap(0x7f5499e77000, 2097152) = 0 [pid 6333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6333] close(3) = 0 [pid 6333] mkdir("./bus", 0777) = 0 [pid 6333] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6333] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6333] chdir("./bus") = 0 [pid 6333] ioctl(4, LOOP_CLR_FD) = 0 [pid 6333] close(4) = 0 [pid 6333] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6333] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] <... futex resumed>) = 0 [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = 0 [pid 6332] <... futex resumed>) = 1 [pid 6333] creat("./bus", 000 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... creat resumed>) = 4 [pid 6333] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6332] <... futex resumed>) = 0 [pid 6333] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6332] <... futex resumed>) = 0 [pid 6333] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... fcntl resumed>) = 0 [pid 6333] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6332] <... futex resumed>) = 0 [pid 6333] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6332] <... futex resumed>) = 0 [pid 6333] ftruncate(4, 2048 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... ftruncate resumed>) = 0 [pid 6333] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6332] <... futex resumed>) = 0 [pid 6333] lseek(4, 0, SEEK_END [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... lseek resumed>) = 2048 [pid 6332] <... futex resumed>) = 0 [pid 6333] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... futex resumed>) = 0 [pid 6332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6333] open("./bus", O_RDONLY [ 214.539583][ T6333] loop0: detected capacity change from 0 to 4096 [ 214.549221][ T6333] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6333] <... open resumed>) = 5 [pid 6332] <... futex resumed>) = 0 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... futex resumed>) = 0 [pid 6332] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... futex resumed>) = 1 [pid 6333] sendfile(4, 5, NULL, 145139829833722 [pid 6332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 214.585388][ T27] audit: type=1804 audit(1671454795.329:418): pid=6333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/416/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6332] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6332] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6332] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6334 attached , parent_tid=[6334], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6334 [pid 6334] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6334] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6332] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6332] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] <... futex resumed>) = 0 [pid 6334] sendfile(4, 5, NULL, 145139829833722 [pid 6332] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6332] exit_group(0) = ? [pid 6334] <... sendfile resumed>) = ? [pid 6334] +++ exited with 0 +++ [pid 6333] <... sendfile resumed>) = ? [pid 6333] +++ exited with 0 +++ [pid 6332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6332, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./416/binderfs") = 0 umount2("./416/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./416/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./416/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./416/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6335 ./strace-static-x86_64: Process 6335 attached [pid 6335] set_robust_list(0x5555556365e0, 24) = 0 [pid 6335] chdir("./417") = 0 [pid 6335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6335] setpgid(0, 0) = 0 [pid 6335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6335] write(3, "1000", 4) = 4 [pid 6335] close(3) = 0 [pid 6335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6335] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6335] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6336 attached [pid 6336] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6335] <... clone resumed>, parent_tid=[6336], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6336 [pid 6336] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6336] <... futex resumed>) = 0 [pid 6336] memfd_create("syzkaller", 0) = 3 [pid 6336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6336] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6336] munmap(0x7f5499e77000, 2097152) = 0 [pid 6336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6336] close(3) = 0 [pid 6336] mkdir("./bus", 0777) = 0 [pid 6336] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6336] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6336] chdir("./bus") = 0 [pid 6336] ioctl(4, LOOP_CLR_FD) = 0 [pid 6336] close(4) = 0 [pid 6336] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... futex resumed>) = 0 [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] <... futex resumed>) = 1 [pid 6336] creat("./bus", 000) = 4 [pid 6336] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... futex resumed>) = 0 [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] <... futex resumed>) = 1 [pid 6336] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6336] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6335] <... futex resumed>) = 0 [pid 6336] ftruncate(4, 2048 [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] <... ftruncate resumed>) = 0 [pid 6336] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6335] <... futex resumed>) = 0 [pid 6336] lseek(4, 0, SEEK_END [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... lseek resumed>) = 2048 [pid 6335] <... futex resumed>) = 0 [pid 6336] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] <... futex resumed>) = 0 [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6336] open("./bus", O_RDONLY [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] <... open resumed>) = 5 [ 214.925480][ T6336] loop0: detected capacity change from 0 to 4096 [ 214.934766][ T6336] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6336] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6336] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6335] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... futex resumed>) = 0 [pid 6335] <... futex resumed>) = 1 [pid 6336] sendfile(4, 5, NULL, 145139829833722 [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6335] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6335] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6335] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6335] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6337], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6337 [pid 6335] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6337 attached [pid 6337] set_robust_list(0x7f549a0769e0, 24) = 0 [ 214.981370][ T27] audit: type=1804 audit(1671454795.729:419): pid=6336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/417/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6337] sendfile(4, 5, NULL, 145139829833722 [pid 6335] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6335] exit_group(0) = ? [pid 6337] <... sendfile resumed>) = ? [pid 6337] +++ exited with 0 +++ [pid 6336] <... sendfile resumed>) = ? [pid 6336] +++ exited with 0 +++ [pid 6335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6335, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./417/binderfs") = 0 umount2("./417/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./417/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./417/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./417/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6338 ./strace-static-x86_64: Process 6338 attached [pid 6338] set_robust_list(0x5555556365e0, 24) = 0 [pid 6338] chdir("./418") = 0 [pid 6338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6338] setpgid(0, 0) = 0 [pid 6338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6338] write(3, "1000", 4) = 4 [pid 6338] close(3) = 0 [pid 6338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6338] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6338] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6339], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6339 ./strace-static-x86_64: Process 6339 attached [pid 6339] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6339] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6339] <... futex resumed>) = 0 [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6339] memfd_create("syzkaller", 0) = 3 [pid 6339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6339] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6339] munmap(0x7f5499e77000, 2097152) = 0 [pid 6339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6339] close(3) = 0 [pid 6339] mkdir("./bus", 0777) = 0 [pid 6339] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6339] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6339] chdir("./bus") = 0 [pid 6339] ioctl(4, LOOP_CLR_FD) = 0 [pid 6339] close(4) = 0 [pid 6339] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] <... futex resumed>) = 0 [pid 6339] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6338] <... futex resumed>) = 0 [pid 6339] creat("./bus", 000 [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6339] <... creat resumed>) = 4 [pid 6339] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] <... futex resumed>) = 0 [pid 6339] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6338] <... futex resumed>) = 0 [pid 6339] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6339] <... fcntl resumed>) = 0 [pid 6339] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] <... futex resumed>) = 0 [pid 6339] ftruncate(4, 2048 [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6339] <... ftruncate resumed>) = 0 [pid 6339] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6338] <... futex resumed>) = 0 [pid 6339] lseek(4, 0, SEEK_END [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... lseek resumed>) = 2048 [pid 6339] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = 0 [pid 6339] <... futex resumed>) = 0 [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6339] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6338] <... futex resumed>) = 1 [pid 6339] open("./bus", O_RDONLY [ 215.312366][ T6339] loop0: detected capacity change from 0 to 4096 [ 215.321571][ T6339] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6339] <... open resumed>) = 5 [pid 6339] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6339] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6338] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... futex resumed>) = 0 [pid 6338] <... futex resumed>) = 1 [pid 6339] sendfile(4, 5, NULL, 145139829833722 [pid 6338] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6338] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6338] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6338] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6340], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6340 [pid 6338] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6340 attached [pid 6340] set_robust_list(0x7f549a0769e0, 24) = 0 [ 215.370224][ T27] audit: type=1804 audit(1671454796.109:420): pid=6339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/418/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6340] sendfile(4, 5, NULL, 145139829833722 [pid 6338] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6338] exit_group(0) = ? [pid 6339] <... sendfile resumed>) = ? [pid 6339] +++ exited with 0 +++ [pid 6340] <... sendfile resumed>) = ? [pid 6340] +++ exited with 0 +++ [pid 6338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6338, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./418/binderfs") = 0 umount2("./418/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./418/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./418/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./418/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6341 ./strace-static-x86_64: Process 6341 attached [pid 6341] set_robust_list(0x5555556365e0, 24) = 0 [pid 6341] chdir("./419") = 0 [pid 6341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6341] setpgid(0, 0) = 0 [pid 6341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6341] write(3, "1000", 4) = 4 [pid 6341] close(3) = 0 [pid 6341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6341] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6341] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6342], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6342 ./strace-static-x86_64: Process 6342 attached [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6342] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6342] memfd_create("syzkaller", 0) = 3 [pid 6342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6342] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6342] munmap(0x7f5499e77000, 2097152) = 0 [pid 6342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6342] close(3) = 0 [pid 6342] mkdir("./bus", 0777) = 0 [pid 6342] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6342] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6342] chdir("./bus") = 0 [pid 6342] ioctl(4, LOOP_CLR_FD) = 0 [pid 6342] close(4) = 0 [pid 6342] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6342] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = 0 [pid 6342] creat("./bus", 000) = 4 [pid 6342] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 215.696507][ T6342] loop0: detected capacity change from 0 to 4096 [ 215.706228][ T6342] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6342] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6342] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = 1 [pid 6342] ftruncate(4, 2048) = 0 [pid 6342] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = 1 [pid 6342] lseek(4, 0, SEEK_END) = 2048 [pid 6342] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] <... futex resumed>) = 1 [pid 6342] open("./bus", O_RDONLY) = 5 [pid 6342] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] <... futex resumed>) = 0 [pid 6341] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] sendfile(4, 5, NULL, 145139829833722 [pid 6341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6341] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6341] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6341] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6341] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6343 attached , parent_tid=[6343], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6343 [pid 6341] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6343] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6343] sendfile(4, 5, NULL, 145139829833722 [pid 6341] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6341] exit_group(0) = ? [pid 6343] <... sendfile resumed>) = ? [pid 6343] +++ exited with 0 +++ [pid 6342] <... sendfile resumed>) = ? [pid 6342] +++ exited with 0 +++ [pid 6341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6341, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./419/binderfs") = 0 umount2("./419/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./419/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./419/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./419/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6344 ./strace-static-x86_64: Process 6344 attached [pid 6344] set_robust_list(0x5555556365e0, 24) = 0 [pid 6344] chdir("./420") = 0 [pid 6344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6344] setpgid(0, 0) = 0 [pid 6344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6344] write(3, "1000", 4) = 4 [pid 6344] close(3) = 0 [pid 6344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6344] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6344] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6345], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6345 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6345 attached [pid 6345] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6345] memfd_create("syzkaller", 0) = 3 [pid 6345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6345] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6345] munmap(0x7f5499e77000, 2097152) = 0 [pid 6345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6345] close(3) = 0 [pid 6345] mkdir("./bus", 0777) = 0 [pid 6345] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6345] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6345] chdir("./bus") = 0 [pid 6345] ioctl(4, LOOP_CLR_FD) = 0 [pid 6345] close(4) = 0 [pid 6345] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... futex resumed>) = 1 [pid 6345] creat("./bus", 000) = 4 [pid 6345] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... futex resumed>) = 1 [pid 6345] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6345] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... futex resumed>) = 1 [pid 6345] ftruncate(4, 2048) = 0 [pid 6345] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6345] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... futex resumed>) = 0 [pid 6345] lseek(4, 0, SEEK_END) = 2048 [pid 6345] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] <... futex resumed>) = 1 [pid 6345] open("./bus", O_RDONLY) = 5 [pid 6345] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6345] sendfile(4, 5, NULL, 145139829833722 [ 216.093916][ T6345] loop0: detected capacity change from 0 to 4096 [ 216.104044][ T6345] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6344] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6344] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6344] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6344] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6346], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6346 [pid 6344] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6346 attached [pid 6346] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6346] sendfile(4, 5, NULL, 145139829833722 [pid 6344] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6344] exit_group(0 [pid 6346] <... sendfile resumed>) = ? [pid 6344] <... exit_group resumed>) = ? [pid 6346] +++ exited with 0 +++ [pid 6345] <... sendfile resumed>) = ? [pid 6345] +++ exited with 0 +++ [pid 6344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6344, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./420/binderfs") = 0 umount2("./420/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./420/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./420/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./420/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6347 attached [pid 6347] set_robust_list(0x5555556365e0, 24) = 0 [pid 6347] chdir("./421") = 0 [pid 6347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5075] <... clone resumed>, child_tidptr=0x5555556365d0) = 6347 [pid 6347] <... prctl resumed>) = 0 [pid 6347] setpgid(0, 0) = 0 [pid 6347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6347] write(3, "1000", 4) = 4 [pid 6347] close(3) = 0 [pid 6347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6347] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6347] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6348 attached , parent_tid=[6348], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6348 [pid 6348] set_robust_list(0x7f54a22979e0, 24 [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] <... set_robust_list resumed>) = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6348] memfd_create("syzkaller", 0) = 3 [pid 6348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6348] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6348] munmap(0x7f5499e77000, 2097152) = 0 [pid 6348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6348] close(3) = 0 [pid 6348] mkdir("./bus", 0777) = 0 [pid 6348] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6348] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6348] chdir("./bus") = 0 [pid 6348] ioctl(4, LOOP_CLR_FD) = 0 [pid 6348] close(4) = 0 [pid 6348] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 0 [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6348] <... futex resumed>) = 1 [pid 6348] creat("./bus", 000) = 4 [pid 6348] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 0 [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6348] <... futex resumed>) = 1 [pid 6348] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6348] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 0 [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6348] <... futex resumed>) = 1 [pid 6348] ftruncate(4, 2048) = 0 [pid 6348] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6348] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6347] <... futex resumed>) = 0 [pid 6348] lseek(4, 0, SEEK_END [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6348] <... lseek resumed>) = 2048 [pid 6348] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6348] open("./bus", O_RDONLY) = 5 [pid 6348] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6347] <... futex resumed>) = 0 [pid 6348] sendfile(4, 5, NULL, 145139829833722 [ 216.464040][ T6348] loop0: detected capacity change from 0 to 4096 [ 216.474018][ T6348] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6347] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6347] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6347] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6347] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6349], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6349 [pid 6347] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6349 attached [pid 6347] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6349] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6349] sendfile(4, 5, NULL, 145139829833722 [pid 6347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6347] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6347] exit_group(0) = ? [pid 6348] <... sendfile resumed>) = ? [pid 6348] +++ exited with 0 +++ [pid 6349] <... sendfile resumed>) = ? [pid 6349] +++ exited with 0 +++ [pid 6347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6347, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./421/binderfs") = 0 umount2("./421/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./421/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./421/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./421/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6350 ./strace-static-x86_64: Process 6350 attached [pid 6350] set_robust_list(0x5555556365e0, 24) = 0 [pid 6350] chdir("./422") = 0 [pid 6350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6350] setpgid(0, 0) = 0 [pid 6350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6350] write(3, "1000", 4) = 4 [pid 6350] close(3) = 0 [pid 6350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6350] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6350] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6351 attached , parent_tid=[6351], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6351 [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6351] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6351] memfd_create("syzkaller", 0) = 3 [pid 6351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6351] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6351] munmap(0x7f5499e77000, 2097152) = 0 [pid 6351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6351] close(3) = 0 [pid 6351] mkdir("./bus", 0777) = 0 [pid 6351] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6351] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6351] chdir("./bus") = 0 [pid 6351] ioctl(4, LOOP_CLR_FD) = 0 [pid 6351] close(4) = 0 [pid 6351] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6351] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] <... futex resumed>) = 0 [pid 6351] creat("./bus", 000) = 4 [pid 6351] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6351] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6350] <... futex resumed>) = 0 [pid 6351] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] <... fcntl resumed>) = 0 [pid 6351] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6351] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6350] <... futex resumed>) = 0 [pid 6351] ftruncate(4, 2048 [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] <... ftruncate resumed>) = 0 [pid 6351] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6351] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6350] <... futex resumed>) = 0 [pid 6351] lseek(4, 0, SEEK_END) = 2048 [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] <... futex resumed>) = 0 [pid 6351] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6350] <... futex resumed>) = 0 [pid 6351] open("./bus", O_RDONLY [ 216.846769][ T6351] loop0: detected capacity change from 0 to 4096 [ 216.857225][ T6351] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] <... open resumed>) = 5 [pid 6351] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] <... futex resumed>) = 0 [pid 6350] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] <... futex resumed>) = 1 [pid 6350] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] sendfile(4, 5, NULL, 145139829833722 [pid 6350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6350] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6350] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6350] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6352], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6352 [pid 6350] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6352 attached [pid 6352] set_robust_list(0x7f549a0769e0, 24) = 0 [ 216.894255][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 216.894269][ T27] audit: type=1804 audit(1671454797.639:424): pid=6351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/422/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6352] sendfile(4, 5, NULL, 145139829833722 [pid 6350] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6350] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6350] exit_group(0) = ? [pid 6352] <... sendfile resumed>) = ? [pid 6352] +++ exited with 0 +++ [pid 6351] <... sendfile resumed>) = ? [pid 6351] +++ exited with 0 +++ [pid 6350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6350, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./422/binderfs") = 0 umount2("./422/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./422/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./422/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./422/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6353 ./strace-static-x86_64: Process 6353 attached [pid 6353] set_robust_list(0x5555556365e0, 24) = 0 [pid 6353] chdir("./423") = 0 [pid 6353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6353] setpgid(0, 0) = 0 [pid 6353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6353] write(3, "1000", 4) = 4 [pid 6353] close(3) = 0 [pid 6353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6353] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6353] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6354 attached , parent_tid=[6354], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6354 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6354] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6354] memfd_create("syzkaller", 0) = 3 [pid 6354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6354] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6354] munmap(0x7f5499e77000, 2097152) = 0 [pid 6354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6354] close(3) = 0 [pid 6354] mkdir("./bus", 0777) = 0 [pid 6354] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6354] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6354] chdir("./bus") = 0 [pid 6354] ioctl(4, LOOP_CLR_FD) = 0 [pid 6354] close(4) = 0 [pid 6354] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6354] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6353] <... futex resumed>) = 0 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... futex resumed>) = 0 [pid 6354] creat("./bus", 000) = 4 [pid 6354] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = 0 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... futex resumed>) = 1 [pid 6354] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6354] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6353] <... futex resumed>) = 0 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] ftruncate(4, 2048) = 0 [pid 6354] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = 0 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... futex resumed>) = 1 [pid 6354] lseek(4, 0, SEEK_END) = 2048 [pid 6354] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = 0 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 217.225451][ T6354] loop0: detected capacity change from 0 to 4096 [ 217.235137][ T6354] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... futex resumed>) = 1 [pid 6354] open("./bus", O_RDONLY) = 5 [pid 6354] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = 0 [pid 6353] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] <... futex resumed>) = 1 [pid 6354] sendfile(4, 5, NULL, 145139829833722 [pid 6353] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6353] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6353] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6353] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6355 attached [pid 6355] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6355] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6353] <... clone resumed>, parent_tid=[6355], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6355 [pid 6353] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6355] <... futex resumed>) = 0 [pid 6355] sendfile(4, 5, NULL, 145139829833722 [ 217.287398][ T27] audit: type=1804 audit(1671454798.029:425): pid=6354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/423/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6353] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6353] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6353] exit_group(0 [pid 6355] <... sendfile resumed>) = ? [pid 6353] <... exit_group resumed>) = ? [pid 6355] +++ exited with 0 +++ [pid 6354] <... sendfile resumed>) = ? [pid 6354] +++ exited with 0 +++ [pid 6353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6353, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./423/binderfs") = 0 umount2("./423/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./423/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./423/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./423/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6356 ./strace-static-x86_64: Process 6356 attached [pid 6356] set_robust_list(0x5555556365e0, 24) = 0 [pid 6356] chdir("./424") = 0 [pid 6356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6356] setpgid(0, 0) = 0 [pid 6356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6356] write(3, "1000", 4) = 4 [pid 6356] close(3) = 0 [pid 6356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6356] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6356] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6357], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6357 ./strace-static-x86_64: Process 6357 attached [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6357] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6357] memfd_create("syzkaller", 0) = 3 [pid 6357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6357] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6357] munmap(0x7f5499e77000, 2097152) = 0 [pid 6357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6357] close(3) = 0 [pid 6357] mkdir("./bus", 0777) = 0 [pid 6357] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6357] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6357] chdir("./bus") = 0 [pid 6357] ioctl(4, LOOP_CLR_FD) = 0 [pid 6357] close(4) = 0 [pid 6357] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6357] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6356] <... futex resumed>) = 0 [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = 0 [pid 6356] <... futex resumed>) = 1 [pid 6357] creat("./bus", 000 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6357] <... creat resumed>) = 4 [pid 6357] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6357] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6357] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 217.618319][ T6357] loop0: detected capacity change from 0 to 4096 [ 217.628001][ T6357] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6357] ftruncate(4, 2048) = 0 [pid 6357] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6357] <... futex resumed>) = 1 [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6357] lseek(4, 0, SEEK_END) = 2048 [pid 6357] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6356] <... futex resumed>) = 0 [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] open("./bus", O_RDONLY [pid 6356] <... futex resumed>) = 0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6357] <... open resumed>) = 5 [pid 6357] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6356] <... futex resumed>) = 0 [pid 6357] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6356] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6356] <... futex resumed>) = 0 [pid 6357] sendfile(4, 5, NULL, 145139829833722 [ 217.684863][ T27] audit: type=1804 audit(1671454798.429:426): pid=6357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/424/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6356] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6356] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6356] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6356] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6358 attached , parent_tid=[6358], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6358 [pid 6358] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6358] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6356] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] <... futex resumed>) = 0 [pid 6356] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6358] sendfile(4, 5, NULL, 145139829833722 [pid 6356] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6356] exit_group(0) = ? [pid 6357] <... sendfile resumed>) = ? [pid 6358] <... sendfile resumed>) = ? [pid 6357] +++ exited with 0 +++ [pid 6358] +++ exited with 0 +++ [pid 6356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6356, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./424/binderfs") = 0 umount2("./424/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./424/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./424/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./424/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6359 ./strace-static-x86_64: Process 6359 attached [pid 6359] set_robust_list(0x5555556365e0, 24) = 0 [pid 6359] chdir("./425") = 0 [pid 6359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6359] setpgid(0, 0) = 0 [pid 6359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6359] write(3, "1000", 4) = 4 [pid 6359] close(3) = 0 [pid 6359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6359] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6359] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6360], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6360 [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6360 attached [pid 6360] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6360] memfd_create("syzkaller", 0) = 3 [pid 6360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6360] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6360] munmap(0x7f5499e77000, 2097152) = 0 [pid 6360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6360] close(3) = 0 [pid 6360] mkdir("./bus", 0777) = 0 [pid 6360] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6360] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6360] chdir("./bus") = 0 [pid 6360] ioctl(4, LOOP_CLR_FD) = 0 [pid 6360] close(4) = 0 [pid 6360] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6360] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6359] <... futex resumed>) = 0 [pid 6360] creat("./bus", 000 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] <... creat resumed>) = 4 [pid 6360] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6360] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6359] <... futex resumed>) = 0 [pid 6360] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] <... fcntl resumed>) = 0 [pid 6360] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] ftruncate(4, 2048) = 0 [ 218.024866][ T6360] loop0: detected capacity change from 0 to 4096 [ 218.034576][ T6360] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6360] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6360] lseek(4, 0, SEEK_END [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... lseek resumed>) = 2048 [pid 6359] <... futex resumed>) = 0 [pid 6360] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] <... futex resumed>) = 0 [pid 6359] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6360] open("./bus", O_RDONLY [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6360] <... open resumed>) = 5 [pid 6360] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6360] sendfile(4, 5, NULL, 145139829833722 [pid 6359] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.082990][ T27] audit: type=1804 audit(1671454798.829:427): pid=6360 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/425/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6359] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6359] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6359] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6359] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6361], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6361 [pid 6359] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6361 attached [pid 6361] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6361] sendfile(4, 5, NULL, 145139829833722 [pid 6359] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6359] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6359] exit_group(0) = ? [pid 6361] <... sendfile resumed>) = ? [pid 6360] <... sendfile resumed>) = ? [pid 6361] +++ exited with 0 +++ [pid 6360] +++ exited with 0 +++ [pid 6359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6359, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./425/binderfs") = 0 umount2("./425/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./425/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./425/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./425/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6362 ./strace-static-x86_64: Process 6362 attached [pid 6362] set_robust_list(0x5555556365e0, 24) = 0 [pid 6362] chdir("./426") = 0 [pid 6362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6362] setpgid(0, 0) = 0 [pid 6362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6362] write(3, "1000", 4) = 4 [pid 6362] close(3) = 0 [pid 6362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6362] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6362] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6363], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6363 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6363 attached [pid 6363] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6363] memfd_create("syzkaller", 0) = 3 [pid 6363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6363] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6363] munmap(0x7f5499e77000, 2097152) = 0 [pid 6363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6363] close(3) = 0 [pid 6363] mkdir("./bus", 0777) = 0 [pid 6363] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6363] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6363] chdir("./bus") = 0 [pid 6363] ioctl(4, LOOP_CLR_FD) = 0 [pid 6363] close(4) = 0 [pid 6363] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] <... futex resumed>) = 1 [pid 6363] creat("./bus", 000) = 4 [pid 6363] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] <... futex resumed>) = 1 [pid 6363] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6363] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] <... futex resumed>) = 1 [pid 6363] ftruncate(4, 2048) = 0 [pid 6363] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6363] <... futex resumed>) = 1 [pid 6363] lseek(4, 0, SEEK_END) = 2048 [pid 6363] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6362] <... futex resumed>) = 0 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 218.431342][ T6363] loop0: detected capacity change from 0 to 4096 [ 218.441849][ T6363] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6363] open("./bus", O_RDONLY) = 5 [pid 6363] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6362] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 218.485371][ T27] audit: type=1804 audit(1671454799.229:428): pid=6363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/426/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6363] sendfile(4, 5, NULL, 145139829833722 [pid 6362] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6362] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6362] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6362] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6364 attached , parent_tid=[6364], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6364 [pid 6364] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6362] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6364] sendfile(4, 5, NULL, 145139829833722 [pid 6362] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6362] exit_group(0 [pid 6364] <... sendfile resumed>) = ? [pid 6362] <... exit_group resumed>) = ? [pid 6364] +++ exited with 0 +++ [pid 6363] <... sendfile resumed>) = ? [pid 6363] +++ exited with 0 +++ [pid 6362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6362, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./426/binderfs") = 0 umount2("./426/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./426/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./426/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./426/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6365 ./strace-static-x86_64: Process 6365 attached [pid 6365] set_robust_list(0x5555556365e0, 24) = 0 [pid 6365] chdir("./427") = 0 [pid 6365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6365] setpgid(0, 0) = 0 [pid 6365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6365] write(3, "1000", 4) = 4 [pid 6365] close(3) = 0 [pid 6365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6365] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6366], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6366 [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6366 attached [pid 6366] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6366] memfd_create("syzkaller", 0) = 3 [pid 6366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6366] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6366] munmap(0x7f5499e77000, 2097152) = 0 [pid 6366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6366] close(3) = 0 [pid 6366] mkdir("./bus", 0777) = 0 [pid 6366] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6366] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6366] chdir("./bus") = 0 [pid 6366] ioctl(4, LOOP_CLR_FD) = 0 [pid 6366] close(4) = 0 [pid 6366] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] creat("./bus", 000) = 4 [pid 6366] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6366] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] ftruncate(4, 2048) = 0 [pid 6366] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] lseek(4, 0, SEEK_END) = 2048 [pid 6366] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] <... futex resumed>) = 0 [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 218.828237][ T6366] loop0: detected capacity change from 0 to 4096 [ 218.837793][ T6366] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6366] <... futex resumed>) = 1 [pid 6366] open("./bus", O_RDONLY) = 5 [pid 6366] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6365] <... futex resumed>) = 0 [pid 6366] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6365] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6365] <... futex resumed>) = 0 [pid 6366] sendfile(4, 5, NULL, 145139829833722 [ 218.879290][ T27] audit: type=1804 audit(1671454799.619:429): pid=6366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/427/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6365] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6365] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6365] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6365] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6367], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6367 [pid 6365] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6367 attached [pid 6367] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6367] sendfile(4, 5, NULL, 145139829833722 [pid 6365] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6365] exit_group(0) = ? [pid 6366] <... sendfile resumed>) = ? [pid 6366] +++ exited with 0 +++ [pid 6367] <... sendfile resumed>) = ? [pid 6367] +++ exited with 0 +++ [pid 6365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6365, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./427/binderfs") = 0 umount2("./427/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./427/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./427/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./427/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6368 ./strace-static-x86_64: Process 6368 attached [pid 6368] set_robust_list(0x5555556365e0, 24) = 0 [pid 6368] chdir("./428") = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0) = 0 [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6368] write(3, "1000", 4) = 4 [pid 6368] close(3) = 0 [pid 6368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6368] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6369], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6369 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6369 attached [pid 6369] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6369] memfd_create("syzkaller", 0) = 3 [pid 6369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6369] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6369] munmap(0x7f5499e77000, 2097152) = 0 [pid 6369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6369] close(3) = 0 [pid 6369] mkdir("./bus", 0777) = 0 [pid 6369] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6369] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6369] chdir("./bus") = 0 [pid 6369] ioctl(4, LOOP_CLR_FD) = 0 [pid 6369] close(4) = 0 [pid 6369] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... futex resumed>) = 1 [pid 6369] creat("./bus", 000) = 4 [pid 6369] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... fcntl resumed>) = 0 [pid 6369] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6369] ftruncate(4, 2048 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... ftruncate resumed>) = 0 [pid 6369] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... futex resumed>) = 1 [pid 6369] lseek(4, 0, SEEK_END) = 2048 [pid 6369] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... futex resumed>) = 1 [ 219.222342][ T6369] loop0: detected capacity change from 0 to 4096 [ 219.232055][ T6369] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6369] open("./bus", O_RDONLY) = 5 [pid 6369] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6369] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] <... futex resumed>) = 0 [pid 6368] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6368] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6369] <... futex resumed>) = 0 [pid 6369] sendfile(4, 5, NULL, 145139829833722 [pid 6368] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6368] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 219.275065][ T27] audit: type=1804 audit(1671454800.019:430): pid=6369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/428/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6368] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6368] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6370 attached , parent_tid=[6370], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6370 [pid 6370] set_robust_list(0x7f549a0769e0, 24 [pid 6368] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6370] <... set_robust_list resumed>) = 0 [pid 6368] <... futex resumed>) = 0 [pid 6370] sendfile(4, 5, NULL, 145139829833722 [pid 6368] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6368] exit_group(0) = ? [pid 6370] <... sendfile resumed>) = ? [pid 6370] +++ exited with 0 +++ [pid 6369] <... sendfile resumed>) = ? [pid 6369] +++ exited with 0 +++ [pid 6368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6368, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./428/binderfs") = 0 umount2("./428/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./428/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./428/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./428/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6371 ./strace-static-x86_64: Process 6371 attached [pid 6371] set_robust_list(0x5555556365e0, 24) = 0 [pid 6371] chdir("./429") = 0 [pid 6371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6371] setpgid(0, 0) = 0 [pid 6371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6371] write(3, "1000", 4) = 4 [pid 6371] close(3) = 0 [pid 6371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6371] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6371] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6372 attached , parent_tid=[6372], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6372 [pid 6372] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6372] memfd_create("syzkaller", 0) = 3 [pid 6372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6372] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6372] munmap(0x7f5499e77000, 2097152) = 0 [pid 6372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6372] close(3) = 0 [pid 6372] mkdir("./bus", 0777) = 0 [pid 6372] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6372] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6372] chdir("./bus") = 0 [pid 6372] ioctl(4, LOOP_CLR_FD) = 0 [pid 6372] close(4) = 0 [pid 6372] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6371] <... futex resumed>) = 0 [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6372] <... futex resumed>) = 0 [pid 6372] creat("./bus", 000) = 4 [pid 6372] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = 0 [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6372] <... futex resumed>) = 1 [pid 6372] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6372] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = 0 [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6372] <... futex resumed>) = 1 [pid 6372] ftruncate(4, 2048) = 0 [pid 6372] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6371] <... futex resumed>) = 0 [pid 6372] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] <... futex resumed>) = 0 [pid 6372] lseek(4, 0, SEEK_END [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6372] <... lseek resumed>) = 2048 [pid 6372] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6371] <... futex resumed>) = 0 [pid 6372] open("./bus", O_RDONLY [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] <... open resumed>) = 5 [pid 6371] <... futex resumed>) = 0 [ 219.600172][ T6372] loop0: detected capacity change from 0 to 4096 [ 219.609831][ T6372] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6372] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] <... futex resumed>) = 0 [pid 6371] <... futex resumed>) = 1 [pid 6372] sendfile(4, 5, NULL, 145139829833722 [ 219.654018][ T27] audit: type=1804 audit(1671454800.399:431): pid=6372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/429/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6371] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6371] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6371] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6371] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6373 attached [pid 6373] set_robust_list(0x7f549a0769e0, 24 [pid 6371] <... clone resumed>, parent_tid=[6373], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6373 [pid 6373] <... set_robust_list resumed>) = 0 [pid 6371] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] sendfile(4, 5, NULL, 145139829833722 [pid 6371] <... futex resumed>) = 0 [pid 6371] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6371] exit_group(0) = ? [pid 6373] <... sendfile resumed>) = ? [pid 6373] +++ exited with 0 +++ [pid 6372] <... sendfile resumed>) = ? [pid 6372] +++ exited with 0 +++ [pid 6371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6371, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./429/binderfs") = 0 umount2("./429/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./429/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./429/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./429/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6374 ./strace-static-x86_64: Process 6374 attached [pid 6374] set_robust_list(0x5555556365e0, 24) = 0 [pid 6374] chdir("./430") = 0 [pid 6374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6374] setpgid(0, 0) = 0 [pid 6374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6374] write(3, "1000", 4) = 4 [pid 6374] close(3) = 0 [pid 6374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6374] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6374] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6375], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6375 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6375 attached [pid 6375] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6375] memfd_create("syzkaller", 0) = 3 [pid 6375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6375] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6375] munmap(0x7f5499e77000, 2097152) = 0 [pid 6375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6375] close(3) = 0 [pid 6375] mkdir("./bus", 0777) = 0 [pid 6375] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6375] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6375] chdir("./bus") = 0 [pid 6375] ioctl(4, LOOP_CLR_FD) = 0 [pid 6375] close(4) = 0 [pid 6375] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] creat("./bus", 000) = 4 [pid 6375] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] <... futex resumed>) = 1 [pid 6375] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6375] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] <... futex resumed>) = 1 [pid 6375] ftruncate(4, 2048) = 0 [pid 6375] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 1 [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] lseek(4, 0, SEEK_END) = 2048 [pid 6375] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6375] <... futex resumed>) = 1 [ 219.986025][ T6375] loop0: detected capacity change from 0 to 4096 [ 219.995287][ T6375] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6375] open("./bus", O_RDONLY) = 5 [pid 6375] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6374] <... futex resumed>) = 0 [pid 6374] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6374] <... futex resumed>) = 1 [pid 6375] sendfile(4, 5, NULL, 145139829833722 [ 220.036925][ T27] audit: type=1804 audit(1671454800.779:432): pid=6375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/430/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6374] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6374] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6374] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6374] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6376], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6376 ./strace-static-x86_64: Process 6376 attached [pid 6374] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6374] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6376] sendfile(4, 5, NULL, 145139829833722 [pid 6374] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6374] exit_group(0) = ? [pid 6375] <... sendfile resumed>) = ? [pid 6376] <... sendfile resumed>) = ? [pid 6376] +++ exited with 0 +++ [pid 6375] +++ exited with 0 +++ [pid 6374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6374, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./430/binderfs") = 0 umount2("./430/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./430/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./430/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./430/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6379 attached , child_tidptr=0x5555556365d0) = 6379 [pid 6379] set_robust_list(0x5555556365e0, 24) = 0 [pid 6379] chdir("./431") = 0 [pid 6379] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6379] setpgid(0, 0) = 0 [pid 6379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6379] write(3, "1000", 4) = 4 [pid 6379] close(3) = 0 [pid 6379] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6379] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6379] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6380], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6380 [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6380 attached [pid 6380] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6380] memfd_create("syzkaller", 0) = 3 [pid 6380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6380] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6380] munmap(0x7f5499e77000, 2097152) = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6380] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6380] close(3) = 0 [pid 6380] mkdir("./bus", 0777) = 0 [pid 6380] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6380] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6380] chdir("./bus") = 0 [pid 6380] ioctl(4, LOOP_CLR_FD) = 0 [pid 6380] close(4) = 0 [pid 6380] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6380] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] <... futex resumed>) = 0 [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = 0 [pid 6379] <... futex resumed>) = 1 [pid 6380] creat("./bus", 000 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... creat resumed>) = 4 [pid 6380] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6380] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... fcntl resumed>) = 0 [pid 6379] <... futex resumed>) = 0 [pid 6380] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... futex resumed>) = 0 [pid 6379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] ftruncate(4, 2048) = 0 [pid 6380] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6380] lseek(4, 0, SEEK_END [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... lseek resumed>) = 2048 [pid 6379] <... futex resumed>) = 0 [pid 6380] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6380] <... futex resumed>) = 0 [ 220.404949][ T6380] loop0: detected capacity change from 0 to 4096 [ 220.414730][ T6380] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6380] open("./bus", O_RDONLY [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] <... open resumed>) = 5 [pid 6380] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6380] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] <... futex resumed>) = 0 [pid 6379] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = 0 [pid 6379] <... futex resumed>) = 1 [pid 6380] sendfile(4, 5, NULL, 145139829833722 [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6379] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6379] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6379] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6379] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6381 attached , parent_tid=[6381], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6381 [pid 6379] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6381] set_robust_list(0x7f549a0769e0, 24) = 0 [ 220.462128][ T27] audit: type=1804 audit(1671454801.209:433): pid=6380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/431/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6381] sendfile(4, 5, NULL, 145139829833722 [pid 6379] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6379] exit_group(0) = ? [pid 6381] <... sendfile resumed>) = ? [pid 6380] <... sendfile resumed>) = ? [pid 6381] +++ exited with 0 +++ [pid 6380] +++ exited with 0 +++ [pid 6379] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6379, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./431/binderfs") = 0 umount2("./431/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./431/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./431/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./431/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6382 attached , child_tidptr=0x5555556365d0) = 6382 [pid 6382] set_robust_list(0x5555556365e0, 24) = 0 [pid 6382] chdir("./432") = 0 [pid 6382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6382] setpgid(0, 0) = 0 [pid 6382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6382] write(3, "1000", 4) = 4 [pid 6382] close(3) = 0 [pid 6382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6382] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6382] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6383 attached , parent_tid=[6383], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6383 [pid 6383] set_robust_list(0x7f54a22979e0, 24 [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... set_robust_list resumed>) = 0 [pid 6382] <... futex resumed>) = 0 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6383] memfd_create("syzkaller", 0) = 3 [pid 6383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6383] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6383] munmap(0x7f5499e77000, 2097152) = 0 [pid 6383] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6383] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6383] close(3) = 0 [pid 6383] mkdir("./bus", 0777) = 0 [pid 6383] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6383] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6383] chdir("./bus") = 0 [pid 6383] ioctl(4, LOOP_CLR_FD) = 0 [pid 6383] close(4) = 0 [pid 6383] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] <... futex resumed>) = 0 [pid 6383] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] <... futex resumed>) = 0 [pid 6383] creat("./bus", 000 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... creat resumed>) = 4 [pid 6383] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = 0 [pid 6382] <... futex resumed>) = 1 [pid 6383] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... fcntl resumed>) = 0 [pid 6383] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] <... futex resumed>) = 0 [pid 6383] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] <... futex resumed>) = 0 [pid 6383] ftruncate(4, 2048 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... ftruncate resumed>) = 0 [pid 6383] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] <... futex resumed>) = 0 [pid 6383] lseek(4, 0, SEEK_END [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... lseek resumed>) = 2048 [pid 6382] <... futex resumed>) = 0 [pid 6383] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... futex resumed>) = 0 [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 220.792286][ T6383] loop0: detected capacity change from 0 to 4096 [ 220.801532][ T6383] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6383] open("./bus", O_RDONLY [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... open resumed>) = 5 [pid 6382] <... futex resumed>) = 0 [pid 6383] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6383] <... futex resumed>) = 0 [pid 6383] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = 0 [pid 6382] <... futex resumed>) = 1 [pid 6383] sendfile(4, 5, NULL, 145139829833722 [pid 6382] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6382] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6382] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6382] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6384 attached , parent_tid=[6384], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6384 [pid 6384] set_robust_list(0x7f549a0769e0, 24 [pid 6382] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... set_robust_list resumed>) = 0 [pid 6382] <... futex resumed>) = 0 [pid 6384] sendfile(4, 5, NULL, 145139829833722 [pid 6382] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6382] exit_group(0) = ? [pid 6384] <... sendfile resumed>) = ? [pid 6384] +++ exited with 0 +++ [pid 6383] <... sendfile resumed>) = ? [pid 6383] +++ exited with 0 +++ [pid 6382] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6382, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./432/binderfs") = 0 umount2("./432/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./432/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./432/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./432/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6385 ./strace-static-x86_64: Process 6385 attached [pid 6385] set_robust_list(0x5555556365e0, 24) = 0 [pid 6385] chdir("./433") = 0 [pid 6385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6385] setpgid(0, 0) = 0 [pid 6385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6385] write(3, "1000", 4) = 4 [pid 6385] close(3) = 0 [pid 6385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6385] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6386 attached , parent_tid=[6386], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6386 [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] set_robust_list(0x7f54a22979e0, 24 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6386] <... set_robust_list resumed>) = 0 [pid 6386] memfd_create("syzkaller", 0) = 3 [pid 6386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6386] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6386] munmap(0x7f5499e77000, 2097152) = 0 [pid 6386] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6386] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6386] close(3) = 0 [pid 6386] mkdir("./bus", 0777) = 0 [pid 6386] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6386] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6386] chdir("./bus") = 0 [pid 6386] ioctl(4, LOOP_CLR_FD) = 0 [pid 6386] close(4) = 0 [pid 6386] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] creat("./bus", 000) = 4 [pid 6386] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... fcntl resumed>) = 0 [pid 6386] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] ftruncate(4, 2048 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... ftruncate resumed>) = 0 [pid 6386] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6386] lseek(4, 0, SEEK_END [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6386] <... lseek resumed>) = 2048 [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6386] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6386] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6385] <... futex resumed>) = 0 [pid 6386] open("./bus", O_RDONLY [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6386] <... open resumed>) = 5 [pid 6386] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 221.193228][ T6386] loop0: detected capacity change from 0 to 4096 [ 221.203826][ T6386] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6386] sendfile(4, 5, NULL, 145139829833722 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6385] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6385] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6385] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6385] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6387 attached , parent_tid=[6387], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6387 [pid 6387] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6385] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6387] sendfile(4, 5, NULL, 145139829833722 [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6385] exit_group(0) = ? [pid 6386] <... sendfile resumed>) = ? [pid 6387] <... sendfile resumed>) = ? [pid 6387] +++ exited with 0 +++ [pid 6386] +++ exited with 0 +++ [pid 6385] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6385, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./433/binderfs") = 0 umount2("./433/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./433/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./433/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./433/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./433/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6388 ./strace-static-x86_64: Process 6388 attached [pid 6388] set_robust_list(0x5555556365e0, 24) = 0 [pid 6388] chdir("./434") = 0 [pid 6388] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6388] setpgid(0, 0) = 0 [pid 6388] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6388] write(3, "1000", 4) = 4 [pid 6388] close(3) = 0 [pid 6388] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6388] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6389 attached , parent_tid=[6389], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6389 [pid 6389] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6389] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6389] memfd_create("syzkaller", 0) = 3 [pid 6389] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6389] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6389] munmap(0x7f5499e77000, 2097152) = 0 [pid 6389] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6389] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6389] close(3) = 0 [pid 6389] mkdir("./bus", 0777) = 0 [pid 6389] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6389] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6389] chdir("./bus") = 0 [pid 6389] ioctl(4, LOOP_CLR_FD) = 0 [pid 6389] close(4) = 0 [pid 6389] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] creat("./bus", 000) = 4 [pid 6389] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6389] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] ftruncate(4, 2048) = 0 [pid 6389] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6389] lseek(4, 0, SEEK_END [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... lseek resumed>) = 2048 [pid 6388] <... futex resumed>) = 0 [ 221.589868][ T6389] loop0: detected capacity change from 0 to 4096 [ 221.599768][ T6389] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] <... futex resumed>) = 0 [pid 6388] <... futex resumed>) = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] open("./bus", O_RDONLY) = 5 [pid 6389] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] <... futex resumed>) = 0 [pid 6389] sendfile(4, 5, NULL, 145139829833722 [pid 6388] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6388] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6388] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6388] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6390], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6390 ./strace-static-x86_64: Process 6390 attached [pid 6390] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6390] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6388] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6390] <... futex resumed>) = 0 [pid 6388] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6390] sendfile(4, 5, NULL, 145139829833722 [pid 6388] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6388] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6388] exit_group(0) = ? [pid 6390] <... sendfile resumed>) = ? [pid 6390] +++ exited with 0 +++ [pid 6389] <... sendfile resumed>) = ? [pid 6389] +++ exited with 0 +++ [pid 6388] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6388, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./434/binderfs") = 0 umount2("./434/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./434/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./434/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./434/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6391 ./strace-static-x86_64: Process 6391 attached [pid 6391] set_robust_list(0x5555556365e0, 24) = 0 [pid 6391] chdir("./435") = 0 [pid 6391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6391] setpgid(0, 0) = 0 [pid 6391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6391] write(3, "1000", 4) = 4 [pid 6391] close(3) = 0 [pid 6391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6391] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6391] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6392], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6392 [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6392 attached [pid 6392] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6392] memfd_create("syzkaller", 0) = 3 [pid 6392] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6392] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6392] munmap(0x7f5499e77000, 2097152) = 0 [pid 6392] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6392] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6392] close(3) = 0 [pid 6392] mkdir("./bus", 0777) = 0 [pid 6392] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6392] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6392] chdir("./bus") = 0 [pid 6392] ioctl(4, LOOP_CLR_FD) = 0 [pid 6392] close(4) = 0 [pid 6392] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6392] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... futex resumed>) = 0 [pid 6392] creat("./bus", 000) = 4 [pid 6392] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6392] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] ftruncate(4, 2048) = 0 [pid 6392] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [pid 6392] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] lseek(4, 0, SEEK_END) = 2048 [pid 6392] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] <... futex resumed>) = 0 [ 221.983428][ T6392] loop0: detected capacity change from 0 to 4096 [ 221.993086][ T6392] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6392] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] open("./bus", O_RDONLY) = 5 [pid 6392] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... futex resumed>) = 1 [pid 6392] sendfile(4, 5, NULL, 145139829833722 [pid 6391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6391] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6391] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6391] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6394], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6394 ./strace-static-x86_64: Process 6394 attached [pid 6391] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] set_robust_list(0x7f549a0769e0, 24) = 0 [ 222.046035][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 222.046044][ T27] audit: type=1804 audit(1671454802.789:437): pid=6392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/435/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6394] sendfile(4, 5, NULL, 145139829833722 [pid 6391] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6391] exit_group(0) = ? [pid 6392] <... sendfile resumed>) = ? [pid 6392] +++ exited with 0 +++ [pid 6394] <... sendfile resumed>) = ? [pid 6394] +++ exited with 0 +++ [pid 6391] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6391, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./435/binderfs") = 0 umount2("./435/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./435/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./435/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./435/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6395 attached , child_tidptr=0x5555556365d0) = 6395 [pid 6395] set_robust_list(0x5555556365e0, 24) = 0 [pid 6395] chdir("./436") = 0 [pid 6395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6395] setpgid(0, 0) = 0 [pid 6395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6395] write(3, "1000", 4) = 4 [pid 6395] close(3) = 0 [pid 6395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6395] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6395] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6396 attached , parent_tid=[6396], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6396 [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6396] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6396] memfd_create("syzkaller", 0) = 3 [pid 6396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6396] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6396] munmap(0x7f5499e77000, 2097152) = 0 [pid 6396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6396] close(3) = 0 [pid 6396] mkdir("./bus", 0777) = 0 [pid 6396] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6396] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6396] chdir("./bus") = 0 [pid 6396] ioctl(4, LOOP_CLR_FD) = 0 [pid 6396] close(4) = 0 [pid 6396] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6396] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6395] <... futex resumed>) = 0 [pid 6396] creat("./bus", 000 [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... creat resumed>) = 4 [pid 6396] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6396] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6395] <... futex resumed>) = 0 [pid 6396] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... fcntl resumed>) = 0 [pid 6396] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6396] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6395] <... futex resumed>) = 0 [pid 6396] ftruncate(4, 2048 [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... ftruncate resumed>) = 0 [pid 6396] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6396] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 222.383532][ T6396] loop0: detected capacity change from 0 to 4096 [ 222.392655][ T6396] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6395] <... futex resumed>) = 0 [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] lseek(4, 0, SEEK_END) = 2048 [pid 6396] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] <... futex resumed>) = 0 [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = 0 [pid 6395] <... futex resumed>) = 1 [pid 6396] open("./bus", O_RDONLY [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6396] <... open resumed>) = 5 [pid 6396] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6396] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6395] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6395] <... futex resumed>) = 0 [pid 6396] sendfile(4, 5, NULL, 145139829833722 [pid 6395] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6395] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6395] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6395] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6397], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6397 [pid 6395] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6395] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6397 attached [ 222.447012][ T27] audit: type=1804 audit(1671454803.189:438): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/436/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6397] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6397] sendfile(4, 5, NULL, 145139829833722 [pid 6395] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6395] exit_group(0) = ? [pid 6396] <... sendfile resumed>) = ? [pid 6396] +++ exited with 0 +++ [pid 6397] <... sendfile resumed>) = ? [pid 6397] +++ exited with 0 +++ [pid 6395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6395, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./436/binderfs") = 0 umount2("./436/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./436/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./436/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./436/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6399 ./strace-static-x86_64: Process 6399 attached [pid 6399] set_robust_list(0x5555556365e0, 24) = 0 [pid 6399] chdir("./437") = 0 [pid 6399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6399] setpgid(0, 0) = 0 [pid 6399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6399] write(3, "1000", 4) = 4 [pid 6399] close(3) = 0 [pid 6399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6399] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6399] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6400], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6400 [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6400 attached [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6400] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6400] memfd_create("syzkaller", 0) = 3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6400] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6400] munmap(0x7f5499e77000, 2097152) = 0 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6400] close(3) = 0 [pid 6400] mkdir("./bus", 0777) = 0 [pid 6400] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6400] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./bus") = 0 [pid 6400] ioctl(4, LOOP_CLR_FD) = 0 [pid 6400] close(4) = 0 [pid 6400] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 1 [pid 6400] creat("./bus", 000) = 4 [pid 6400] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6399] <... futex resumed>) = 0 [pid 6400] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... fcntl resumed>) = 0 [pid 6400] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6400] <... futex resumed>) = 0 [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] ftruncate(4, 2048 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... ftruncate resumed>) = 0 [pid 6400] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 1 [pid 6400] lseek(4, 0, SEEK_END) = 2048 [pid 6400] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 1 [ 222.795677][ T6400] loop0: detected capacity change from 0 to 4096 [ 222.805154][ T6400] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6400] open("./bus", O_RDONLY) = 5 [pid 6400] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6399] <... futex resumed>) = 0 [pid 6399] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... futex resumed>) = 1 [pid 6400] sendfile(4, 5, NULL, 145139829833722 [pid 6399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6399] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6399] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6399] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6401], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6401 [pid 6399] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6401 attached [pid 6401] set_robust_list(0x7f549a0769e0, 24) = 0 [ 222.858176][ T27] audit: type=1804 audit(1671454803.599:439): pid=6400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/437/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6401] sendfile(4, 5, NULL, 145139829833722 [pid 6399] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6399] exit_group(0) = ? [pid 6401] <... sendfile resumed>) = ? [pid 6401] +++ exited with 0 +++ [pid 6400] <... sendfile resumed>) = ? [pid 6400] +++ exited with 0 +++ [pid 6399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6399, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./437/binderfs") = 0 umount2("./437/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./437/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./437/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./437/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6402 ./strace-static-x86_64: Process 6402 attached [pid 6402] set_robust_list(0x5555556365e0, 24) = 0 [pid 6402] chdir("./438") = 0 [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6402] setpgid(0, 0) = 0 [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6402] write(3, "1000", 4) = 4 [pid 6402] close(3) = 0 [pid 6402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6402] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6402] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6403], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6403 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6403 attached [pid 6403] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6403] memfd_create("syzkaller", 0) = 3 [pid 6403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6403] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6403] munmap(0x7f5499e77000, 2097152) = 0 [pid 6403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6403] close(3) = 0 [pid 6403] mkdir("./bus", 0777) = 0 [pid 6403] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6403] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6403] chdir("./bus") = 0 [pid 6403] ioctl(4, LOOP_CLR_FD) = 0 [pid 6403] close(4) = 0 [pid 6403] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] creat("./bus", 000) = 4 [pid 6403] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6403] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] ftruncate(4, 2048) = 0 [pid 6403] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [pid 6403] lseek(4, 0, SEEK_END) = 2048 [pid 6403] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 1 [ 223.171737][ T6403] loop0: detected capacity change from 0 to 4096 [ 223.181476][ T6403] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6403] open("./bus", O_RDONLY) = 5 [pid 6403] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6403] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 0 [ 223.224447][ T27] audit: type=1804 audit(1671454803.969:440): pid=6403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/438/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6403] sendfile(4, 5, NULL, 145139829833722 [pid 6402] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6402] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6402] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6402] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6404], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6404 [pid 6402] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6404 attached [pid 6404] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6404] sendfile(4, 5, NULL, 145139829833722 [pid 6402] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6402] exit_group(0) = ? [pid 6403] <... sendfile resumed>) = ? [pid 6403] +++ exited with 0 +++ [pid 6404] <... sendfile resumed>) = ? [pid 6404] +++ exited with 0 +++ [pid 6402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6402, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./438/binderfs") = 0 umount2("./438/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./438/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./438/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./438/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6406 ./strace-static-x86_64: Process 6406 attached [pid 6406] set_robust_list(0x5555556365e0, 24) = 0 [pid 6406] chdir("./439") = 0 [pid 6406] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6406] setpgid(0, 0) = 0 [pid 6406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6406] write(3, "1000", 4) = 4 [pid 6406] close(3) = 0 [pid 6406] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6406] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6407], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6407 [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6407 attached [pid 6407] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6407] memfd_create("syzkaller", 0) = 3 [pid 6407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6407] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6407] munmap(0x7f5499e77000, 2097152) = 0 [pid 6407] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6407] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6407] close(3) = 0 [pid 6407] mkdir("./bus", 0777) = 0 [pid 6407] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6407] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6407] chdir("./bus") = 0 [pid 6407] ioctl(4, LOOP_CLR_FD) = 0 [pid 6407] close(4) = 0 [pid 6407] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] creat("./bus", 000) = 4 [pid 6407] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6407] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... fcntl resumed>) = 0 [ 223.578842][ T6407] loop0: detected capacity change from 0 to 4096 [ 223.588264][ T6407] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6407] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] <... futex resumed>) = 0 [pid 6407] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] ftruncate(4, 2048) = 0 [pid 6407] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... futex resumed>) = 1 [pid 6407] lseek(4, 0, SEEK_END) = 2048 [pid 6407] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... futex resumed>) = 1 [pid 6407] open("./bus", O_RDONLY) = 5 [pid 6407] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6407] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6406] <... futex resumed>) = 0 [pid 6406] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6406] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] <... futex resumed>) = 0 [pid 6407] sendfile(4, 5, NULL, 145139829833722 [pid 6406] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6406] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6406] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6406] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6409 attached , parent_tid=[6409], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6409 [pid 6409] set_robust_list(0x7f549a0769e0, 24 [pid 6406] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... set_robust_list resumed>) = 0 [pid 6406] <... futex resumed>) = 0 [pid 6409] sendfile(4, 5, NULL, 145139829833722 [ 223.648743][ T27] audit: type=1804 audit(1671454804.389:441): pid=6407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/439/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6406] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6406] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6406] exit_group(0) = ? [pid 6409] <... sendfile resumed>) = ? [pid 6409] +++ exited with 0 +++ [pid 6407] <... sendfile resumed>) = ? [pid 6407] +++ exited with 0 +++ [pid 6406] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6406, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./439/binderfs") = 0 umount2("./439/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./439/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./439/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./439/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6410 ./strace-static-x86_64: Process 6410 attached [pid 6410] set_robust_list(0x5555556365e0, 24) = 0 [pid 6410] chdir("./440") = 0 [pid 6410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6410] setpgid(0, 0) = 0 [pid 6410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6410] write(3, "1000", 4) = 4 [pid 6410] close(3) = 0 [pid 6410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6410] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6410] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6411], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6411 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6411 attached [pid 6411] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6411] memfd_create("syzkaller", 0) = 3 [pid 6411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6411] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6411] munmap(0x7f5499e77000, 2097152) = 0 [pid 6411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6411] close(3) = 0 [pid 6411] mkdir("./bus", 0777) = 0 [pid 6411] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6411] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6411] chdir("./bus") = 0 [pid 6411] ioctl(4, LOOP_CLR_FD) = 0 [pid 6411] close(4) = 0 [pid 6411] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6411] <... futex resumed>) = 1 [pid 6411] creat("./bus", 000) = 4 [pid 6411] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6411] <... futex resumed>) = 1 [pid 6411] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6411] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6411] <... futex resumed>) = 1 [pid 6411] ftruncate(4, 2048) = 0 [pid 6411] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6411] <... futex resumed>) = 1 [pid 6411] lseek(4, 0, SEEK_END) = 2048 [pid 6411] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6411] <... futex resumed>) = 1 [pid 6411] open("./bus", O_RDONLY) = 5 [ 223.973498][ T6411] loop0: detected capacity change from 0 to 4096 [ 223.983440][ T6411] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6411] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... futex resumed>) = 0 [pid 6410] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6411] <... futex resumed>) = 1 [pid 6411] sendfile(4, 5, NULL, 145139829833722 [pid 6410] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6410] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6410] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6410] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6410] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6412 attached , parent_tid=[6412], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6412 [pid 6412] set_robust_list(0x7f549a0769e0, 24 [pid 6410] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6410] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... set_robust_list resumed>) = 0 [ 224.030640][ T27] audit: type=1804 audit(1671454804.769:442): pid=6411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/440/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6412] sendfile(4, 5, NULL, 145139829833722 [pid 6410] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6410] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6410] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6410] exit_group(0) = ? [pid 6411] <... sendfile resumed>) = ? [pid 6411] +++ exited with 0 +++ [pid 6412] <... sendfile resumed>) = ? [pid 6412] +++ exited with 0 +++ [pid 6410] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6410, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./440/binderfs") = 0 umount2("./440/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./440/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./440/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./440/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6413 ./strace-static-x86_64: Process 6413 attached [pid 6413] set_robust_list(0x5555556365e0, 24) = 0 [pid 6413] chdir("./441") = 0 [pid 6413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6413] setpgid(0, 0) = 0 [pid 6413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6413] write(3, "1000", 4) = 4 [pid 6413] close(3) = 0 [pid 6413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6413] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6413] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6414], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6414 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6414 attached [pid 6414] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6414] memfd_create("syzkaller", 0) = 3 [pid 6414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6414] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6414] munmap(0x7f5499e77000, 2097152) = 0 [pid 6414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6414] close(3) = 0 [pid 6414] mkdir("./bus", 0777) = 0 [pid 6414] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6414] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6414] chdir("./bus") = 0 [pid 6414] ioctl(4, LOOP_CLR_FD) = 0 [pid 6414] close(4) = 0 [pid 6414] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... futex resumed>) = 0 [pid 6414] creat("./bus", 000) = 4 [pid 6414] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... futex resumed>) = 1 [pid 6414] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6414] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... futex resumed>) = 1 [pid 6414] ftruncate(4, 2048) = 0 [pid 6414] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... futex resumed>) = 1 [pid 6414] lseek(4, 0, SEEK_END) = 2048 [pid 6414] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... futex resumed>) = 1 [ 224.351180][ T6414] loop0: detected capacity change from 0 to 4096 [ 224.360610][ T6414] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6414] open("./bus", O_RDONLY) = 5 [pid 6414] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6414] <... futex resumed>) = 0 [pid 6414] sendfile(4, 5, NULL, 145139829833722 [pid 6413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6413] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6413] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6413] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6413] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6415 attached , parent_tid=[6415], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6415 [pid 6415] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6415] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6413] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 224.408539][ T27] audit: type=1804 audit(1671454805.149:443): pid=6414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/441/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6415] sendfile(4, 5, NULL, 145139829833722 [pid 6413] <... futex resumed>) = 0 [pid 6413] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6413] exit_group(0) = ? [pid 6414] <... sendfile resumed>) = ? [pid 6414] +++ exited with 0 +++ [pid 6415] <... sendfile resumed>) = ? [pid 6415] +++ exited with 0 +++ [pid 6413] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6413, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./441/binderfs") = 0 umount2("./441/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./441/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./441/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./441/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6416 ./strace-static-x86_64: Process 6416 attached [pid 6416] set_robust_list(0x5555556365e0, 24) = 0 [pid 6416] chdir("./442") = 0 [pid 6416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6416] setpgid(0, 0) = 0 [pid 6416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6416] write(3, "1000", 4) = 4 [pid 6416] close(3) = 0 [pid 6416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6416] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6416] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6417 attached , parent_tid=[6417], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6417 [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6417] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6417] memfd_create("syzkaller", 0) = 3 [pid 6417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6417] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6417] munmap(0x7f5499e77000, 2097152) = 0 [pid 6417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6417] close(3) = 0 [pid 6417] mkdir("./bus", 0777) = 0 [pid 6417] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6417] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6417] chdir("./bus") = 0 [pid 6417] ioctl(4, LOOP_CLR_FD) = 0 [pid 6417] close(4) = 0 [pid 6417] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] creat("./bus", 000) = 4 [pid 6417] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6417] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] <... futex resumed>) = 0 [ 224.734621][ T6417] loop0: detected capacity change from 0 to 4096 [ 224.743932][ T6417] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6417] ftruncate(4, 2048) = 0 [pid 6417] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] lseek(4, 0, SEEK_END) = 2048 [pid 6417] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] open("./bus", O_RDONLY) = 5 [pid 6417] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] <... futex resumed>) = 0 [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] sendfile(4, 5, NULL, 145139829833722 [pid 6416] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6416] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6416] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6416] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6416] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6418 attached , parent_tid=[6418], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6418 [pid 6416] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] set_robust_list(0x7f549a0769e0, 24) = 0 [ 224.803925][ T27] audit: type=1804 audit(1671454805.549:444): pid=6417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/442/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6418] sendfile(4, 5, NULL, 145139829833722 [pid 6416] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6416] exit_group(0) = ? [pid 6417] <... sendfile resumed>) = ? [pid 6417] +++ exited with 0 +++ [pid 6418] <... sendfile resumed>) = ? [pid 6418] +++ exited with 0 +++ [pid 6416] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6416, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./442/binderfs") = 0 umount2("./442/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./442/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./442/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./442/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6419 ./strace-static-x86_64: Process 6419 attached [pid 6419] set_robust_list(0x5555556365e0, 24) = 0 [pid 6419] chdir("./443") = 0 [pid 6419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6419] setpgid(0, 0) = 0 [pid 6419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6419] write(3, "1000", 4) = 4 [pid 6419] close(3) = 0 [pid 6419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6419] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6419] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6420 attached , parent_tid=[6420], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6420 [pid 6420] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6420] memfd_create("syzkaller", 0) = 3 [pid 6420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6420] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6420] munmap(0x7f5499e77000, 2097152) = 0 [pid 6420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6420] close(3) = 0 [pid 6420] mkdir("./bus", 0777) = 0 [pid 6420] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6420] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6420] chdir("./bus") = 0 [pid 6420] ioctl(4, LOOP_CLR_FD) = 0 [pid 6420] close(4) = 0 [pid 6420] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... futex resumed>) = 0 [pid 6420] creat("./bus", 000) = 4 [pid 6420] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] <... futex resumed>) = 0 [pid 6420] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6420] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6420] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] <... futex resumed>) = 0 [pid 6420] ftruncate(4, 2048 [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... ftruncate resumed>) = 0 [pid 6420] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... futex resumed>) = 1 [pid 6420] lseek(4, 0, SEEK_END) = 2048 [pid 6420] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] <... futex resumed>) = 0 [pid 6420] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6419] <... futex resumed>) = 0 [pid 6420] open("./bus", O_RDONLY [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... open resumed>) = 5 [ 225.140508][ T6420] loop0: detected capacity change from 0 to 4096 [ 225.150148][ T6420] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6420] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6419] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... futex resumed>) = 0 [pid 6420] sendfile(4, 5, NULL, 145139829833722 [pid 6419] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6419] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6419] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6419] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6421 attached [pid 6421] set_robust_list(0x7f549a0769e0, 24 [pid 6419] <... clone resumed>, parent_tid=[6421], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6421 [pid 6421] <... set_robust_list resumed>) = 0 [pid 6421] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6419] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] <... futex resumed>) = 0 [pid 6419] <... futex resumed>) = 1 [pid 6421] sendfile(4, 5, NULL, 145139829833722 [ 225.198239][ T27] audit: type=1804 audit(1671454805.939:445): pid=6420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/443/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6419] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6419] exit_group(0) = ? [pid 6421] <... sendfile resumed>) = ? [pid 6421] +++ exited with 0 +++ [pid 6420] <... sendfile resumed>) = ? [pid 6420] +++ exited with 0 +++ [pid 6419] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6419, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./443/binderfs") = 0 umount2("./443/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./443/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./443/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./443/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6422 ./strace-static-x86_64: Process 6422 attached [pid 6422] set_robust_list(0x5555556365e0, 24) = 0 [pid 6422] chdir("./444") = 0 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6422] setpgid(0, 0) = 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6422] write(3, "1000", 4) = 4 [pid 6422] close(3) = 0 [pid 6422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6422] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6423], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6423 [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6423 attached ) = 0 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6423] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6423] memfd_create("syzkaller", 0) = 3 [pid 6423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6423] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6423] munmap(0x7f5499e77000, 2097152) = 0 [pid 6423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6423] close(3) = 0 [pid 6423] mkdir("./bus", 0777) = 0 [pid 6423] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6423] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6423] chdir("./bus") = 0 [pid 6423] ioctl(4, LOOP_CLR_FD) = 0 [ 225.526138][ T6423] loop0: detected capacity change from 0 to 4096 [ 225.535608][ T6423] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6423] close(4) = 0 [pid 6423] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6423] creat("./bus", 000 [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... creat resumed>) = 4 [pid 6423] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 1 [pid 6423] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6423] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6423] ftruncate(4, 2048 [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... ftruncate resumed>) = 0 [pid 6423] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6423] lseek(4, 0, SEEK_END [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... lseek resumed>) = 2048 [pid 6422] <... futex resumed>) = 0 [pid 6423] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 0 [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] open("./bus", O_RDONLY [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] <... open resumed>) = 5 [pid 6422] <... futex resumed>) = 0 [pid 6423] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 0 [pid 6422] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6423] sendfile(4, 5, NULL, 145139829833722 [pid 6422] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6422] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6422] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6424], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6424 [pid 6422] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6424 attached [pid 6424] set_robust_list(0x7f549a0769e0, 24) = 0 [ 225.567460][ T27] audit: type=1804 audit(1671454806.309:446): pid=6423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/444/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6424] sendfile(4, 5, NULL, 145139829833722 [pid 6422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6422] exit_group(0) = ? [pid 6424] <... sendfile resumed>) = ? [pid 6424] +++ exited with 0 +++ [pid 6423] <... sendfile resumed>) = ? [pid 6423] +++ exited with 0 +++ [pid 6422] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6422, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./444/binderfs") = 0 umount2("./444/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./444/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./444/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./444/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6425 ./strace-static-x86_64: Process 6425 attached [pid 6425] set_robust_list(0x5555556365e0, 24) = 0 [pid 6425] chdir("./445") = 0 [pid 6425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6425] setpgid(0, 0) = 0 [pid 6425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6425] write(3, "1000", 4) = 4 [pid 6425] close(3) = 0 [pid 6425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6425] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6425] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6426], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6426 [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6426 attached [pid 6426] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6426] memfd_create("syzkaller", 0) = 3 [pid 6426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6426] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6426] munmap(0x7f5499e77000, 2097152) = 0 [pid 6426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6426] close(3) = 0 [pid 6426] mkdir("./bus", 0777) = 0 [pid 6426] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6426] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6426] chdir("./bus") = 0 [pid 6426] ioctl(4, LOOP_CLR_FD) = 0 [pid 6426] close(4) = 0 [pid 6426] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... futex resumed>) = 1 [pid 6426] creat("./bus", 000) = 4 [pid 6426] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6426] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] ftruncate(4, 2048 [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... ftruncate resumed>) = 0 [pid 6426] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6426] lseek(4, 0, SEEK_END [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... lseek resumed>) = 2048 [pid 6425] <... futex resumed>) = 0 [pid 6426] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... futex resumed>) = 0 [pid 6425] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6426] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6425] <... futex resumed>) = 0 [pid 6426] open("./bus", O_RDONLY [ 225.888632][ T6426] loop0: detected capacity change from 0 to 4096 [ 225.897692][ T6426] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... open resumed>) = 5 [pid 6426] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... futex resumed>) = 1 [pid 6426] sendfile(4, 5, NULL, 145139829833722 [pid 6425] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6425] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6425] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6425] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6425] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6427], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6427 [pid 6425] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6427 attached [pid 6427] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6427] sendfile(4, 5, NULL, 145139829833722 [pid 6425] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6425] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6425] exit_group(0) = ? [pid 6426] <... sendfile resumed>) = ? [pid 6427] <... sendfile resumed>) = ? [pid 6426] +++ exited with 0 +++ [pid 6427] +++ exited with 0 +++ [pid 6425] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6425, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./445/binderfs") = 0 umount2("./445/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./445/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./445/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./445/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6428 ./strace-static-x86_64: Process 6428 attached [pid 6428] set_robust_list(0x5555556365e0, 24) = 0 [pid 6428] chdir("./446") = 0 [pid 6428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6428] setpgid(0, 0) = 0 [pid 6428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6428] write(3, "1000", 4) = 4 [pid 6428] close(3) = 0 [pid 6428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6428] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6429], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6429 [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6429 attached [pid 6429] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6429] memfd_create("syzkaller", 0) = 3 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6429] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6429] munmap(0x7f5499e77000, 2097152) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6429] close(3) = 0 [pid 6429] mkdir("./bus", 0777) = 0 [pid 6429] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6429] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6429] chdir("./bus") = 0 [pid 6429] ioctl(4, LOOP_CLR_FD) = 0 [pid 6429] close(4) = 0 [pid 6429] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = 0 [pid 6429] creat("./bus", 000) = 4 [pid 6429] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = 1 [pid 6429] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6429] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6429] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = 0 [pid 6429] ftruncate(4, 2048) = 0 [pid 6429] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6429] lseek(4, 0, SEEK_END) = 2048 [pid 6429] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] open("./bus", O_RDONLY) = 5 [pid 6429] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] sendfile(4, 5, NULL, 145139829833722 [pid 6428] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 226.277946][ T6429] loop0: detected capacity change from 0 to 4096 [ 226.288417][ T6429] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6428] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6428] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6428] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6430], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6430 [pid 6428] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6430 attached [pid 6430] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6430] sendfile(4, 5, NULL, 145139829833722 [pid 6428] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6428] exit_group(0) = ? [pid 6429] <... sendfile resumed>) = ? [pid 6429] +++ exited with 0 +++ [pid 6430] <... sendfile resumed>) = ? [pid 6430] +++ exited with 0 +++ [pid 6428] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6428, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./446", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./446/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./446/binderfs") = 0 umount2("./446/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./446/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./446/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./446/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6431 attached , child_tidptr=0x5555556365d0) = 6431 [pid 6431] set_robust_list(0x5555556365e0, 24) = 0 [pid 6431] chdir("./447") = 0 [pid 6431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6431] setpgid(0, 0) = 0 [pid 6431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6431] write(3, "1000", 4) = 4 [pid 6431] close(3) = 0 [pid 6431] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6431] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6431] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6432], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6432 [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6432 attached [pid 6432] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6432] memfd_create("syzkaller", 0) = 3 [pid 6432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6432] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6432] munmap(0x7f5499e77000, 2097152) = 0 [pid 6432] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6432] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6432] close(3) = 0 [pid 6432] mkdir("./bus", 0777) = 0 [pid 6432] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6432] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6432] chdir("./bus") = 0 [pid 6432] ioctl(4, LOOP_CLR_FD) = 0 [pid 6432] close(4) = 0 [pid 6432] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6431] <... futex resumed>) = 0 [pid 6432] creat("./bus", 000 [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] <... creat resumed>) = 4 [pid 6432] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6431] <... futex resumed>) = 0 [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6432] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6431] <... futex resumed>) = 0 [pid 6432] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] ftruncate(4, 2048) = 0 [pid 6432] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6431] <... futex resumed>) = 0 [pid 6432] lseek(4, 0, SEEK_END [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6432] <... lseek resumed>) = 2048 [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6431] <... futex resumed>) = 0 [pid 6432] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6431] <... futex resumed>) = 0 [pid 6432] open("./bus", O_RDONLY [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] <... open resumed>) = 5 [pid 6432] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6431] <... futex resumed>) = 0 [pid 6432] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6432] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6431] <... futex resumed>) = 0 [ 226.652092][ T6432] loop0: detected capacity change from 0 to 4096 [ 226.661866][ T6432] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6432] sendfile(4, 5, NULL, 145139829833722 [pid 6431] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6431] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6431] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6431] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6433 attached , parent_tid=[6433], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6433 [pid 6433] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6433] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6433] <... futex resumed>) = 0 [pid 6431] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] sendfile(4, 5, NULL, 145139829833722 [pid 6431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6431] exit_group(0) = ? [pid 6432] <... sendfile resumed>) = ? [pid 6432] +++ exited with 0 +++ [pid 6433] <... sendfile resumed>) = ? [pid 6433] +++ exited with 0 +++ [pid 6431] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6431, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./447", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./447/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./447/binderfs") = 0 umount2("./447/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./447/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./447/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./447/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6434 ./strace-static-x86_64: Process 6434 attached [pid 6434] set_robust_list(0x5555556365e0, 24) = 0 [pid 6434] chdir("./448") = 0 [pid 6434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6434] setpgid(0, 0) = 0 [pid 6434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6434] write(3, "1000", 4) = 4 [pid 6434] close(3) = 0 [pid 6434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6434] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6434] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6435], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6435 [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6435 attached [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6435] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6435] memfd_create("syzkaller", 0) = 3 [pid 6435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6435] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6435] munmap(0x7f5499e77000, 2097152) = 0 [pid 6435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6435] close(3) = 0 [pid 6435] mkdir("./bus", 0777) = 0 [pid 6435] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6435] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6435] chdir("./bus") = 0 [pid 6435] ioctl(4, LOOP_CLR_FD) = 0 [pid 6435] close(4) = 0 [pid 6435] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6434] <... futex resumed>) = 0 [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] creat("./bus", 000 [pid 6434] <... futex resumed>) = 0 [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6435] <... creat resumed>) = 4 [pid 6435] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6434] <... futex resumed>) = 0 [pid 6435] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6434] <... futex resumed>) = 0 [pid 6435] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6435] <... fcntl resumed>) = 0 [pid 6435] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6434] <... futex resumed>) = 0 [pid 6435] ftruncate(4, 2048 [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6435] <... ftruncate resumed>) = 0 [pid 6435] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6434] <... futex resumed>) = 0 [pid 6435] lseek(4, 0, SEEK_END [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... lseek resumed>) = 2048 [pid 6434] <... futex resumed>) = 0 [pid 6435] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6435] <... futex resumed>) = 0 [pid 6434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6435] open("./bus", O_RDONLY [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] <... open resumed>) = 5 [pid 6434] <... futex resumed>) = 0 [pid 6435] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 227.023203][ T6435] loop0: detected capacity change from 0 to 4096 [ 227.032861][ T6435] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6435] <... futex resumed>) = 0 [pid 6434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6435] sendfile(4, 5, NULL, 145139829833722 [pid 6434] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6434] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6434] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6434] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6436 attached [pid 6436] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6436] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6434] <... clone resumed>, parent_tid=[6436], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6436 [pid 6434] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6434] <... futex resumed>) = 1 [pid 6436] sendfile(4, 5, NULL, 145139829833722 [ 227.076778][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 227.076792][ T27] audit: type=1804 audit(1671454807.819:450): pid=6435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/448/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6434] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6434] exit_group(0 [pid 6436] <... sendfile resumed>) = ? [pid 6434] <... exit_group resumed>) = ? [pid 6435] <... sendfile resumed>) = ? [pid 6435] +++ exited with 0 +++ [pid 6436] +++ exited with 0 +++ [pid 6434] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6434, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./448", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./448/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./448/binderfs") = 0 umount2("./448/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./448/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./448/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./448/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6437 ./strace-static-x86_64: Process 6437 attached [pid 6437] set_robust_list(0x5555556365e0, 24) = 0 [pid 6437] chdir("./449") = 0 [pid 6437] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6437] setpgid(0, 0) = 0 [pid 6437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6437] write(3, "1000", 4) = 4 [pid 6437] close(3) = 0 [pid 6437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6437] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6437] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6438], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6438 ./strace-static-x86_64: Process 6438 attached [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6438] set_robust_list(0x7f54a22979e0, 24 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6438] <... set_robust_list resumed>) = 0 [pid 6438] memfd_create("syzkaller", 0) = 3 [pid 6438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6438] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6438] munmap(0x7f5499e77000, 2097152) = 0 [pid 6438] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6438] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6438] close(3) = 0 [pid 6438] mkdir("./bus", 0777) = 0 [pid 6438] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6438] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6438] chdir("./bus") = 0 [pid 6438] ioctl(4, LOOP_CLR_FD) = 0 [pid 6438] close(4) = 0 [pid 6438] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] creat("./bus", 000) = 4 [pid 6438] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = 1 [pid 6438] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6438] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = 1 [ 227.406748][ T6438] loop0: detected capacity change from 0 to 4096 [ 227.415760][ T6438] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6438] ftruncate(4, 2048) = 0 [pid 6438] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = 1 [pid 6438] lseek(4, 0, SEEK_END) = 2048 [pid 6438] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = 1 [pid 6438] open("./bus", O_RDONLY) = 5 [pid 6438] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... futex resumed>) = 0 [pid 6437] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] <... futex resumed>) = 1 [pid 6438] sendfile(4, 5, NULL, 145139829833722 [pid 6437] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6437] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6437] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6437] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6439 attached [pid 6439] set_robust_list(0x7f549a0769e0, 24 [pid 6437] <... clone resumed>, parent_tid=[6439], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6439 [pid 6439] <... set_robust_list resumed>) = 0 [pid 6437] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] sendfile(4, 5, NULL, 145139829833722 [pid 6437] <... futex resumed>) = 0 [ 227.472771][ T27] audit: type=1804 audit(1671454808.219:451): pid=6438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/449/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6437] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6437] exit_group(0 [pid 6438] <... sendfile resumed>) = ? [pid 6437] <... exit_group resumed>) = ? [pid 6438] +++ exited with 0 +++ [pid 6439] <... sendfile resumed>) = ? [pid 6439] +++ exited with 0 +++ [pid 6437] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6437, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./449", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./449/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./449/binderfs") = 0 umount2("./449/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./449/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./449/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./449/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6440 ./strace-static-x86_64: Process 6440 attached [pid 6440] set_robust_list(0x5555556365e0, 24) = 0 [pid 6440] chdir("./450") = 0 [pid 6440] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6440] setpgid(0, 0) = 0 [pid 6440] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6440] write(3, "1000", 4) = 4 [pid 6440] close(3) = 0 [pid 6440] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6440] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6440] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6441], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6441 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6441 attached [pid 6441] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6441] memfd_create("syzkaller", 0) = 3 [pid 6441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6441] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6441] munmap(0x7f5499e77000, 2097152) = 0 [pid 6441] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6441] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6441] close(3) = 0 [pid 6441] mkdir("./bus", 0777) = 0 [pid 6441] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6441] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6441] chdir("./bus") = 0 [pid 6441] ioctl(4, LOOP_CLR_FD) = 0 [pid 6441] close(4) = 0 [pid 6441] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... futex resumed>) = 1 [pid 6441] creat("./bus", 000) = 4 [pid 6441] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... futex resumed>) = 1 [pid 6441] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6441] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... futex resumed>) = 1 [pid 6441] ftruncate(4, 2048) = 0 [pid 6441] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... futex resumed>) = 1 [pid 6441] lseek(4, 0, SEEK_END) = 2048 [pid 6441] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 227.802469][ T6441] loop0: detected capacity change from 0 to 4096 [ 227.811804][ T6441] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6441] open("./bus", O_RDONLY) = 5 [pid 6441] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] <... futex resumed>) = 1 [pid 6441] sendfile(4, 5, NULL, 145139829833722 [pid 6440] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6440] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6440] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6440] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6442], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6442 [pid 6440] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6440] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6442 attached [pid 6442] set_robust_list(0x7f549a0769e0, 24) = 0 [ 227.856488][ T27] audit: type=1804 audit(1671454808.599:452): pid=6441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/450/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6442] sendfile(4, 5, NULL, 145139829833722 [pid 6440] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6440] exit_group(0) = ? [pid 6441] <... sendfile resumed>) = ? [pid 6441] +++ exited with 0 +++ [pid 6442] <... sendfile resumed>) = ? [pid 6442] +++ exited with 0 +++ [pid 6440] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6440, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./450", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./450/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./450/binderfs") = 0 umount2("./450/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./450/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./450/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./450/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6443 ./strace-static-x86_64: Process 6443 attached [pid 6443] set_robust_list(0x5555556365e0, 24) = 0 [pid 6443] chdir("./451") = 0 [pid 6443] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6443] setpgid(0, 0) = 0 [pid 6443] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6443] write(3, "1000", 4) = 4 [pid 6443] close(3) = 0 [pid 6443] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6443] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6443] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6444 attached , parent_tid=[6444], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6444 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6444] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6444] memfd_create("syzkaller", 0) = 3 [pid 6444] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6444] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6444] munmap(0x7f5499e77000, 2097152) = 0 [pid 6444] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6444] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6444] close(3) = 0 [pid 6444] mkdir("./bus", 0777) = 0 [pid 6444] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6444] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6444] chdir("./bus") = 0 [pid 6444] ioctl(4, LOOP_CLR_FD) = 0 [pid 6444] close(4) = 0 [pid 6444] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6444] <... futex resumed>) = 0 [pid 6444] creat("./bus", 000) = 4 [pid 6444] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6444] <... futex resumed>) = 1 [pid 6444] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6444] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6444] <... futex resumed>) = 1 [pid 6444] ftruncate(4, 2048) = 0 [pid 6444] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6444] <... futex resumed>) = 1 [pid 6444] lseek(4, 0, SEEK_END) = 2048 [pid 6444] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6444] <... futex resumed>) = 1 [pid 6444] open("./bus", O_RDONLY) = 5 [ 228.189871][ T6444] loop0: detected capacity change from 0 to 4096 [ 228.199584][ T6444] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6444] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6443] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6444] <... futex resumed>) = 1 [pid 6444] sendfile(4, 5, NULL, 145139829833722 [pid 6443] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6443] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6443] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6443] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6445], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6445 [pid 6443] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6443] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6445 attached [pid 6445] set_robust_list(0x7f549a0769e0, 24) = 0 [ 228.241236][ T27] audit: type=1804 audit(1671454808.989:453): pid=6444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/451/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6445] sendfile(4, 5, NULL, 145139829833722 [pid 6443] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6443] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6443] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6443] exit_group(0) = ? [pid 6444] <... sendfile resumed>) = ? [pid 6444] +++ exited with 0 +++ [pid 6445] <... sendfile resumed>) = ? [pid 6445] +++ exited with 0 +++ [pid 6443] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6443, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./451", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./451/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./451/binderfs") = 0 umount2("./451/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./451/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./451/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./451/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6446 ./strace-static-x86_64: Process 6446 attached [pid 6446] set_robust_list(0x5555556365e0, 24) = 0 [pid 6446] chdir("./452") = 0 [pid 6446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6446] setpgid(0, 0) = 0 [pid 6446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6446] write(3, "1000", 4) = 4 [pid 6446] close(3) = 0 [pid 6446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6446] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6447 attached , parent_tid=[6447], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6447 [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] set_robust_list(0x7f54a22979e0, 24 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6447] <... set_robust_list resumed>) = 0 [pid 6447] memfd_create("syzkaller", 0) = 3 [pid 6447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6447] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6447] munmap(0x7f5499e77000, 2097152) = 0 [pid 6447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6447] close(3) = 0 [pid 6447] mkdir("./bus", 0777) = 0 [pid 6447] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6447] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6447] chdir("./bus") = 0 [pid 6447] ioctl(4, LOOP_CLR_FD) = 0 [pid 6447] close(4) = 0 [pid 6447] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6447] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] <... futex resumed>) = 0 [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... futex resumed>) = 0 [pid 6447] creat("./bus", 000) = 4 [pid 6447] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... futex resumed>) = 1 [pid 6447] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6447] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... futex resumed>) = 1 [pid 6447] ftruncate(4, 2048) = 0 [pid 6447] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... futex resumed>) = 1 [pid 6447] lseek(4, 0, SEEK_END) = 2048 [pid 6447] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... futex resumed>) = 0 [ 228.568924][ T6447] loop0: detected capacity change from 0 to 4096 [ 228.577839][ T6447] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6447] open("./bus", O_RDONLY [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6447] <... open resumed>) = 5 [pid 6447] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6446] <... futex resumed>) = 0 [pid 6447] sendfile(4, 5, NULL, 145139829833722 [pid 6446] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6446] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6446] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6446] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6448 attached , parent_tid=[6448], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6448 [pid 6448] set_robust_list(0x7f549a0769e0, 24 [pid 6446] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... set_robust_list resumed>) = 0 [pid 6446] <... futex resumed>) = 0 [pid 6448] sendfile(4, 5, NULL, 145139829833722 [ 228.632633][ T27] audit: type=1804 audit(1671454809.379:454): pid=6447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/452/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6446] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6446] exit_group(0) = ? [pid 6448] <... sendfile resumed>) = ? [pid 6448] +++ exited with 0 +++ [pid 6447] <... sendfile resumed>) = ? [pid 6447] +++ exited with 0 +++ [pid 6446] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6446, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./452", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./452/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./452/binderfs") = 0 umount2("./452/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./452/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./452/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./452/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6449 ./strace-static-x86_64: Process 6449 attached [pid 6449] set_robust_list(0x5555556365e0, 24) = 0 [pid 6449] chdir("./453") = 0 [pid 6449] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6449] setpgid(0, 0) = 0 [pid 6449] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6449] write(3, "1000", 4) = 4 [pid 6449] close(3) = 0 [pid 6449] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6449] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6449] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6450], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6450 [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6450 attached [pid 6450] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6450] memfd_create("syzkaller", 0) = 3 [pid 6450] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6450] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6450] munmap(0x7f5499e77000, 2097152) = 0 [pid 6450] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6450] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6450] close(3) = 0 [pid 6450] mkdir("./bus", 0777) = 0 [pid 6450] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6450] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6450] chdir("./bus") = 0 [pid 6450] ioctl(4, LOOP_CLR_FD) = 0 [pid 6450] close(4) = 0 [pid 6450] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... futex resumed>) = 0 [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] creat("./bus", 000) = 4 [pid 6450] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] <... futex resumed>) = 0 [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6450] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6450] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] <... futex resumed>) = 0 [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] ftruncate(4, 2048 [pid 6449] <... futex resumed>) = 0 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] <... ftruncate resumed>) = 0 [pid 6450] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] <... futex resumed>) = 0 [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] lseek(4, 0, SEEK_END) = 2048 [pid 6450] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] <... futex resumed>) = 0 [pid 6450] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6449] <... futex resumed>) = 0 [pid 6450] open("./bus", O_RDONLY [ 228.959616][ T6450] loop0: detected capacity change from 0 to 4096 [ 228.969441][ T6450] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] <... open resumed>) = 5 [pid 6450] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6449] <... futex resumed>) = 0 [pid 6449] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6450] <... futex resumed>) = 0 [pid 6450] sendfile(4, 5, NULL, 145139829833722 [pid 6449] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6449] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6449] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6449] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6451], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6451 [pid 6449] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6449] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6451 attached [pid 6451] set_robust_list(0x7f549a0769e0, 24) = 0 [ 229.019982][ T27] audit: type=1804 audit(1671454809.759:455): pid=6450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/453/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6451] sendfile(4, 5, NULL, 145139829833722 [pid 6449] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6449] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6449] exit_group(0) = ? [pid 6450] <... sendfile resumed>) = ? [pid 6450] +++ exited with 0 +++ [pid 6451] <... sendfile resumed>) = ? [pid 6451] +++ exited with 0 +++ [pid 6449] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6449, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./453", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./453/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./453/binderfs") = 0 umount2("./453/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./453/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./453/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./453/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6452 ./strace-static-x86_64: Process 6452 attached [pid 6452] set_robust_list(0x5555556365e0, 24) = 0 [pid 6452] chdir("./454") = 0 [pid 6452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6452] setpgid(0, 0) = 0 [pid 6452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6452] write(3, "1000", 4) = 4 [pid 6452] close(3) = 0 [pid 6452] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6452] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6452] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6453], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6453 [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6453 attached [pid 6453] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6453] memfd_create("syzkaller", 0) = 3 [pid 6453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6453] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6453] munmap(0x7f5499e77000, 2097152) = 0 [pid 6453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6453] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6453] close(3) = 0 [pid 6453] mkdir("./bus", 0777) = 0 [pid 6453] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6453] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6453] chdir("./bus") = 0 [pid 6453] ioctl(4, LOOP_CLR_FD) = 0 [pid 6453] close(4) = 0 [pid 6453] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6453] creat("./bus", 000) = 4 [pid 6453] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6453] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6453] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6453] ftruncate(4, 2048) = 0 [pid 6453] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6453] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6453] lseek(4, 0, SEEK_END) = 2048 [pid 6453] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6452] <... futex resumed>) = 0 [pid 6453] open("./bus", O_RDONLY [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... open resumed>) = 5 [pid 6452] <... futex resumed>) = 0 [pid 6453] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 229.339666][ T6453] loop0: detected capacity change from 0 to 4096 [ 229.349480][ T6453] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6453] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6452] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6452] <... futex resumed>) = 1 [pid 6453] sendfile(4, 5, NULL, 145139829833722 [pid 6452] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6452] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6452] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6452] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6454 attached [pid 6454] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6454] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6452] <... clone resumed>, parent_tid=[6454], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6454 [pid 6452] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6454] <... futex resumed>) = 0 [pid 6454] sendfile(4, 5, NULL, 145139829833722 [ 229.399326][ T27] audit: type=1804 audit(1671454810.139:456): pid=6453 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/454/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6452] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6452] exit_group(0) = ? [pid 6454] <... sendfile resumed>) = ? [pid 6454] +++ exited with 0 +++ [pid 6453] <... sendfile resumed>) = ? [pid 6453] +++ exited with 0 +++ [pid 6452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6452, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./454", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./454/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./454/binderfs") = 0 umount2("./454/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./454/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./454/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./454/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6455 ./strace-static-x86_64: Process 6455 attached [pid 6455] set_robust_list(0x5555556365e0, 24) = 0 [pid 6455] chdir("./455") = 0 [pid 6455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6455] setpgid(0, 0) = 0 [pid 6455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6455] write(3, "1000", 4) = 4 [pid 6455] close(3) = 0 [pid 6455] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6455] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6455] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6456 attached , parent_tid=[6456], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6456 [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6456] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6456] memfd_create("syzkaller", 0) = 3 [pid 6456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6456] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6456] munmap(0x7f5499e77000, 2097152) = 0 [pid 6456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6456] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6456] close(3) = 0 [pid 6456] mkdir("./bus", 0777) = 0 [pid 6456] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6456] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6456] chdir("./bus") = 0 [pid 6456] ioctl(4, LOOP_CLR_FD) = 0 [pid 6456] close(4) = 0 [pid 6456] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6455] <... futex resumed>) = 0 [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] <... futex resumed>) = 0 [pid 6456] creat("./bus", 000) = 4 [pid 6456] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] <... futex resumed>) = 0 [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] <... futex resumed>) = 1 [pid 6456] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6456] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6455] <... futex resumed>) = 0 [pid 6456] ftruncate(4, 2048 [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] <... ftruncate resumed>) = 0 [pid 6456] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6455] <... futex resumed>) = 0 [pid 6456] lseek(4, 0, SEEK_END [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... lseek resumed>) = 2048 [pid 6455] <... futex resumed>) = 0 [pid 6456] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] <... futex resumed>) = 0 [pid 6455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 229.728405][ T6456] loop0: detected capacity change from 0 to 4096 [ 229.738386][ T6456] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6456] open("./bus", O_RDONLY [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... open resumed>) = 5 [pid 6455] <... futex resumed>) = 0 [pid 6456] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6456] <... futex resumed>) = 0 [pid 6455] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6456] sendfile(4, 5, NULL, 145139829833722 [pid 6455] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6455] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6455] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6455] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6457 attached [pid 6457] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6457] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6455] <... clone resumed>, parent_tid=[6457], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6457 [pid 6455] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6455] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 229.786443][ T27] audit: type=1804 audit(1671454810.529:457): pid=6456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/455/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6457] sendfile(4, 5, NULL, 145139829833722 [pid 6455] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6455] exit_group(0) = ? [pid 6456] <... sendfile resumed>) = ? [pid 6456] +++ exited with 0 +++ [pid 6457] <... sendfile resumed>) = ? [pid 6457] +++ exited with 0 +++ [pid 6455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6455, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./455", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./455/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./455/binderfs") = 0 umount2("./455/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./455/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./455/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./455/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6458 ./strace-static-x86_64: Process 6458 attached [pid 6458] set_robust_list(0x5555556365e0, 24) = 0 [pid 6458] chdir("./456") = 0 [pid 6458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6458] setpgid(0, 0) = 0 [pid 6458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6458] write(3, "1000", 4) = 4 [pid 6458] close(3) = 0 [pid 6458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6458] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6458] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6459], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6459 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6459 attached [pid 6459] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6459] memfd_create("syzkaller", 0) = 3 [pid 6459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6459] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6459] munmap(0x7f5499e77000, 2097152) = 0 [pid 6459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6459] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6459] close(3) = 0 [pid 6459] mkdir("./bus", 0777) = 0 [pid 6459] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6459] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6459] chdir("./bus") = 0 [pid 6459] ioctl(4, LOOP_CLR_FD) = 0 [pid 6459] close(4) = 0 [pid 6459] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] <... futex resumed>) = 1 [pid 6459] creat("./bus", 000) = 4 [pid 6459] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] <... futex resumed>) = 1 [pid 6459] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6459] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] <... futex resumed>) = 1 [pid 6459] ftruncate(4, 2048) = 0 [pid 6459] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] <... futex resumed>) = 1 [pid 6459] lseek(4, 0, SEEK_END) = 2048 [pid 6459] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... futex resumed>) = 1 [pid 6458] <... futex resumed>) = 0 [pid 6459] open("./bus", O_RDONLY [ 230.106877][ T6459] loop0: detected capacity change from 0 to 4096 [ 230.116398][ T6459] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6459] <... open resumed>) = 5 [pid 6459] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = 0 [pid 6459] <... futex resumed>) = 1 [pid 6458] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] sendfile(4, 5, NULL, 145139829833722 [pid 6458] <... futex resumed>) = 0 [pid 6458] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6458] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6458] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6458] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6460 attached , parent_tid=[6460], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6460 [pid 6458] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6458] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] set_robust_list(0x7f549a0769e0, 24) = 0 [ 230.164930][ T27] audit: type=1804 audit(1671454810.909:458): pid=6459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/456/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6460] sendfile(4, 5, NULL, 145139829833722 [pid 6458] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6458] exit_group(0) = ? [pid 6460] <... sendfile resumed>) = ? [pid 6460] +++ exited with 0 +++ [pid 6459] <... sendfile resumed>) = ? [pid 6459] +++ exited with 0 +++ [pid 6458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6458, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./456", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./456/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./456/binderfs") = 0 umount2("./456/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./456/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./456/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./456/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6461 attached , child_tidptr=0x5555556365d0) = 6461 [pid 6461] set_robust_list(0x5555556365e0, 24) = 0 [pid 6461] chdir("./457") = 0 [pid 6461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6461] setpgid(0, 0) = 0 [pid 6461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6461] write(3, "1000", 4) = 4 [pid 6461] close(3) = 0 [pid 6461] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6461] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6461] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6462], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6462 [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6462 attached [pid 6462] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6462] memfd_create("syzkaller", 0) = 3 [pid 6462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6462] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6462] munmap(0x7f5499e77000, 2097152) = 0 [pid 6462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6462] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6462] close(3) = 0 [pid 6462] mkdir("./bus", 0777) = 0 [pid 6462] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6462] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6462] chdir("./bus") = 0 [pid 6462] ioctl(4, LOOP_CLR_FD) = 0 [pid 6462] close(4) = 0 [pid 6462] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] <... futex resumed>) = 0 [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] creat("./bus", 000) = 4 [ 230.484004][ T6462] loop0: detected capacity change from 0 to 4096 [ 230.494379][ T6462] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6462] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] <... futex resumed>) = 0 [pid 6462] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] <... fcntl resumed>) = 0 [pid 6462] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6461] <... futex resumed>) = 0 [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] <... futex resumed>) = 1 [pid 6462] ftruncate(4, 2048) = 0 [pid 6462] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] <... futex resumed>) = 0 [pid 6462] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6461] <... futex resumed>) = 0 [pid 6462] lseek(4, 0, SEEK_END [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] <... lseek resumed>) = 2048 [pid 6462] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] <... futex resumed>) = 0 [pid 6462] open("./bus", O_RDONLY [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] <... open resumed>) = 5 [pid 6462] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6461] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6462] <... futex resumed>) = 0 [pid 6462] sendfile(4, 5, NULL, 145139829833722 [pid 6461] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6461] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6461] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6461] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6463 attached , parent_tid=[6463], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6463 [pid 6463] set_robust_list(0x7f549a0769e0, 24 [pid 6461] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... set_robust_list resumed>) = 0 [pid 6463] sendfile(4, 5, NULL, 145139829833722 [pid 6461] <... futex resumed>) = 0 [ 230.552645][ T27] audit: type=1804 audit(1671454811.299:459): pid=6462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/457/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6461] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6461] exit_group(0) = ? [pid 6462] <... sendfile resumed>) = ? [pid 6462] +++ exited with 0 +++ [pid 6463] <... sendfile resumed>) = ? [pid 6463] +++ exited with 0 +++ [pid 6461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6461, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./457/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./457/binderfs") = 0 umount2("./457/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./457/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./457/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./457/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6464 ./strace-static-x86_64: Process 6464 attached [pid 6464] set_robust_list(0x5555556365e0, 24) = 0 [pid 6464] chdir("./458") = 0 [pid 6464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6464] setpgid(0, 0) = 0 [pid 6464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6464] write(3, "1000", 4) = 4 [pid 6464] close(3) = 0 [pid 6464] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6464] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6464] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6465 attached , parent_tid=[6465], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6465 [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6465] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6465] memfd_create("syzkaller", 0) = 3 [pid 6465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6465] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6465] munmap(0x7f5499e77000, 2097152) = 0 [pid 6465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6465] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6465] close(3) = 0 [pid 6465] mkdir("./bus", 0777) = 0 [pid 6465] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6465] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6465] chdir("./bus") = 0 [pid 6465] ioctl(4, LOOP_CLR_FD) = 0 [pid 6465] close(4) = 0 [pid 6465] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6464] <... futex resumed>) = 0 [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] creat("./bus", 000 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6465] <... creat resumed>) = 4 [pid 6465] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6464] <... futex resumed>) = 0 [pid 6465] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... fcntl resumed>) = 0 [pid 6464] <... futex resumed>) = 0 [pid 6465] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6465] <... futex resumed>) = 1 [pid 6464] <... futex resumed>) = 0 [pid 6465] ftruncate(4, 2048 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6465] <... ftruncate resumed>) = 0 [pid 6465] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6464] <... futex resumed>) = 0 [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = 0 [pid 6464] <... futex resumed>) = 1 [pid 6465] lseek(4, 0, SEEK_END [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6465] <... lseek resumed>) = 2048 [pid 6465] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6464] <... futex resumed>) = 0 [pid 6465] open("./bus", O_RDONLY [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... open resumed>) = 5 [pid 6464] <... futex resumed>) = 0 [pid 6465] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6465] <... futex resumed>) = 0 [pid 6464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6465] sendfile(4, 5, NULL, 145139829833722 [pid 6464] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 230.882959][ T6465] loop0: detected capacity change from 0 to 4096 [ 230.892122][ T6465] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6464] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6464] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6464] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6464] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6466 attached [pid 6466] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6466] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6464] <... clone resumed>, parent_tid=[6466], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6466 [pid 6464] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = 0 [pid 6464] <... futex resumed>) = 1 [pid 6466] sendfile(4, 5, NULL, 145139829833722 [pid 6464] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6464] exit_group(0) = ? [pid 6466] <... sendfile resumed>) = ? [pid 6466] +++ exited with 0 +++ [pid 6465] <... sendfile resumed>) = ? [pid 6465] +++ exited with 0 +++ [pid 6464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6464, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./458", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./458/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./458/binderfs") = 0 umount2("./458/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./458/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./458/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./458/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6467 ./strace-static-x86_64: Process 6467 attached [pid 6467] set_robust_list(0x5555556365e0, 24) = 0 [pid 6467] chdir("./459") = 0 [pid 6467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6467] setpgid(0, 0) = 0 [pid 6467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6467] write(3, "1000", 4) = 4 [pid 6467] close(3) = 0 [pid 6467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6467] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6467] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6468 attached [pid 6468] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6468] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6467] <... clone resumed>, parent_tid=[6468], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6468 [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6468] <... futex resumed>) = 0 [pid 6467] <... futex resumed>) = 1 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6468] memfd_create("syzkaller", 0) = 3 [pid 6468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6468] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6468] munmap(0x7f5499e77000, 2097152) = 0 [pid 6468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6468] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6468] close(3) = 0 [pid 6468] mkdir("./bus", 0777) = 0 [pid 6468] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6468] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6468] chdir("./bus") = 0 [pid 6468] ioctl(4, LOOP_CLR_FD) = 0 [pid 6468] close(4) = 0 [pid 6468] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6467] <... futex resumed>) = 0 [pid 6468] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... futex resumed>) = 0 [pid 6468] creat("./bus", 000) = 4 [pid 6468] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6467] <... futex resumed>) = 0 [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6468] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6467] <... futex resumed>) = 0 [pid 6468] ftruncate(4, 2048 [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... ftruncate resumed>) = 0 [pid 6468] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = 0 [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... futex resumed>) = 1 [pid 6468] lseek(4, 0, SEEK_END) = 2048 [pid 6468] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = 0 [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... futex resumed>) = 1 [pid 6468] open("./bus", O_RDONLY) = 5 [pid 6468] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... futex resumed>) = 0 [pid 6467] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6468] <... futex resumed>) = 1 [ 231.280352][ T6468] loop0: detected capacity change from 0 to 4096 [ 231.289808][ T6468] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6468] sendfile(4, 5, NULL, 145139829833722 [pid 6467] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6467] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6467] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6467] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6469 attached , parent_tid=[6469], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6469 [pid 6469] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6469] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6467] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6467] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... futex resumed>) = 0 [pid 6469] sendfile(4, 5, NULL, 145139829833722 [pid 6467] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6467] exit_group(0) = ? [pid 6468] <... sendfile resumed>) = ? [pid 6468] +++ exited with 0 +++ [pid 6469] <... sendfile resumed>) = ? [pid 6469] +++ exited with 0 +++ [pid 6467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6467, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./459", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./459/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./459/binderfs") = 0 umount2("./459/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./459/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./459/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./459/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6470 ./strace-static-x86_64: Process 6470 attached [pid 6470] set_robust_list(0x5555556365e0, 24) = 0 [pid 6470] chdir("./460") = 0 [pid 6470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6470] setpgid(0, 0) = 0 [pid 6470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6470] write(3, "1000", 4) = 4 [pid 6470] close(3) = 0 [pid 6470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6470] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6470] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6471], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6471 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6471 attached [pid 6471] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6471] memfd_create("syzkaller", 0) = 3 [pid 6471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6471] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6471] munmap(0x7f5499e77000, 2097152) = 0 [pid 6471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6471] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6471] close(3) = 0 [pid 6471] mkdir("./bus", 0777) = 0 [pid 6471] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6471] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6471] chdir("./bus") = 0 [pid 6471] ioctl(4, LOOP_CLR_FD) = 0 [pid 6471] close(4) = 0 [pid 6471] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6470] <... futex resumed>) = 0 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] <... futex resumed>) = 1 [pid 6471] creat("./bus", 000) = 4 [pid 6471] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6470] <... futex resumed>) = 0 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6470] <... futex resumed>) = 1 [pid 6471] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] <... fcntl resumed>) = 0 [pid 6471] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6470] <... futex resumed>) = 0 [pid 6471] ftruncate(4, 2048 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] <... ftruncate resumed>) = 0 [pid 6471] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6470] <... futex resumed>) = 0 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] lseek(4, 0, SEEK_END) = 2048 [pid 6471] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6470] <... futex resumed>) = 0 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] <... futex resumed>) = 0 [pid 6471] open("./bus", O_RDONLY) = 5 [pid 6471] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6470] <... futex resumed>) = 0 [pid 6470] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6471] <... futex resumed>) = 1 [ 231.653477][ T6471] loop0: detected capacity change from 0 to 4096 [ 231.663398][ T6471] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6471] sendfile(4, 5, NULL, 145139829833722 [pid 6470] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6470] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6470] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6470] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6470] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6472], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6472 [pid 6470] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6470] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6472 attached [pid 6472] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6472] sendfile(4, 5, NULL, 145139829833722 [pid 6470] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6470] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6470] exit_group(0) = ? [pid 6472] <... sendfile resumed>) = ? [pid 6471] <... sendfile resumed>) = ? [pid 6472] +++ exited with 0 +++ [pid 6471] +++ exited with 0 +++ [pid 6470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6470, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./460", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./460/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./460/binderfs") = 0 umount2("./460/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./460/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./460/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./460/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6473 ./strace-static-x86_64: Process 6473 attached [pid 6473] set_robust_list(0x5555556365e0, 24) = 0 [pid 6473] chdir("./461") = 0 [pid 6473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6473] setpgid(0, 0) = 0 [pid 6473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6473] write(3, "1000", 4) = 4 [pid 6473] close(3) = 0 [pid 6473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6473] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6473] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6474], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6474 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6474 attached [pid 6474] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6474] memfd_create("syzkaller", 0) = 3 [pid 6474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6474] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6474] munmap(0x7f5499e77000, 2097152) = 0 [pid 6474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6474] close(3) = 0 [pid 6474] mkdir("./bus", 0777) = 0 [pid 6474] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6474] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6474] chdir("./bus") = 0 [pid 6474] ioctl(4, LOOP_CLR_FD) = 0 [pid 6474] close(4) = 0 [pid 6474] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6474] <... futex resumed>) = 1 [pid 6474] creat("./bus", 000) = 4 [pid 6474] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6474] <... futex resumed>) = 1 [pid 6474] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6474] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6474] <... futex resumed>) = 1 [pid 6474] ftruncate(4, 2048) = 0 [pid 6474] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6474] <... futex resumed>) = 1 [pid 6474] lseek(4, 0, SEEK_END) = 2048 [pid 6474] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6474] <... futex resumed>) = 1 [pid 6474] open("./bus", O_RDONLY) = 5 [pid 6474] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... futex resumed>) = 0 [pid 6473] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6474] <... futex resumed>) = 1 [ 232.022303][ T6474] loop0: detected capacity change from 0 to 4096 [ 232.032686][ T6474] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6474] sendfile(4, 5, NULL, 145139829833722 [pid 6473] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6473] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6473] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6473] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6473] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6475], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6475 [pid 6473] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6473] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6475 attached [pid 6475] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6475] sendfile(4, 5, NULL, 145139829833722 [pid 6473] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6473] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6473] exit_group(0) = ? [pid 6474] <... sendfile resumed>) = ? [pid 6474] +++ exited with 0 +++ [pid 6475] <... sendfile resumed>) = ? [pid 6475] +++ exited with 0 +++ [pid 6473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6473, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./461", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./461/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./461/binderfs") = 0 umount2("./461/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./461/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./461/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./461/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6476 ./strace-static-x86_64: Process 6476 attached [pid 6476] set_robust_list(0x5555556365e0, 24) = 0 [pid 6476] chdir("./462") = 0 [pid 6476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6476] setpgid(0, 0) = 0 [pid 6476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6476] write(3, "1000", 4) = 4 [pid 6476] close(3) = 0 [pid 6476] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6476] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6476] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6477 attached , parent_tid=[6477], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6477 [pid 6477] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6477] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6477] memfd_create("syzkaller", 0) = 3 [pid 6477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6477] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6477] munmap(0x7f5499e77000, 2097152) = 0 [pid 6477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6477] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6477] close(3) = 0 [pid 6477] mkdir("./bus", 0777) = 0 [pid 6477] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6477] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6477] chdir("./bus") = 0 [pid 6477] ioctl(4, LOOP_CLR_FD) = 0 [pid 6477] close(4) = 0 [pid 6477] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6477] <... futex resumed>) = 1 [pid 6477] creat("./bus", 000) = 4 [pid 6477] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6477] <... futex resumed>) = 1 [pid 6477] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6477] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6477] <... futex resumed>) = 1 [pid 6477] ftruncate(4, 2048) = 0 [pid 6477] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6476] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6477] lseek(4, 0, SEEK_END) = 2048 [pid 6477] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6476] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] open("./bus", O_RDONLY [pid 6476] <... futex resumed>) = 0 [ 232.405401][ T6477] loop0: detected capacity change from 0 to 4096 [ 232.415279][ T6477] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6477] <... open resumed>) = 5 [pid 6477] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] <... futex resumed>) = 0 [pid 6476] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6477] <... futex resumed>) = 1 [pid 6477] sendfile(4, 5, NULL, 145139829833722 [pid 6476] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6476] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6476] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6476] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6476] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6478], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6478 [pid 6476] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6478 attached [pid 6478] set_robust_list(0x7f549a0769e0, 24) = 0 [ 232.462007][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 232.462021][ T27] audit: type=1804 audit(1671454813.209:464): pid=6477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/462/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6478] sendfile(4, 5, NULL, 145139829833722 [pid 6476] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6476] exit_group(0) = ? [pid 6477] <... sendfile resumed>) = ? [pid 6478] <... sendfile resumed>) = ? [pid 6478] +++ exited with 0 +++ [pid 6477] +++ exited with 0 +++ [pid 6476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6476, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./462", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./462/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./462/binderfs") = 0 umount2("./462/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./462/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./462/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./462/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6479 ./strace-static-x86_64: Process 6479 attached [pid 6479] set_robust_list(0x5555556365e0, 24) = 0 [pid 6479] chdir("./463") = 0 [pid 6479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6479] setpgid(0, 0) = 0 [pid 6479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6479] write(3, "1000", 4) = 4 [pid 6479] close(3) = 0 [pid 6479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6479] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6479] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6480], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6480 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6480 attached [pid 6480] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6480] memfd_create("syzkaller", 0) = 3 [pid 6480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6480] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6480] munmap(0x7f5499e77000, 2097152) = 0 [pid 6480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6480] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6480] close(3) = 0 [pid 6480] mkdir("./bus", 0777) = 0 [pid 6480] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6480] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6480] chdir("./bus") = 0 [pid 6480] ioctl(4, LOOP_CLR_FD) = 0 [pid 6480] close(4) = 0 [pid 6480] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 0 [pid 6480] creat("./bus", 000) = 4 [pid 6480] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [pid 6480] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6480] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [pid 6480] ftruncate(4, 2048) = 0 [pid 6480] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] lseek(4, 0, SEEK_END) = 2048 [pid 6480] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] open("./bus", O_RDONLY [pid 6479] <... futex resumed>) = 0 [ 232.794318][ T6480] loop0: detected capacity change from 0 to 4096 [ 232.803439][ T6480] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... open resumed>) = 5 [pid 6480] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 1 [pid 6480] sendfile(4, 5, NULL, 145139829833722 [pid 6479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6479] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6479] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6479] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6481 attached , parent_tid=[6481], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6481 [pid 6479] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] set_robust_list(0x7f549a0769e0, 24) = 0 [ 232.856554][ T27] audit: type=1804 audit(1671454813.599:465): pid=6480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/463/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6481] sendfile(4, 5, NULL, 145139829833722 [pid 6479] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6479] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6479] exit_group(0) = ? [pid 6481] <... sendfile resumed>) = ? [pid 6481] +++ exited with 0 +++ [pid 6480] <... sendfile resumed>) = ? [pid 6480] +++ exited with 0 +++ [pid 6479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6479, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./463", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./463/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./463/binderfs") = 0 umount2("./463/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./463/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./463/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./463/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6482 attached , child_tidptr=0x5555556365d0) = 6482 [pid 6482] set_robust_list(0x5555556365e0, 24) = 0 [pid 6482] chdir("./464") = 0 [pid 6482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6482] setpgid(0, 0) = 0 [pid 6482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6482] write(3, "1000", 4) = 4 [pid 6482] close(3) = 0 [pid 6482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6482] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6482] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6483], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6483 ./strace-static-x86_64: Process 6483 attached [pid 6483] set_robust_list(0x7f54a22979e0, 24 [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... set_robust_list resumed>) = 0 [pid 6482] <... futex resumed>) = 0 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6483] memfd_create("syzkaller", 0) = 3 [pid 6483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6483] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6483] munmap(0x7f5499e77000, 2097152) = 0 [pid 6483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6483] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6483] close(3) = 0 [pid 6483] mkdir("./bus", 0777) = 0 [pid 6483] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6483] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6483] chdir("./bus") = 0 [pid 6483] ioctl(4, LOOP_CLR_FD) = 0 [pid 6483] close(4) = 0 [pid 6483] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] <... futex resumed>) = 0 [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6483] <... futex resumed>) = 1 [pid 6483] creat("./bus", 000) = 4 [pid 6483] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] <... futex resumed>) = 0 [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6483] <... futex resumed>) = 1 [pid 6483] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6483] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6482] <... futex resumed>) = 0 [pid 6483] ftruncate(4, 2048 [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] <... ftruncate resumed>) = 0 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6483] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6482] <... futex resumed>) = 0 [pid 6483] lseek(4, 0, SEEK_END [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... lseek resumed>) = 2048 [pid 6482] <... futex resumed>) = 0 [pid 6483] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6483] <... futex resumed>) = 0 [pid 6482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 233.187123][ T6483] loop0: detected capacity change from 0 to 4096 [ 233.197435][ T6483] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6483] open("./bus", O_RDONLY [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... open resumed>) = 5 [pid 6482] <... futex resumed>) = 0 [pid 6483] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6482] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6482] <... futex resumed>) = 1 [pid 6483] sendfile(4, 5, NULL, 145139829833722 [ 233.248153][ T27] audit: type=1804 audit(1671454813.989:466): pid=6483 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/464/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6482] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6482] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6482] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6482] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6484 attached , parent_tid=[6484], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6484 [pid 6484] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6484] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6482] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6484] <... futex resumed>) = 0 [pid 6484] sendfile(4, 5, NULL, 145139829833722 [pid 6482] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6482] exit_group(0) = ? [pid 6483] <... sendfile resumed>) = ? [pid 6484] <... sendfile resumed>) = ? [pid 6484] +++ exited with 0 +++ [pid 6483] +++ exited with 0 +++ [pid 6482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6482, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./464/binderfs") = 0 umount2("./464/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./464/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./464/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6485 ./strace-static-x86_64: Process 6485 attached [pid 6485] set_robust_list(0x5555556365e0, 24) = 0 [pid 6485] chdir("./465") = 0 [pid 6485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6485] setpgid(0, 0) = 0 [pid 6485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6485] write(3, "1000", 4) = 4 [pid 6485] close(3) = 0 [pid 6485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6485] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6485] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6486 attached , parent_tid=[6486], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6486 [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6486] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6486] memfd_create("syzkaller", 0) = 3 [pid 6486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6486] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6486] munmap(0x7f5499e77000, 2097152) = 0 [pid 6486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6486] close(3) = 0 [pid 6486] mkdir("./bus", 0777) = 0 [pid 6486] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6486] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6486] chdir("./bus") = 0 [pid 6486] ioctl(4, LOOP_CLR_FD) = 0 [pid 6486] close(4) = 0 [pid 6486] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] creat("./bus", 000 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6486] <... creat resumed>) = 4 [pid 6486] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6486] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6486] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6486] ftruncate(4, 2048) = 0 [pid 6486] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] <... futex resumed>) = 0 [pid 6486] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6486] lseek(4, 0, SEEK_END) = 2048 [pid 6486] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6485] <... futex resumed>) = 0 [pid 6486] open("./bus", O_RDONLY [ 233.597699][ T6486] loop0: detected capacity change from 0 to 4096 [ 233.607919][ T6486] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] <... open resumed>) = 5 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6486] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6486] <... futex resumed>) = 1 [pid 6486] sendfile(4, 5, NULL, 145139829833722 [pid 6485] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6485] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6485] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6485] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6487], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6487 ./strace-static-x86_64: Process 6487 attached [pid 6487] set_robust_list(0x7f549a0769e0, 24 [pid 6485] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... set_robust_list resumed>) = 0 [ 233.658095][ T27] audit: type=1804 audit(1671454814.399:467): pid=6486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/465/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6487] sendfile(4, 5, NULL, 145139829833722 [pid 6485] <... futex resumed>) = 0 [pid 6485] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6485] exit_group(0) = ? [pid 6486] <... sendfile resumed>) = ? [pid 6487] <... sendfile resumed>) = ? [pid 6486] +++ exited with 0 +++ [pid 6487] +++ exited with 0 +++ [pid 6485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6485, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./465/binderfs") = 0 umount2("./465/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./465/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./465/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./465/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6488 ./strace-static-x86_64: Process 6488 attached [pid 6488] set_robust_list(0x5555556365e0, 24) = 0 [pid 6488] chdir("./466") = 0 [pid 6488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6488] setpgid(0, 0) = 0 [pid 6488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6488] write(3, "1000", 4) = 4 [pid 6488] close(3) = 0 [pid 6488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6488] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6488] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6489], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6489 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6489 attached [pid 6489] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6489] memfd_create("syzkaller", 0) = 3 [pid 6489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6489] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6489] munmap(0x7f5499e77000, 2097152) = 0 [pid 6489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6489] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6489] close(3) = 0 [pid 6489] mkdir("./bus", 0777) = 0 [pid 6489] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6489] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6489] chdir("./bus") = 0 [pid 6489] ioctl(4, LOOP_CLR_FD) = 0 [pid 6489] close(4) = 0 [pid 6489] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [pid 6489] creat("./bus", 000) = 4 [pid 6489] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [pid 6489] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6489] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [pid 6489] ftruncate(4, 2048) = 0 [pid 6489] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [pid 6489] lseek(4, 0, SEEK_END) = 2048 [pid 6489] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 233.997688][ T6489] loop0: detected capacity change from 0 to 4096 [ 234.007395][ T6489] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [pid 6489] open("./bus", O_RDONLY) = 5 [pid 6489] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6489] <... futex resumed>) = 1 [pid 6489] sendfile(4, 5, NULL, 145139829833722 [pid 6488] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6488] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6488] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6488] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6488] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6490 attached , parent_tid=[6490], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6490 [pid 6488] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] set_robust_list(0x7f549a0769e0, 24 [pid 6488] <... futex resumed>) = 0 [pid 6488] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] <... set_robust_list resumed>) = 0 [ 234.054011][ T27] audit: type=1804 audit(1671454814.799:468): pid=6489 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/466/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6490] sendfile(4, 5, NULL, 145139829833722 [pid 6488] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6488] exit_group(0) = ? [pid 6490] <... sendfile resumed>) = ? [pid 6489] <... sendfile resumed>) = ? [pid 6489] +++ exited with 0 +++ [pid 6490] +++ exited with 0 +++ [pid 6488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6488, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./466/binderfs") = 0 umount2("./466/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./466/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./466/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6491 ./strace-static-x86_64: Process 6491 attached [pid 6491] set_robust_list(0x5555556365e0, 24) = 0 [pid 6491] chdir("./467") = 0 [pid 6491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6491] setpgid(0, 0) = 0 [pid 6491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6491] write(3, "1000", 4) = 4 [pid 6491] close(3) = 0 [pid 6491] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6491] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6491] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6492 attached , parent_tid=[6492], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6492 [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6492] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6492] memfd_create("syzkaller", 0) = 3 [pid 6492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6492] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6492] munmap(0x7f5499e77000, 2097152) = 0 [pid 6492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6492] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6492] close(3) = 0 [pid 6492] mkdir("./bus", 0777) = 0 [pid 6492] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6492] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6492] chdir("./bus") = 0 [pid 6492] ioctl(4, LOOP_CLR_FD) = 0 [pid 6492] close(4) = 0 [pid 6492] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6492] creat("./bus", 000 [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] <... creat resumed>) = 4 [pid 6492] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6492] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... fcntl resumed>) = 0 [pid 6491] <... futex resumed>) = 0 [pid 6492] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] <... futex resumed>) = 0 [pid 6491] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6492] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6491] <... futex resumed>) = 0 [pid 6492] ftruncate(4, 2048 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] <... ftruncate resumed>) = 0 [pid 6492] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6492] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6491] <... futex resumed>) = 0 [pid 6492] lseek(4, 0, SEEK_END [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] <... lseek resumed>) = 2048 [pid 6492] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6491] <... futex resumed>) = 0 [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6492] <... futex resumed>) = 0 [ 234.387328][ T6492] loop0: detected capacity change from 0 to 4096 [ 234.397114][ T6492] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6492] open("./bus", O_RDONLY) = 5 [pid 6492] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 6492] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6491] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6491] <... futex resumed>) = 0 [pid 6492] sendfile(4, 5, NULL, 145139829833722 [ 234.442999][ T27] audit: type=1804 audit(1671454815.189:469): pid=6492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/467/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6491] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6491] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6491] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6491] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6493], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6493 ./strace-static-x86_64: Process 6493 attached [pid 6491] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6493] sendfile(4, 5, NULL, 145139829833722 [pid 6491] <... futex resumed>) = 0 [pid 6491] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6491] exit_group(0) = ? [pid 6492] <... sendfile resumed>) = ? [pid 6492] +++ exited with 0 +++ [pid 6493] <... sendfile resumed>) = ? [pid 6493] +++ exited with 0 +++ [pid 6491] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6491, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./467/binderfs") = 0 umount2("./467/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./467/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./467/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./467/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6494 ./strace-static-x86_64: Process 6494 attached [pid 6494] set_robust_list(0x5555556365e0, 24) = 0 [pid 6494] chdir("./468") = 0 [pid 6494] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6494] setpgid(0, 0) = 0 [pid 6494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6494] write(3, "1000", 4) = 4 [pid 6494] close(3) = 0 [pid 6494] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6494] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6495 attached , parent_tid=[6495], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6495 [pid 6495] set_robust_list(0x7f54a22979e0, 24 [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... set_robust_list resumed>) = 0 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6495] memfd_create("syzkaller", 0) = 3 [pid 6495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6495] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6495] munmap(0x7f5499e77000, 2097152) = 0 [pid 6495] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6495] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6495] close(3) = 0 [pid 6495] mkdir("./bus", 0777) = 0 [pid 6495] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6495] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6495] chdir("./bus") = 0 [pid 6495] ioctl(4, LOOP_CLR_FD) = 0 [pid 6495] close(4) = 0 [pid 6495] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] creat("./bus", 000 [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... creat resumed>) = 4 [pid 6495] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... fcntl resumed>) = 0 [pid 6494] <... futex resumed>) = 0 [pid 6495] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... futex resumed>) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] ftruncate(4, 2048 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... ftruncate resumed>) = 0 [pid 6495] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6495] lseek(4, 0, SEEK_END [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... lseek resumed>) = 2048 [pid 6494] <... futex resumed>) = 0 [pid 6495] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... futex resumed>) = 0 [pid 6494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] open("./bus", O_RDONLY [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6495] <... open resumed>) = 5 [pid 6495] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 234.789906][ T6495] loop0: detected capacity change from 0 to 4096 [ 234.800121][ T6495] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6495] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] <... futex resumed>) = 0 [pid 6494] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6494] <... futex resumed>) = 1 [pid 6495] sendfile(4, 5, NULL, 145139829833722 [ 234.845385][ T27] audit: type=1804 audit(1671454815.589:470): pid=6495 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/468/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6494] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6494] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6494] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6494] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6496 attached , parent_tid=[6496], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6496 [pid 6496] set_robust_list(0x7f549a0769e0, 24 [pid 6494] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6494] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... set_robust_list resumed>) = 0 [pid 6496] sendfile(4, 5, NULL, 145139829833722 [pid 6494] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6494] exit_group(0) = ? [pid 6496] <... sendfile resumed>) = ? [pid 6495] <... sendfile resumed>) = ? [pid 6495] +++ exited with 0 +++ [pid 6496] +++ exited with 0 +++ [pid 6494] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6494, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./468/binderfs") = 0 umount2("./468/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./468/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./468/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./468") = 0 mkdir("./469", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6497 ./strace-static-x86_64: Process 6497 attached [pid 6497] set_robust_list(0x5555556365e0, 24) = 0 [pid 6497] chdir("./469") = 0 [pid 6497] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6497] setpgid(0, 0) = 0 [pid 6497] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6497] write(3, "1000", 4) = 4 [pid 6497] close(3) = 0 [pid 6497] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6497] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6497] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6498 attached , parent_tid=[6498], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6498 [pid 6498] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6498] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6498] memfd_create("syzkaller", 0) = 3 [pid 6498] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6498] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6498] munmap(0x7f5499e77000, 2097152) = 0 [pid 6498] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6498] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6498] close(3) = 0 [pid 6498] mkdir("./bus", 0777) = 0 [pid 6498] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6498] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6498] chdir("./bus") = 0 [pid 6498] ioctl(4, LOOP_CLR_FD) = 0 [pid 6498] close(4) = 0 [pid 6498] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6498] <... futex resumed>) = 0 [pid 6497] <... futex resumed>) = 1 [pid 6498] creat("./bus", 000 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] <... creat resumed>) = 4 [pid 6498] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6498] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] ftruncate(4, 2048) = 0 [pid 6498] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] lseek(4, 0, SEEK_END) = 2048 [pid 6498] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] <... futex resumed>) = 1 [ 235.169113][ T6498] loop0: detected capacity change from 0 to 4096 [ 235.178431][ T6498] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6498] open("./bus", O_RDONLY) = 5 [pid 6498] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] <... futex resumed>) = 0 [pid 6497] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6498] <... futex resumed>) = 1 [pid 6498] sendfile(4, 5, NULL, 145139829833722 [pid 6497] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6497] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6497] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6497] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6497] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6499], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6499 ./strace-static-x86_64: Process 6499 attached [pid 6497] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6497] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] set_robust_list(0x7f549a0769e0, 24) = 0 [ 235.226450][ T27] audit: type=1804 audit(1671454815.969:471): pid=6498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/469/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6499] sendfile(4, 5, NULL, 145139829833722 [pid 6497] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6497] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6497] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6497] exit_group(0) = ? [pid 6499] <... sendfile resumed>) = ? [pid 6499] +++ exited with 0 +++ [pid 6498] <... sendfile resumed>) = ? [pid 6498] +++ exited with 0 +++ [pid 6497] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6497, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./469/binderfs") = 0 umount2("./469/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./469/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./469/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6500 ./strace-static-x86_64: Process 6500 attached [pid 6500] set_robust_list(0x5555556365e0, 24) = 0 [pid 6500] chdir("./470") = 0 [pid 6500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6500] setpgid(0, 0) = 0 [pid 6500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6500] write(3, "1000", 4) = 4 [pid 6500] close(3) = 0 [pid 6500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6500] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6500] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6501], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6501 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6501 attached [pid 6501] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6501] memfd_create("syzkaller", 0) = 3 [pid 6501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6501] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6501] munmap(0x7f5499e77000, 2097152) = 0 [pid 6501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6501] close(3) = 0 [pid 6501] mkdir("./bus", 0777) = 0 [pid 6501] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6501] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6501] chdir("./bus") = 0 [pid 6501] ioctl(4, LOOP_CLR_FD) = 0 [pid 6501] close(4) = 0 [pid 6501] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 1 [pid 6501] creat("./bus", 000) = 4 [pid 6501] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 1 [pid 6501] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6501] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 1 [pid 6501] ftruncate(4, 2048) = 0 [pid 6501] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] lseek(4, 0, SEEK_END) = 2048 [ 235.544087][ T6501] loop0: detected capacity change from 0 to 4096 [ 235.553576][ T6501] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6501] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 1 [pid 6501] open("./bus", O_RDONLY) = 5 [pid 6501] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 1 [pid 6501] sendfile(4, 5, NULL, 145139829833722 [pid 6500] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6500] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6500] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6500] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6500] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6502 attached , parent_tid=[6502], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6502 [pid 6500] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] set_robust_list(0x7f549a0769e0, 24) = 0 [ 235.607562][ T27] audit: type=1804 audit(1671454816.349:472): pid=6501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/470/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6502] sendfile(4, 5, NULL, 145139829833722 [pid 6500] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6500] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6500] exit_group(0) = ? [pid 6502] <... sendfile resumed>) = ? [pid 6502] +++ exited with 0 +++ [pid 6501] <... sendfile resumed>) = ? [pid 6501] +++ exited with 0 +++ [pid 6500] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6500, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./470/binderfs") = 0 umount2("./470/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./470/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./470/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6503 ./strace-static-x86_64: Process 6503 attached [pid 6503] set_robust_list(0x5555556365e0, 24) = 0 [pid 6503] chdir("./471") = 0 [pid 6503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6503] setpgid(0, 0) = 0 [pid 6503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6503] write(3, "1000", 4) = 4 [pid 6503] close(3) = 0 [pid 6503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6503] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6503] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6504 attached , parent_tid=[6504], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6504 [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6504] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6504] memfd_create("syzkaller", 0) = 3 [pid 6504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6504] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6504] munmap(0x7f5499e77000, 2097152) = 0 [pid 6504] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6504] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6504] close(3) = 0 [pid 6504] mkdir("./bus", 0777) = 0 [pid 6504] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6504] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6504] chdir("./bus") = 0 [pid 6504] ioctl(4, LOOP_CLR_FD) = 0 [pid 6504] close(4) = 0 [pid 6504] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6503] <... futex resumed>) = 0 [pid 6504] creat("./bus", 000 [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6504] <... creat resumed>) = 4 [pid 6504] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6503] <... futex resumed>) = 0 [pid 6504] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6504] <... fcntl resumed>) = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6504] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6504] <... futex resumed>) = 0 [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6504] ftruncate(4, 2048) = 0 [pid 6504] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6503] <... futex resumed>) = 0 [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6504] lseek(4, 0, SEEK_END) = 2048 [ 235.919798][ T6504] loop0: detected capacity change from 0 to 4096 [ 235.929473][ T6504] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6504] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6503] <... futex resumed>) = 0 [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6504] open("./bus", O_RDONLY) = 5 [pid 6504] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6503] <... futex resumed>) = 0 [pid 6504] sendfile(4, 5, NULL, 145139829833722 [pid 6503] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 235.980896][ T27] audit: type=1804 audit(1671454816.719:473): pid=6504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/471/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6503] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6503] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6503] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6503] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6505], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6505 [pid 6503] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6503] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6505 attached [pid 6505] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6505] sendfile(4, 5, NULL, 145139829833722 [pid 6503] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6503] exit_group(0) = ? [pid 6504] <... sendfile resumed>) = ? [pid 6505] <... sendfile resumed>) = ? [pid 6504] +++ exited with 0 +++ [pid 6505] +++ exited with 0 +++ [pid 6503] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6503, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./471/binderfs") = 0 umount2("./471/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./471/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./471/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6506 ./strace-static-x86_64: Process 6506 attached [pid 6506] set_robust_list(0x5555556365e0, 24) = 0 [pid 6506] chdir("./472") = 0 [pid 6506] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6506] setpgid(0, 0) = 0 [pid 6506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6506] write(3, "1000", 4) = 4 [pid 6506] close(3) = 0 [pid 6506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6506] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6506] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6507], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6507 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6507 attached [pid 6507] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6507] memfd_create("syzkaller", 0) = 3 [pid 6507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6507] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6507] munmap(0x7f5499e77000, 2097152) = 0 [pid 6507] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6507] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6507] close(3) = 0 [pid 6507] mkdir("./bus", 0777) = 0 [pid 6507] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6507] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6507] chdir("./bus") = 0 [pid 6507] ioctl(4, LOOP_CLR_FD) = 0 [pid 6507] close(4) = 0 [pid 6507] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... futex resumed>) = 1 [pid 6507] creat("./bus", 000) = 4 [pid 6507] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... futex resumed>) = 1 [pid 6507] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6507] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... futex resumed>) = 1 [pid 6507] ftruncate(4, 2048) = 0 [pid 6507] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... futex resumed>) = 1 [pid 6507] lseek(4, 0, SEEK_END) = 2048 [pid 6507] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... futex resumed>) = 1 [pid 6507] open("./bus", O_RDONLY) = 5 [pid 6507] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6506] <... futex resumed>) = 0 [pid 6506] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] <... futex resumed>) = 1 [ 236.324276][ T6507] loop0: detected capacity change from 0 to 4096 [ 236.333795][ T6507] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6507] sendfile(4, 5, NULL, 145139829833722 [pid 6506] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6506] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6506] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6506] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6508 attached , parent_tid=[6508], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6508 [pid 6506] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6506] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6508] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6508] sendfile(4, 5, NULL, 145139829833722 [pid 6506] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6506] exit_group(0) = ? [pid 6507] <... sendfile resumed>) = ? [pid 6507] +++ exited with 0 +++ [pid 6508] <... sendfile resumed>) = ? [pid 6508] +++ exited with 0 +++ [pid 6506] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6506, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./472/binderfs") = 0 umount2("./472/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./472/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./472/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6509 ./strace-static-x86_64: Process 6509 attached [pid 6509] set_robust_list(0x5555556365e0, 24) = 0 [pid 6509] chdir("./473") = 0 [pid 6509] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6509] setpgid(0, 0) = 0 [pid 6509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6509] write(3, "1000", 4) = 4 [pid 6509] close(3) = 0 [pid 6509] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6509] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6509] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6510], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6510 [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6510 attached [pid 6510] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6510] memfd_create("syzkaller", 0) = 3 [pid 6510] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6510] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6510] munmap(0x7f5499e77000, 2097152) = 0 [pid 6510] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6510] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6510] close(3) = 0 [pid 6510] mkdir("./bus", 0777) = 0 [pid 6510] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6510] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6510] chdir("./bus") = 0 [pid 6510] ioctl(4, LOOP_CLR_FD) = 0 [pid 6510] close(4) = 0 [pid 6510] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... futex resumed>) = 0 [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6510] <... futex resumed>) = 1 [pid 6510] creat("./bus", 000) = 4 [pid 6510] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... futex resumed>) = 0 [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6510] <... futex resumed>) = 1 [pid 6510] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6510] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] <... futex resumed>) = 0 [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6510] <... futex resumed>) = 1 [pid 6510] ftruncate(4, 2048) = 0 [ 236.690422][ T6510] loop0: detected capacity change from 0 to 4096 [ 236.700016][ T6510] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6510] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6509] <... futex resumed>) = 0 [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6510] lseek(4, 0, SEEK_END) = 2048 [pid 6510] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6509] <... futex resumed>) = 0 [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6510] open("./bus", O_RDONLY) = 5 [pid 6510] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6509] <... futex resumed>) = 0 [pid 6510] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6509] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6510] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6510] sendfile(4, 5, NULL, 145139829833722 [pid 6509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6509] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6509] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6509] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6511 attached , parent_tid=[6511], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6511 [pid 6509] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6509] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6511] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6511] sendfile(4, 5, NULL, 145139829833722 [pid 6509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6509] exit_group(0 [pid 6510] <... sendfile resumed>) = ? [pid 6509] <... exit_group resumed>) = ? [pid 6510] +++ exited with 0 +++ [pid 6511] <... sendfile resumed>) = ? [pid 6511] +++ exited with 0 +++ [pid 6509] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6509, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./473/binderfs") = 0 umount2("./473/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./473/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./473/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./473/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6512 ./strace-static-x86_64: Process 6512 attached [pid 6512] set_robust_list(0x5555556365e0, 24) = 0 [pid 6512] chdir("./474") = 0 [pid 6512] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6512] setpgid(0, 0) = 0 [pid 6512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6512] write(3, "1000", 4) = 4 [pid 6512] close(3) = 0 [pid 6512] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6512] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6512] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6513 attached [pid 6513] set_robust_list(0x7f54a22979e0, 24 [pid 6512] <... clone resumed>, parent_tid=[6513], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6513 [pid 6513] <... set_robust_list resumed>) = 0 [pid 6513] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6513] memfd_create("syzkaller", 0) = 3 [pid 6513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6513] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6513] munmap(0x7f5499e77000, 2097152) = 0 [pid 6513] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6513] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6513] close(3) = 0 [pid 6513] mkdir("./bus", 0777) = 0 [pid 6513] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6513] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6513] chdir("./bus") = 0 [pid 6513] ioctl(4, LOOP_CLR_FD) = 0 [pid 6513] close(4) = 0 [pid 6513] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6512] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] <... futex resumed>) = 0 [pid 6513] creat("./bus", 000) = 4 [pid 6513] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6512] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] <... futex resumed>) = 1 [pid 6513] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6513] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6513] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6512] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] <... futex resumed>) = 0 [pid 6513] ftruncate(4, 2048) = 0 [pid 6513] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6512] <... futex resumed>) = 0 [pid 6513] <... futex resumed>) = 1 [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] lseek(4, 0, SEEK_END) = 2048 [pid 6513] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6512] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] <... futex resumed>) = 1 [pid 6512] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 237.077431][ T6513] loop0: detected capacity change from 0 to 4096 [ 237.086534][ T6513] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6513] open("./bus", O_RDONLY) = 5 [pid 6513] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6512] <... futex resumed>) = 0 [pid 6512] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6513] <... futex resumed>) = 1 [pid 6513] sendfile(4, 5, NULL, 145139829833722 [pid 6512] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6512] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6512] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6512] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6514], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6514 [pid 6512] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6512] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6514 attached [pid 6514] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6514] sendfile(4, 5, NULL, 145139829833722 [pid 6512] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6512] exit_group(0) = ? [pid 6514] <... sendfile resumed>) = ? [pid 6513] <... sendfile resumed>) = ? [pid 6513] +++ exited with 0 +++ [pid 6514] +++ exited with 0 +++ [pid 6512] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6512, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./474/binderfs") = 0 umount2("./474/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./474/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./474/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6515 ./strace-static-x86_64: Process 6515 attached [pid 6515] set_robust_list(0x5555556365e0, 24) = 0 [pid 6515] chdir("./475") = 0 [pid 6515] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6515] setpgid(0, 0) = 0 [pid 6515] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6515] write(3, "1000", 4) = 4 [pid 6515] close(3) = 0 [pid 6515] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6515] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6515] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6516 attached [pid 6516] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6515] <... clone resumed>, parent_tid=[6516], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6516 [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6516] memfd_create("syzkaller", 0) = 3 [pid 6516] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6516] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6516] munmap(0x7f5499e77000, 2097152) = 0 [pid 6516] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6516] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6516] close(3) = 0 [pid 6516] mkdir("./bus", 0777) = 0 [pid 6516] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6516] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6516] chdir("./bus") = 0 [pid 6516] ioctl(4, LOOP_CLR_FD) = 0 [pid 6516] close(4) = 0 [pid 6516] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] creat("./bus", 000) = 4 [pid 6516] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6516] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... fcntl resumed>) = 0 [pid 6515] <... futex resumed>) = 0 [pid 6516] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] <... futex resumed>) = 0 [pid 6515] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] ftruncate(4, 2048) = 0 [pid 6516] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6516] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6515] <... futex resumed>) = 0 [pid 6516] lseek(4, 0, SEEK_END [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] <... lseek resumed>) = 2048 [pid 6516] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [ 237.463771][ T6516] loop0: detected capacity change from 0 to 4096 [ 237.473650][ T6516] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6516] open("./bus", O_RDONLY [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] <... open resumed>) = 5 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6516] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] <... futex resumed>) = 0 [pid 6516] sendfile(4, 5, NULL, 145139829833722 [pid 6515] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6515] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6515] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6515] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6515] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6517 attached [pid 6517] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6517] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6515] <... clone resumed>, parent_tid=[6517], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6517 [pid 6515] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6515] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] <... futex resumed>) = 0 [ 237.525894][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 237.525910][ T27] audit: type=1804 audit(1671454818.269:477): pid=6516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/475/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6517] sendfile(4, 5, NULL, 145139829833722 [pid 6515] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6515] exit_group(0) = ? [pid 6516] <... sendfile resumed>) = ? [pid 6516] +++ exited with 0 +++ [pid 6517] <... sendfile resumed>) = ? [pid 6517] +++ exited with 0 +++ [pid 6515] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6515, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./475/binderfs") = 0 umount2("./475/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./475/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./475/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./475/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6518 ./strace-static-x86_64: Process 6518 attached [pid 6518] set_robust_list(0x5555556365e0, 24) = 0 [pid 6518] chdir("./476") = 0 [pid 6518] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6518] setpgid(0, 0) = 0 [pid 6518] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6518] write(3, "1000", 4) = 4 [pid 6518] close(3) = 0 [pid 6518] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6518] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6518] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6519], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6519 [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6519 attached [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6519] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6519] memfd_create("syzkaller", 0) = 3 [pid 6519] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6519] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6519] munmap(0x7f5499e77000, 2097152) = 0 [pid 6519] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6519] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6519] close(3) = 0 [pid 6519] mkdir("./bus", 0777) = 0 [pid 6519] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6519] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6519] chdir("./bus") = 0 [pid 6519] ioctl(4, LOOP_CLR_FD) = 0 [pid 6519] close(4) = 0 [pid 6519] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6519] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6518] <... futex resumed>) = 0 [pid 6519] creat("./bus", 000 [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] <... creat resumed>) = 4 [pid 6519] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6519] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6518] <... futex resumed>) = 0 [pid 6519] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] <... fcntl resumed>) = 0 [pid 6519] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6518] <... futex resumed>) = 0 [pid 6519] ftruncate(4, 2048 [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] <... ftruncate resumed>) = 0 [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6519] <... futex resumed>) = 0 [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] lseek(4, 0, SEEK_END [pid 6518] <... futex resumed>) = 0 [pid 6519] <... lseek resumed>) = 2048 [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6519] <... futex resumed>) = 0 [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 237.861820][ T6519] loop0: detected capacity change from 0 to 4096 [ 237.871272][ T6519] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6519] open("./bus", O_RDONLY [pid 6518] <... futex resumed>) = 0 [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] <... open resumed>) = 5 [pid 6519] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6519] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6518] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] <... futex resumed>) = 0 [pid 6518] <... futex resumed>) = 1 [pid 6519] sendfile(4, 5, NULL, 145139829833722 [pid 6518] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6518] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6518] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 237.923774][ T27] audit: type=1804 audit(1671454818.669:478): pid=6519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/476/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6518] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6518] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6520 attached [pid 6520] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6520] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6518] <... clone resumed>, parent_tid=[6520], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6520 [pid 6518] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6520] <... futex resumed>) = 0 [pid 6520] sendfile(4, 5, NULL, 145139829833722 [pid 6518] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6518] exit_group(0) = ? [pid 6520] <... sendfile resumed>) = ? [pid 6520] +++ exited with 0 +++ [pid 6519] <... sendfile resumed>) = ? [pid 6519] +++ exited with 0 +++ [pid 6518] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6518, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./476/binderfs") = 0 umount2("./476/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./476/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./476/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6521 ./strace-static-x86_64: Process 6521 attached [pid 6521] set_robust_list(0x5555556365e0, 24) = 0 [pid 6521] chdir("./477") = 0 [pid 6521] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6521] setpgid(0, 0) = 0 [pid 6521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6521] write(3, "1000", 4) = 4 [pid 6521] close(3) = 0 [pid 6521] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6521] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6521] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6522], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6522 [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6522 attached [pid 6522] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6522] memfd_create("syzkaller", 0) = 3 [pid 6522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6522] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6522] munmap(0x7f5499e77000, 2097152) = 0 [pid 6522] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6522] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6522] close(3) = 0 [pid 6522] mkdir("./bus", 0777) = 0 [pid 6522] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6522] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6522] chdir("./bus") = 0 [pid 6522] ioctl(4, LOOP_CLR_FD) = 0 [pid 6522] close(4) = 0 [pid 6522] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6521] <... futex resumed>) = 0 [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6522] <... futex resumed>) = 1 [pid 6522] creat("./bus", 000) = 4 [pid 6522] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6521] <... futex resumed>) = 0 [pid 6522] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6521] <... futex resumed>) = 0 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6522] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6522] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6521] <... futex resumed>) = 0 [pid 6522] ftruncate(4, 2048 [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6522] <... ftruncate resumed>) = 0 [pid 6522] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6521] <... futex resumed>) = 0 [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6522] lseek(4, 0, SEEK_END) = 2048 [pid 6522] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6521] <... futex resumed>) = 0 [pid 6522] open("./bus", O_RDONLY [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... open resumed>) = 5 [pid 6521] <... futex resumed>) = 0 [pid 6522] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 238.253860][ T6522] loop0: detected capacity change from 0 to 4096 [ 238.263231][ T6522] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6522] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6521] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = 0 [pid 6521] <... futex resumed>) = 1 [pid 6522] sendfile(4, 5, NULL, 145139829833722 [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6521] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6521] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6521] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6521] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6523], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6523 [pid 6521] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6521] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6523 attached [pid 6523] set_robust_list(0x7f549a0769e0, 24) = 0 [ 238.310990][ T27] audit: type=1804 audit(1671454819.049:479): pid=6522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/477/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6523] sendfile(4, 5, NULL, 145139829833722 [pid 6521] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6521] exit_group(0) = ? [pid 6522] <... sendfile resumed>) = ? [pid 6522] +++ exited with 0 +++ [pid 6523] <... sendfile resumed>) = ? [pid 6523] +++ exited with 0 +++ [pid 6521] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6521, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./477/binderfs") = 0 umount2("./477/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./477/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./477/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./477/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6524 ./strace-static-x86_64: Process 6524 attached [pid 6524] set_robust_list(0x5555556365e0, 24) = 0 [pid 6524] chdir("./478") = 0 [pid 6524] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6524] setpgid(0, 0) = 0 [pid 6524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6524] write(3, "1000", 4) = 4 [pid 6524] close(3) = 0 [pid 6524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6524] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6524] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6525 attached [pid 6525] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6524] <... clone resumed>, parent_tid=[6525], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6525 [pid 6525] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6525] <... futex resumed>) = 0 [pid 6525] memfd_create("syzkaller", 0) = 3 [pid 6525] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6525] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6525] munmap(0x7f5499e77000, 2097152) = 0 [pid 6525] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6525] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6525] close(3) = 0 [pid 6525] mkdir("./bus", 0777) = 0 [pid 6525] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6525] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6525] chdir("./bus") = 0 [pid 6525] ioctl(4, LOOP_CLR_FD) = 0 [pid 6525] close(4) = 0 [pid 6525] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6525] creat("./bus", 000 [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... creat resumed>) = 4 [pid 6525] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... fcntl resumed>) = 0 [pid 6525] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] ftruncate(4, 2048 [pid 6524] <... futex resumed>) = 0 [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... ftruncate resumed>) = 0 [pid 6525] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6525] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6525] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6524] <... futex resumed>) = 0 [pid 6525] lseek(4, 0, SEEK_END [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... lseek resumed>) = 2048 [pid 6525] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6524] <... futex resumed>) = 0 [pid 6525] open("./bus", O_RDONLY [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 238.633149][ T6525] loop0: detected capacity change from 0 to 4096 [ 238.642961][ T6525] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... open resumed>) = 5 [pid 6525] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6524] <... futex resumed>) = 0 [pid 6524] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... futex resumed>) = 1 [pid 6525] sendfile(4, 5, NULL, 145139829833722 [pid 6524] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6524] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6524] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6524] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6526 attached , parent_tid=[6526], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6526 [pid 6524] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6524] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] set_robust_list(0x7f549a0769e0, 24) = 0 [ 238.689786][ T27] audit: type=1804 audit(1671454819.429:480): pid=6525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/478/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6526] sendfile(4, 5, NULL, 145139829833722 [pid 6524] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6524] exit_group(0) = ? [pid 6525] <... sendfile resumed>) = ? [pid 6525] +++ exited with 0 +++ [pid 6526] <... sendfile resumed>) = ? [pid 6526] +++ exited with 0 +++ [pid 6524] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6524, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./478/binderfs") = 0 umount2("./478/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./478/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./478/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./478/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6527 ./strace-static-x86_64: Process 6527 attached [pid 6527] set_robust_list(0x5555556365e0, 24) = 0 [pid 6527] chdir("./479") = 0 [pid 6527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6527] setpgid(0, 0) = 0 [pid 6527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6527] write(3, "1000", 4) = 4 [pid 6527] close(3) = 0 [pid 6527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6527] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6527] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6528 attached , parent_tid=[6528], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6528 [pid 6528] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6528] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6528] memfd_create("syzkaller", 0) = 3 [pid 6528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6528] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6528] munmap(0x7f5499e77000, 2097152) = 0 [pid 6528] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6528] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6528] close(3) = 0 [pid 6528] mkdir("./bus", 0777) = 0 [pid 6528] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6528] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6528] chdir("./bus") = 0 [pid 6528] ioctl(4, LOOP_CLR_FD) = 0 [pid 6528] close(4) = 0 [pid 6528] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6527] <... futex resumed>) = 0 [pid 6528] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6528] <... futex resumed>) = 0 [pid 6528] creat("./bus", 000) = 4 [pid 6528] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6528] <... futex resumed>) = 1 [pid 6528] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6528] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6528] <... futex resumed>) = 1 [pid 6528] ftruncate(4, 2048) = 0 [pid 6528] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6528] <... futex resumed>) = 1 [pid 6528] lseek(4, 0, SEEK_END) = 2048 [pid 6528] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6527] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6528] <... futex resumed>) = 1 [ 239.017938][ T6528] loop0: detected capacity change from 0 to 4096 [ 239.027333][ T6528] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6528] open("./bus", O_RDONLY) = 5 [pid 6528] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6528] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6527] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... futex resumed>) = 0 [pid 6527] <... futex resumed>) = 1 [pid 6527] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 239.071355][ T27] audit: type=1804 audit(1671454819.819:481): pid=6528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/479/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6528] sendfile(4, 5, NULL, 145139829833722 [pid 6527] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6527] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6527] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6527] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6529 attached [pid 6529] set_robust_list(0x7f549a0769e0, 24 [pid 6527] <... clone resumed>, parent_tid=[6529], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6529 [pid 6529] <... set_robust_list resumed>) = 0 [pid 6529] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6527] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6529] <... futex resumed>) = 0 [pid 6527] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6529] sendfile(4, 5, NULL, 145139829833722 [pid 6527] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6527] exit_group(0) = ? [pid 6529] <... sendfile resumed>) = ? [pid 6529] +++ exited with 0 +++ [pid 6528] <... sendfile resumed>) = ? [pid 6528] +++ exited with 0 +++ [pid 6527] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6527, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./479/binderfs") = 0 umount2("./479/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./479/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./479/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./479/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6530 ./strace-static-x86_64: Process 6530 attached [pid 6530] set_robust_list(0x5555556365e0, 24) = 0 [pid 6530] chdir("./480") = 0 [pid 6530] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6530] setpgid(0, 0) = 0 [pid 6530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6530] write(3, "1000", 4) = 4 [pid 6530] close(3) = 0 [pid 6530] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6530] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6530] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6531 attached , parent_tid=[6531], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6531 [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6531] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6531] memfd_create("syzkaller", 0) = 3 [pid 6531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6531] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6531] munmap(0x7f5499e77000, 2097152) = 0 [pid 6531] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6531] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6531] close(3) = 0 [pid 6531] mkdir("./bus", 0777) = 0 [pid 6531] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6531] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6531] chdir("./bus") = 0 [pid 6531] ioctl(4, LOOP_CLR_FD) = 0 [pid 6531] close(4) = 0 [pid 6531] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6530] <... futex resumed>) = 0 [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6531] <... futex resumed>) = 1 [pid 6531] creat("./bus", 000) = 4 [pid 6531] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6530] <... futex resumed>) = 0 [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6531] <... futex resumed>) = 0 [pid 6531] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6531] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6531] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... futex resumed>) = 0 [pid 6530] <... futex resumed>) = 1 [pid 6531] ftruncate(4, 2048 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6531] <... ftruncate resumed>) = 0 [pid 6531] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6530] <... futex resumed>) = 0 [pid 6531] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6530] <... futex resumed>) = 0 [pid 6531] lseek(4, 0, SEEK_END [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6531] <... lseek resumed>) = 2048 [pid 6531] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6530] <... futex resumed>) = 0 [pid 6531] open("./bus", O_RDONLY [ 239.424228][ T6531] loop0: detected capacity change from 0 to 4096 [ 239.433526][ T6531] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... open resumed>) = 5 [pid 6530] <... futex resumed>) = 0 [pid 6531] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6531] <... futex resumed>) = 0 [pid 6530] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6531] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6530] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6530] <... futex resumed>) = 0 [pid 6531] sendfile(4, 5, NULL, 145139829833722 [pid 6530] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6530] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6530] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6530] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6532], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6532 [pid 6530] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6530] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6532 attached [pid 6532] set_robust_list(0x7f549a0769e0, 24) = 0 [ 239.476177][ T27] audit: type=1804 audit(1671454820.219:482): pid=6531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/480/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6532] sendfile(4, 5, NULL, 145139829833722 [pid 6530] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6530] exit_group(0) = ? [pid 6531] <... sendfile resumed>) = ? [pid 6532] <... sendfile resumed>) = ? [pid 6531] +++ exited with 0 +++ [pid 6532] +++ exited with 0 +++ [pid 6530] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6530, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./480/binderfs") = 0 umount2("./480/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./480/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./480/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6533 ./strace-static-x86_64: Process 6533 attached [pid 6533] set_robust_list(0x5555556365e0, 24) = 0 [pid 6533] chdir("./481") = 0 [pid 6533] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6533] setpgid(0, 0) = 0 [pid 6533] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6533] write(3, "1000", 4) = 4 [pid 6533] close(3) = 0 [pid 6533] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6533] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6533] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6534 attached , parent_tid=[6534], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6534 [pid 6534] set_robust_list(0x7f54a22979e0, 24 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... set_robust_list resumed>) = 0 [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6534] memfd_create("syzkaller", 0) = 3 [pid 6534] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6534] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6534] munmap(0x7f5499e77000, 2097152) = 0 [pid 6534] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6534] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6534] close(3) = 0 [pid 6534] mkdir("./bus", 0777) = 0 [pid 6534] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6534] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6534] chdir("./bus") = 0 [pid 6534] ioctl(4, LOOP_CLR_FD) = 0 [pid 6534] close(4) = 0 [pid 6534] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 0 [pid 6534] creat("./bus", 000) = 4 [pid 6534] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 1 [pid 6534] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6534] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 1 [pid 6534] ftruncate(4, 2048) = 0 [pid 6534] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 1 [pid 6534] lseek(4, 0, SEEK_END) = 2048 [pid 6534] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 1 [pid 6534] open("./bus", O_RDONLY) = 5 [ 239.807584][ T6534] loop0: detected capacity change from 0 to 4096 [ 239.817216][ T6534] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6534] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6534] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6534] <... futex resumed>) = 0 [pid 6534] sendfile(4, 5, NULL, 145139829833722 [pid 6533] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6533] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6533] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6533] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6533] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6533] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6535 attached , parent_tid=[6535], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6535 [pid 6533] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6533] <... futex resumed>) = 0 [pid 6533] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 239.864175][ T27] audit: type=1804 audit(1671454820.609:483): pid=6534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/481/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6535] sendfile(4, 5, NULL, 145139829833722 [pid 6533] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6533] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6533] exit_group(0) = ? [pid 6534] <... sendfile resumed>) = ? [pid 6534] +++ exited with 0 +++ [pid 6535] <... sendfile resumed>) = ? [pid 6535] +++ exited with 0 +++ [pid 6533] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6533, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./481/binderfs") = 0 umount2("./481/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./481/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./481/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6536 ./strace-static-x86_64: Process 6536 attached [pid 6536] set_robust_list(0x5555556365e0, 24) = 0 [pid 6536] chdir("./482") = 0 [pid 6536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6536] setpgid(0, 0) = 0 [pid 6536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6536] write(3, "1000", 4) = 4 [pid 6536] close(3) = 0 [pid 6536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6536] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6536] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6537 attached , parent_tid=[6537], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6537 [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6537] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6537] memfd_create("syzkaller", 0) = 3 [pid 6537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6537] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6537] munmap(0x7f5499e77000, 2097152) = 0 [pid 6537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6537] close(3) = 0 [pid 6537] mkdir("./bus", 0777) = 0 [pid 6537] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6537] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6537] chdir("./bus") = 0 [pid 6537] ioctl(4, LOOP_CLR_FD) = 0 [pid 6537] close(4) = 0 [pid 6537] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] creat("./bus", 000 [pid 6536] <... futex resumed>) = 0 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... creat resumed>) = 4 [pid 6537] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... fcntl resumed>) = 0 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... futex resumed>) = 0 [pid 6536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] ftruncate(4, 2048 [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... ftruncate resumed>) = 0 [pid 6537] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] lseek(4, 0, SEEK_END [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... lseek resumed>) = 2048 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... futex resumed>) = 0 [pid 6536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6537] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6537] open("./bus", O_RDONLY [ 240.194715][ T6537] loop0: detected capacity change from 0 to 4096 [ 240.204062][ T6537] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6537] <... open resumed>) = 5 [pid 6537] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6536] <... futex resumed>) = 0 [pid 6537] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6536] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6536] <... futex resumed>) = 0 [pid 6537] sendfile(4, 5, NULL, 145139829833722 [ 240.243669][ T27] audit: type=1804 audit(1671454820.989:484): pid=6537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/482/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6536] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6536] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6536] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6536] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6538], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6538 ./strace-static-x86_64: Process 6538 attached [pid 6536] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6536] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6538] sendfile(4, 5, NULL, 145139829833722 [pid 6536] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6536] exit_group(0) = ? [pid 6538] <... sendfile resumed>) = ? [pid 6538] +++ exited with 0 +++ [pid 6537] <... sendfile resumed>) = ? [pid 6537] +++ exited with 0 +++ [pid 6536] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6536, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./482/binderfs") = 0 umount2("./482/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./482/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./482/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6539 ./strace-static-x86_64: Process 6539 attached [pid 6539] set_robust_list(0x5555556365e0, 24) = 0 [pid 6539] chdir("./483") = 0 [pid 6539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6539] setpgid(0, 0) = 0 [pid 6539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6539] write(3, "1000", 4) = 4 [pid 6539] close(3) = 0 [pid 6539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6539] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6539] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6540], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6540 [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6540 attached [pid 6540] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6540] memfd_create("syzkaller", 0) = 3 [pid 6540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6540] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6540] munmap(0x7f5499e77000, 2097152) = 0 [pid 6540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6540] close(3) = 0 [pid 6540] mkdir("./bus", 0777) = 0 [pid 6540] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6540] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6540] chdir("./bus") = 0 [pid 6540] ioctl(4, LOOP_CLR_FD) = 0 [pid 6540] close(4) = 0 [pid 6540] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6539] <... futex resumed>) = 0 [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6540] <... futex resumed>) = 1 [pid 6540] creat("./bus", 000) = 4 [pid 6540] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6539] <... futex resumed>) = 0 [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6539] <... futex resumed>) = 0 [pid 6540] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6540] <... fcntl resumed>) = 0 [pid 6540] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6539] <... futex resumed>) = 0 [pid 6540] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6539] <... futex resumed>) = 0 [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6540] ftruncate(4, 2048) = 0 [pid 6540] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6540] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6539] <... futex resumed>) = 0 [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6540] lseek(4, 0, SEEK_END) = 2048 [pid 6540] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6539] <... futex resumed>) = 0 [pid 6540] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6539] <... futex resumed>) = 0 [pid 6540] open("./bus", O_RDONLY [ 240.569567][ T6540] loop0: detected capacity change from 0 to 4096 [ 240.579463][ T6540] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6540] <... open resumed>) = 5 [pid 6540] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6539] <... futex resumed>) = 0 [pid 6540] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6539] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6540] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6539] <... futex resumed>) = 0 [pid 6540] sendfile(4, 5, NULL, 145139829833722 [ 240.626681][ T27] audit: type=1804 audit(1671454821.369:485): pid=6540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/483/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6539] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6539] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6539] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6539] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6541 attached [pid 6541] set_robust_list(0x7f549a0769e0, 24 [pid 6539] <... clone resumed>, parent_tid=[6541], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6541 [pid 6541] <... set_robust_list resumed>) = 0 [pid 6541] sendfile(4, 5, NULL, 145139829833722 [pid 6539] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6539] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6539] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6539] exit_group(0) = ? [pid 6541] <... sendfile resumed>) = ? [pid 6540] <... sendfile resumed>) = ? [pid 6540] +++ exited with 0 +++ [pid 6541] +++ exited with 0 +++ [pid 6539] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6539, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./483/binderfs") = 0 umount2("./483/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./483/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./483/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6542 ./strace-static-x86_64: Process 6542 attached [pid 6542] set_robust_list(0x5555556365e0, 24) = 0 [pid 6542] chdir("./484") = 0 [pid 6542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6542] setpgid(0, 0) = 0 [pid 6542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6542] write(3, "1000", 4) = 4 [pid 6542] close(3) = 0 [pid 6542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6542] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6542] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6543], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6543 [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6543 attached [pid 6543] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6543] memfd_create("syzkaller", 0) = 3 [pid 6543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6543] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6543] munmap(0x7f5499e77000, 2097152) = 0 [pid 6543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6543] close(3) = 0 [pid 6543] mkdir("./bus", 0777) = 0 [pid 6543] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6543] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6543] chdir("./bus") = 0 [pid 6543] ioctl(4, LOOP_CLR_FD) = 0 [pid 6543] close(4) = 0 [pid 6543] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... futex resumed>) = 0 [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6543] <... futex resumed>) = 1 [pid 6543] creat("./bus", 000) = 4 [pid 6543] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... futex resumed>) = 0 [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6543] <... futex resumed>) = 1 [pid 6543] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6543] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... futex resumed>) = 0 [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6543] <... futex resumed>) = 1 [pid 6543] ftruncate(4, 2048) = 0 [pid 6543] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6542] <... futex resumed>) = 0 [pid 6543] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6542] <... futex resumed>) = 0 [pid 6543] lseek(4, 0, SEEK_END [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6543] <... lseek resumed>) = 2048 [pid 6543] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6542] <... futex resumed>) = 0 [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 240.954417][ T6543] loop0: detected capacity change from 0 to 4096 [ 240.963663][ T6543] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6543] open("./bus", O_RDONLY) = 5 [pid 6543] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... futex resumed>) = 0 [pid 6542] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6543] <... futex resumed>) = 1 [pid 6543] sendfile(4, 5, NULL, 145139829833722 [pid 6542] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6542] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6542] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6542] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6542] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6544], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6544 ./strace-static-x86_64: Process 6544 attached [pid 6542] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] set_robust_list(0x7f549a0769e0, 24 [pid 6542] <... futex resumed>) = 0 [pid 6544] <... set_robust_list resumed>) = 0 [pid 6542] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 241.014377][ T27] audit: type=1804 audit(1671454821.759:486): pid=6543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/484/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6544] sendfile(4, 5, NULL, 145139829833722 [pid 6542] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6542] exit_group(0) = ? [pid 6544] <... sendfile resumed>) = ? [pid 6544] +++ exited with 0 +++ [pid 6543] <... sendfile resumed>) = ? [pid 6543] +++ exited with 0 +++ [pid 6542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6542, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./484/binderfs") = 0 umount2("./484/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./484/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./484/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6545 ./strace-static-x86_64: Process 6545 attached [pid 6545] set_robust_list(0x5555556365e0, 24) = 0 [pid 6545] chdir("./485") = 0 [pid 6545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6545] setpgid(0, 0) = 0 [pid 6545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6545] write(3, "1000", 4) = 4 [pid 6545] close(3) = 0 [pid 6545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6545] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6545] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6546], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6546 [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6546 attached [pid 6546] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6546] memfd_create("syzkaller", 0) = 3 [pid 6546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6546] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6546] munmap(0x7f5499e77000, 2097152) = 0 [pid 6546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6546] close(3) = 0 [pid 6546] mkdir("./bus", 0777) = 0 [pid 6546] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6546] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6546] chdir("./bus") = 0 [pid 6546] ioctl(4, LOOP_CLR_FD) = 0 [pid 6546] close(4) = 0 [pid 6546] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] creat("./bus", 000 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6546] <... creat resumed>) = 4 [pid 6546] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6546] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... fcntl resumed>) = 0 [pid 6545] <... futex resumed>) = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6546] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] ftruncate(4, 2048 [pid 6545] <... futex resumed>) = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6546] <... ftruncate resumed>) = 0 [pid 6546] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6546] lseek(4, 0, SEEK_END [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6546] <... lseek resumed>) = 2048 [pid 6546] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [ 241.335482][ T6546] loop0: detected capacity change from 0 to 4096 [ 241.344718][ T6546] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6546] open("./bus", O_RDONLY [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6546] <... open resumed>) = 5 [pid 6546] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6546] sendfile(4, 5, NULL, 145139829833722 [pid 6545] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6545] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6545] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6545] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6547 attached [pid 6547] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6547] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6545] <... clone resumed>, parent_tid=[6547], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6547 [pid 6545] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6547] <... futex resumed>) = 0 [pid 6547] sendfile(4, 5, NULL, 145139829833722 [pid 6545] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6545] exit_group(0) = ? [pid 6547] <... sendfile resumed>) = ? [pid 6546] <... sendfile resumed>) = ? [pid 6547] +++ exited with 0 +++ [pid 6546] +++ exited with 0 +++ [pid 6545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6545, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./485/binderfs") = 0 umount2("./485/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./485/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./485/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6548 ./strace-static-x86_64: Process 6548 attached [pid 6548] set_robust_list(0x5555556365e0, 24) = 0 [pid 6548] chdir("./486") = 0 [pid 6548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6548] setpgid(0, 0) = 0 [pid 6548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6548] write(3, "1000", 4) = 4 [pid 6548] close(3) = 0 [pid 6548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6548] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6548] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6549 attached , parent_tid=[6549], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6549 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6549] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6549] memfd_create("syzkaller", 0) = 3 [pid 6549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6549] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6549] munmap(0x7f5499e77000, 2097152) = 0 [pid 6549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6549] close(3) = 0 [pid 6549] mkdir("./bus", 0777) = 0 [pid 6549] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6549] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6549] chdir("./bus") = 0 [pid 6549] ioctl(4, LOOP_CLR_FD) = 0 [pid 6549] close(4) = 0 [pid 6549] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] creat("./bus", 000) = 4 [pid 6549] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6549] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] ftruncate(4, 2048) = 0 [pid 6549] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] <... futex resumed>) = 0 [pid 6549] <... futex resumed>) = 1 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] lseek(4, 0, SEEK_END [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] <... lseek resumed>) = 2048 [pid 6549] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6549] open("./bus", O_RDONLY [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] <... open resumed>) = 5 [pid 6549] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] <... futex resumed>) = 1 [ 241.726252][ T6549] loop0: detected capacity change from 0 to 4096 [ 241.735355][ T6549] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6549] sendfile(4, 5, NULL, 145139829833722 [pid 6548] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6548] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6548] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6548] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6550 attached [pid 6550] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6550] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6548] <... clone resumed>, parent_tid=[6550], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6550 [pid 6548] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6550] <... futex resumed>) = 0 [pid 6548] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] sendfile(4, 5, NULL, 145139829833722 [pid 6548] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6548] exit_group(0) = ? [pid 6550] <... sendfile resumed>) = ? [pid 6550] +++ exited with 0 +++ [pid 6549] <... sendfile resumed>) = ? [pid 6549] +++ exited with 0 +++ [pid 6548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6548, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./486/binderfs") = 0 umount2("./486/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./486/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./486/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6551 ./strace-static-x86_64: Process 6551 attached [pid 6551] set_robust_list(0x5555556365e0, 24) = 0 [pid 6551] chdir("./487") = 0 [pid 6551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6551] setpgid(0, 0) = 0 [pid 6551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6551] write(3, "1000", 4) = 4 [pid 6551] close(3) = 0 [pid 6551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6551] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6551] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6552], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6552 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6552 attached [pid 6552] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6552] memfd_create("syzkaller", 0) = 3 [pid 6552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6552] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6552] munmap(0x7f5499e77000, 2097152) = 0 [pid 6552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6552] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6552] close(3) = 0 [pid 6552] mkdir("./bus", 0777) = 0 [pid 6552] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6552] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6552] chdir("./bus") = 0 [pid 6552] ioctl(4, LOOP_CLR_FD) = 0 [pid 6552] close(4) = 0 [pid 6552] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] <... futex resumed>) = 1 [pid 6552] creat("./bus", 000) = 4 [pid 6552] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] <... futex resumed>) = 1 [pid 6552] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6552] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] <... futex resumed>) = 1 [pid 6552] ftruncate(4, 2048) = 0 [pid 6552] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] <... futex resumed>) = 1 [pid 6552] lseek(4, 0, SEEK_END) = 2048 [pid 6552] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] <... futex resumed>) = 1 [pid 6552] open("./bus", O_RDONLY) = 5 [pid 6552] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] <... futex resumed>) = 1 [ 242.105093][ T6552] loop0: detected capacity change from 0 to 4096 [ 242.114952][ T6552] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6552] sendfile(4, 5, NULL, 145139829833722 [pid 6551] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6551] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6551] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6551] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6551] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6553 attached , parent_tid=[6553], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6553 [pid 6551] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] set_robust_list(0x7f549a0769e0, 24 [pid 6551] <... futex resumed>) = 0 [pid 6551] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] <... set_robust_list resumed>) = 0 [pid 6553] sendfile(4, 5, NULL, 145139829833722 [pid 6551] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6551] exit_group(0) = ? [pid 6552] <... sendfile resumed>) = ? [pid 6552] +++ exited with 0 +++ [pid 6553] <... sendfile resumed>) = ? [pid 6553] +++ exited with 0 +++ [pid 6551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6551, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./487/binderfs") = 0 umount2("./487/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./487/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./487/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./487/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6554 ./strace-static-x86_64: Process 6554 attached [pid 6554] set_robust_list(0x5555556365e0, 24) = 0 [pid 6554] chdir("./488") = 0 [pid 6554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6554] setpgid(0, 0) = 0 [pid 6554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6554] write(3, "1000", 4) = 4 [pid 6554] close(3) = 0 [pid 6554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6554] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6554] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6555 attached , parent_tid=[6555], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6555 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6555] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6555] memfd_create("syzkaller", 0) = 3 [pid 6555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6555] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6555] munmap(0x7f5499e77000, 2097152) = 0 [pid 6555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6555] close(3) = 0 [pid 6555] mkdir("./bus", 0777) = 0 [pid 6555] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6555] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6555] chdir("./bus") = 0 [pid 6555] ioctl(4, LOOP_CLR_FD) = 0 [pid 6555] close(4) = 0 [pid 6555] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... futex resumed>) = 1 [pid 6555] creat("./bus", 000) = 4 [pid 6555] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... futex resumed>) = 1 [pid 6555] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6555] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... futex resumed>) = 1 [pid 6555] ftruncate(4, 2048) = 0 [pid 6555] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... futex resumed>) = 1 [pid 6555] lseek(4, 0, SEEK_END) = 2048 [pid 6555] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... futex resumed>) = 1 [pid 6555] open("./bus", O_RDONLY) = 5 [pid 6555] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6555] <... futex resumed>) = 1 [ 242.479155][ T6555] loop0: detected capacity change from 0 to 4096 [ 242.488631][ T6555] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6555] sendfile(4, 5, NULL, 145139829833722 [pid 6554] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6554] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6554] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6554] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6556 attached [pid 6556] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6556] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6554] <... clone resumed>, parent_tid=[6556], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6556 [pid 6554] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6554] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 242.535214][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 242.535230][ T27] audit: type=1804 audit(1671454823.279:490): pid=6555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/488/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6556] sendfile(4, 5, NULL, 145139829833722 [pid 6554] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6554] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6554] exit_group(0) = ? [pid 6555] <... sendfile resumed>) = ? [pid 6555] +++ exited with 0 +++ [pid 6556] <... sendfile resumed>) = ? [pid 6556] +++ exited with 0 +++ [pid 6554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6554, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./488/binderfs") = 0 umount2("./488/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./488/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./488/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6557 ./strace-static-x86_64: Process 6557 attached [pid 6557] set_robust_list(0x5555556365e0, 24) = 0 [pid 6557] chdir("./489") = 0 [pid 6557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6557] setpgid(0, 0) = 0 [pid 6557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6557] write(3, "1000", 4) = 4 [pid 6557] close(3) = 0 [pid 6557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6557] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6557] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6558], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6558 [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6558 attached [pid 6558] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6558] memfd_create("syzkaller", 0) = 3 [pid 6558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6558] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6558] munmap(0x7f5499e77000, 2097152) = 0 [pid 6558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6558] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6558] close(3) = 0 [pid 6558] mkdir("./bus", 0777) = 0 [pid 6558] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6558] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6558] chdir("./bus") = 0 [pid 6558] ioctl(4, LOOP_CLR_FD) = 0 [pid 6558] close(4) = 0 [pid 6558] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] creat("./bus", 000) = 4 [pid 6558] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6558] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... futex resumed>) = 0 [pid 6558] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6558] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] ftruncate(4, 2048) = 0 [pid 6558] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6557] <... futex resumed>) = 0 [pid 6558] lseek(4, 0, SEEK_END [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] <... lseek resumed>) = 2048 [pid 6557] <... futex resumed>) = 0 [pid 6558] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... futex resumed>) = 0 [pid 6557] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 242.860120][ T6558] loop0: detected capacity change from 0 to 4096 [ 242.869991][ T6558] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6558] open("./bus", O_RDONLY [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... open resumed>) = 5 [pid 6558] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] <... futex resumed>) = 0 [pid 6557] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6558] <... futex resumed>) = 1 [pid 6558] sendfile(4, 5, NULL, 145139829833722 [pid 6557] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6557] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6557] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6557] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6559 attached , parent_tid=[6559], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6559 [pid 6559] set_robust_list(0x7f549a0769e0, 24 [pid 6557] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6557] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6559] <... set_robust_list resumed>) = 0 [ 242.932231][ T27] audit: type=1804 audit(1671454823.679:491): pid=6558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/489/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6559] sendfile(4, 5, NULL, 145139829833722 [pid 6557] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6557] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6557] exit_group(0) = ? [pid 6559] <... sendfile resumed>) = ? [pid 6558] <... sendfile resumed>) = ? [pid 6558] +++ exited with 0 +++ [pid 6559] +++ exited with 0 +++ [pid 6557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6557, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./489/binderfs") = 0 umount2("./489/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./489/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./489/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6560 ./strace-static-x86_64: Process 6560 attached [pid 6560] set_robust_list(0x5555556365e0, 24) = 0 [pid 6560] chdir("./490") = 0 [pid 6560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6560] setpgid(0, 0) = 0 [pid 6560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6560] write(3, "1000", 4) = 4 [pid 6560] close(3) = 0 [pid 6560] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6560] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6560] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6561], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6561 [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6561 attached [pid 6561] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6561] memfd_create("syzkaller", 0) = 3 [pid 6561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6561] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6561] munmap(0x7f5499e77000, 2097152) = 0 [pid 6561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6561] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6561] close(3) = 0 [pid 6561] mkdir("./bus", 0777) = 0 [pid 6561] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6561] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6561] chdir("./bus") = 0 [pid 6561] ioctl(4, LOOP_CLR_FD) = 0 [pid 6561] close(4) = 0 [pid 6561] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6560] <... futex resumed>) = 0 [pid 6561] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6560] <... futex resumed>) = 0 [pid 6561] creat("./bus", 000 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6561] <... creat resumed>) = 4 [pid 6561] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6560] <... futex resumed>) = 0 [pid 6561] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... fcntl resumed>) = 0 [pid 6560] <... futex resumed>) = 0 [pid 6561] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6561] <... futex resumed>) = 0 [pid 6560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] ftruncate(4, 2048 [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... ftruncate resumed>) = 0 [pid 6560] <... futex resumed>) = 0 [pid 6561] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6561] <... futex resumed>) = 0 [pid 6560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] lseek(4, 0, SEEK_END [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... lseek resumed>) = 2048 [pid 6560] <... futex resumed>) = 0 [pid 6561] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6561] <... futex resumed>) = 0 [pid 6560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] open("./bus", O_RDONLY [ 243.257029][ T6561] loop0: detected capacity change from 0 to 4096 [ 243.266665][ T6561] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] <... open resumed>) = 5 [pid 6560] <... futex resumed>) = 0 [pid 6561] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6561] <... futex resumed>) = 0 [pid 6560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6561] sendfile(4, 5, NULL, 145139829833722 [pid 6560] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6560] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6560] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6560] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6560] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6562 attached , parent_tid=[6562], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6562 [pid 6562] set_robust_list(0x7f549a0769e0, 24 [pid 6560] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... set_robust_list resumed>) = 0 [pid 6560] <... futex resumed>) = 0 [pid 6562] sendfile(4, 5, NULL, 145139829833722 [ 243.312897][ T27] audit: type=1804 audit(1671454824.059:492): pid=6561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/490/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6560] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6560] exit_group(0 [pid 6562] <... sendfile resumed>) = ? [pid 6560] <... exit_group resumed>) = ? [pid 6562] +++ exited with 0 +++ [pid 6561] <... sendfile resumed>) = ? [pid 6561] +++ exited with 0 +++ [pid 6560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6560, si_uid=0, si_status=0, si_utime=0, si_stime=32 /* 0.32 s */} --- umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./490/binderfs") = 0 umount2("./490/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./490/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./490/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6563 ./strace-static-x86_64: Process 6563 attached [pid 6563] set_robust_list(0x5555556365e0, 24) = 0 [pid 6563] chdir("./491") = 0 [pid 6563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6563] setpgid(0, 0) = 0 [pid 6563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6563] write(3, "1000", 4) = 4 [pid 6563] close(3) = 0 [pid 6563] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6563] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6563] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6564 attached , parent_tid=[6564], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6564 [pid 6564] set_robust_list(0x7f54a22979e0, 24 [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6564] <... set_robust_list resumed>) = 0 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6564] memfd_create("syzkaller", 0) = 3 [pid 6564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6564] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6564] munmap(0x7f5499e77000, 2097152) = 0 [pid 6564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6564] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6564] close(3) = 0 [pid 6564] mkdir("./bus", 0777) = 0 [pid 6564] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6564] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6564] chdir("./bus") = 0 [pid 6564] ioctl(4, LOOP_CLR_FD) = 0 [pid 6564] close(4) = 0 [pid 6564] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6563] <... futex resumed>) = 0 [pid 6564] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6564] <... futex resumed>) = 0 [pid 6564] creat("./bus", 000) = 4 [pid 6564] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6563] <... futex resumed>) = 0 [pid 6564] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6564] <... fcntl resumed>) = 0 [pid 6563] <... futex resumed>) = 0 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6564] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6563] <... futex resumed>) = 0 [pid 6564] ftruncate(4, 2048 [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6564] <... ftruncate resumed>) = 0 [pid 6564] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6563] <... futex resumed>) = 0 [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6564] <... futex resumed>) = 1 [pid 6564] lseek(4, 0, SEEK_END) = 2048 [ 243.642190][ T6564] loop0: detected capacity change from 0 to 4096 [ 243.651804][ T6564] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6564] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6563] <... futex resumed>) = 0 [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6564] <... futex resumed>) = 1 [pid 6564] open("./bus", O_RDONLY) = 5 [pid 6564] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6564] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6563] <... futex resumed>) = 0 [pid 6563] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6564] <... futex resumed>) = 0 [pid 6563] <... futex resumed>) = 1 [pid 6564] sendfile(4, 5, NULL, 145139829833722 [pid 6563] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6563] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6563] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6563] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6565 attached [pid 6565] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6565] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6563] <... clone resumed>, parent_tid=[6565], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6565 [ 243.701776][ T27] audit: type=1804 audit(1671454824.449:493): pid=6564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/491/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6563] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6565] <... futex resumed>) = 0 [pid 6565] sendfile(4, 5, NULL, 145139829833722 [pid 6563] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6563] exit_group(0) = ? [pid 6564] <... sendfile resumed>) = ? [pid 6564] +++ exited with 0 +++ [pid 6565] <... sendfile resumed>) = ? [pid 6565] +++ exited with 0 +++ [pid 6563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6563, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./491", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./491/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./491/binderfs") = 0 umount2("./491/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./491/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./491/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./491/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./491/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./491/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./491") = 0 mkdir("./492", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6566 ./strace-static-x86_64: Process 6566 attached [pid 6566] set_robust_list(0x5555556365e0, 24) = 0 [pid 6566] chdir("./492") = 0 [pid 6566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6566] setpgid(0, 0) = 0 [pid 6566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6566] write(3, "1000", 4) = 4 [pid 6566] close(3) = 0 [pid 6566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6566] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6566] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6567], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6567 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6567 attached [pid 6567] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6567] memfd_create("syzkaller", 0) = 3 [pid 6567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6567] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6567] munmap(0x7f5499e77000, 2097152) = 0 [pid 6567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6567] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6567] close(3) = 0 [pid 6567] mkdir("./bus", 0777) = 0 [pid 6567] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6567] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6567] chdir("./bus") = 0 [pid 6567] ioctl(4, LOOP_CLR_FD) = 0 [pid 6567] close(4) = 0 [pid 6567] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6567] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6566] <... futex resumed>) = 0 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] <... futex resumed>) = 0 [pid 6567] creat("./bus", 000) = 4 [pid 6567] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6566] <... futex resumed>) = 0 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] <... futex resumed>) = 1 [pid 6567] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6567] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] <... futex resumed>) = 0 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] ftruncate(4, 2048) = 0 [pid 6567] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] <... futex resumed>) = 0 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] lseek(4, 0, SEEK_END) = 2048 [pid 6567] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6566] <... futex resumed>) = 0 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 244.034842][ T6567] loop0: detected capacity change from 0 to 4096 [ 244.043741][ T6567] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6567] open("./bus", O_RDONLY) = 5 [pid 6567] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6566] <... futex resumed>) = 0 [pid 6566] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] <... futex resumed>) = 1 [ 244.092964][ T27] audit: type=1804 audit(1671454824.839:494): pid=6567 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/492/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6567] sendfile(4, 5, NULL, 145139829833722 [pid 6566] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6566] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6566] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6566] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6566] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6568 attached , parent_tid=[6568], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6568 [pid 6566] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6568] set_robust_list(0x7f549a0769e0, 24 [pid 6566] <... futex resumed>) = 0 [pid 6568] <... set_robust_list resumed>) = 0 [pid 6566] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6568] sendfile(4, 5, NULL, 145139829833722 [pid 6566] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6566] exit_group(0 [pid 6567] <... sendfile resumed>) = ? [pid 6566] <... exit_group resumed>) = ? [pid 6567] +++ exited with 0 +++ [pid 6568] <... sendfile resumed>) = ? [pid 6568] +++ exited with 0 +++ [pid 6566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6566, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./492", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./492/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./492/binderfs") = 0 umount2("./492/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./492/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./492/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./492/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./492/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./492/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./492") = 0 mkdir("./493", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6569 ./strace-static-x86_64: Process 6569 attached [pid 6569] set_robust_list(0x5555556365e0, 24) = 0 [pid 6569] chdir("./493") = 0 [pid 6569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6569] setpgid(0, 0) = 0 [pid 6569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6569] write(3, "1000", 4) = 4 [pid 6569] close(3) = 0 [pid 6569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6569] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6569] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6570 attached , parent_tid=[6570], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6570 [pid 6570] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6570] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6570] memfd_create("syzkaller", 0) = 3 [pid 6570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6570] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6570] munmap(0x7f5499e77000, 2097152) = 0 [pid 6570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6570] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6570] close(3) = 0 [pid 6570] mkdir("./bus", 0777) = 0 [pid 6570] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6570] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6570] chdir("./bus") = 0 [pid 6570] ioctl(4, LOOP_CLR_FD) = 0 [pid 6570] close(4) = 0 [pid 6570] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 1 [pid 6570] creat("./bus", 000) = 4 [pid 6570] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 1 [pid 6570] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6570] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 1 [pid 6570] ftruncate(4, 2048) = 0 [pid 6570] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 1 [pid 6570] lseek(4, 0, SEEK_END) = 2048 [pid 6570] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6569] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 1 [ 244.430763][ T6570] loop0: detected capacity change from 0 to 4096 [ 244.440548][ T6570] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6570] open("./bus", O_RDONLY) = 5 [pid 6570] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6570] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6569] <... futex resumed>) = 0 [pid 6569] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 0 [ 244.485704][ T27] audit: type=1804 audit(1671454825.229:495): pid=6570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/493/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6570] sendfile(4, 5, NULL, 145139829833722 [pid 6569] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6569] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6569] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6569] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6569] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6571], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6571 [pid 6569] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6569] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6571 attached [pid 6571] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6571] sendfile(4, 5, NULL, 145139829833722 [pid 6569] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6569] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6569] exit_group(0) = ? [pid 6571] <... sendfile resumed>) = ? [pid 6571] +++ exited with 0 +++ [pid 6570] <... sendfile resumed>) = ? [pid 6570] +++ exited with 0 +++ [pid 6569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6569, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./493", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./493/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./493/binderfs") = 0 umount2("./493/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./493/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./493/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./493/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./493/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./493/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./493") = 0 mkdir("./494", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6572 ./strace-static-x86_64: Process 6572 attached [pid 6572] set_robust_list(0x5555556365e0, 24) = 0 [pid 6572] chdir("./494") = 0 [pid 6572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6572] setpgid(0, 0) = 0 [pid 6572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6572] write(3, "1000", 4) = 4 [pid 6572] close(3) = 0 [pid 6572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6572] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6572] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6573 attached , parent_tid=[6573], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6573 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6573] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6573] memfd_create("syzkaller", 0) = 3 [pid 6573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6573] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6573] munmap(0x7f5499e77000, 2097152) = 0 [pid 6573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6573] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6573] close(3) = 0 [pid 6573] mkdir("./bus", 0777) = 0 [pid 6573] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6573] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6573] chdir("./bus") = 0 [pid 6573] ioctl(4, LOOP_CLR_FD) = 0 [pid 6573] close(4) = 0 [pid 6573] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] <... futex resumed>) = 0 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6573] <... futex resumed>) = 1 [pid 6573] creat("./bus", 000) = 4 [pid 6573] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] <... futex resumed>) = 0 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6573] <... futex resumed>) = 1 [pid 6573] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6573] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] <... futex resumed>) = 0 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6573] <... futex resumed>) = 1 [pid 6573] ftruncate(4, 2048) = 0 [pid 6573] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] <... futex resumed>) = 0 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6573] <... futex resumed>) = 1 [pid 6573] lseek(4, 0, SEEK_END) = 2048 [pid 6573] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6572] <... futex resumed>) = 0 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 244.830993][ T6573] loop0: detected capacity change from 0 to 4096 [ 244.839989][ T6573] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6573] open("./bus", O_RDONLY) = 5 [pid 6573] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] <... futex resumed>) = 0 [pid 6572] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6573] <... futex resumed>) = 1 [pid 6573] sendfile(4, 5, NULL, 145139829833722 [pid 6572] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6572] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 244.880025][ T27] audit: type=1804 audit(1671454825.619:496): pid=6573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/494/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6572] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6572] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6574 attached , parent_tid=[6574], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6574 [pid 6572] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6574] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6574] sendfile(4, 5, NULL, 145139829833722 [pid 6572] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6572] exit_group(0) = ? [pid 6573] <... sendfile resumed>) = ? [pid 6574] <... sendfile resumed>) = ? [pid 6574] +++ exited with 0 +++ [pid 6573] +++ exited with 0 +++ [pid 6572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6572, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./494", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./494/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./494/binderfs") = 0 umount2("./494/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./494/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./494/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./494/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./494/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./494/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./494") = 0 mkdir("./495", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6575 ./strace-static-x86_64: Process 6575 attached [pid 6575] set_robust_list(0x5555556365e0, 24) = 0 [pid 6575] chdir("./495") = 0 [pid 6575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6575] setpgid(0, 0) = 0 [pid 6575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6575] write(3, "1000", 4) = 4 [pid 6575] close(3) = 0 [pid 6575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6575] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6575] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6576], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6576 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6576 attached [pid 6576] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6576] memfd_create("syzkaller", 0) = 3 [pid 6576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6576] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6576] munmap(0x7f5499e77000, 2097152) = 0 [pid 6576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6576] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6576] close(3) = 0 [pid 6576] mkdir("./bus", 0777) = 0 [pid 6576] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6576] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6576] chdir("./bus") = 0 [pid 6576] ioctl(4, LOOP_CLR_FD) = 0 [pid 6576] close(4) = 0 [pid 6576] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 0 [pid 6576] creat("./bus", 000) = 4 [pid 6576] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 1 [pid 6576] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6576] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 1 [pid 6576] ftruncate(4, 2048) = 0 [pid 6576] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 1 [pid 6576] lseek(4, 0, SEEK_END) = 2048 [pid 6576] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 1 [ 245.210208][ T6576] loop0: detected capacity change from 0 to 4096 [ 245.219941][ T6576] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6576] open("./bus", O_RDONLY) = 5 [pid 6576] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6576] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6576] <... futex resumed>) = 0 [pid 6576] sendfile(4, 5, NULL, 145139829833722 [pid 6575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6575] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6575] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6575] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [ 245.264393][ T27] audit: type=1804 audit(1671454826.009:497): pid=6576 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/495/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6575] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6577 attached [pid 6577] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6577] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] <... clone resumed>, parent_tid=[6577], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6577 [pid 6575] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6575] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] sendfile(4, 5, NULL, 145139829833722 [pid 6575] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6575] exit_group(0) = ? [pid 6577] <... sendfile resumed>) = ? [pid 6577] +++ exited with 0 +++ [pid 6576] <... sendfile resumed>) = ? [pid 6576] +++ exited with 0 +++ [pid 6575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6575, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./495", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./495/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./495/binderfs") = 0 umount2("./495/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./495/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./495/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./495/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./495/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./495/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./495") = 0 mkdir("./496", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6578 ./strace-static-x86_64: Process 6578 attached [pid 6578] set_robust_list(0x5555556365e0, 24) = 0 [pid 6578] chdir("./496") = 0 [pid 6578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6578] setpgid(0, 0) = 0 [pid 6578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6578] write(3, "1000", 4) = 4 [pid 6578] close(3) = 0 [pid 6578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6578] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6578] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6579], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6579 ./strace-static-x86_64: Process 6579 attached [pid 6579] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6579] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6579] memfd_create("syzkaller", 0) = 3 [pid 6579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6579] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6579] munmap(0x7f5499e77000, 2097152) = 0 [pid 6579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6579] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6579] close(3) = 0 [pid 6579] mkdir("./bus", 0777) = 0 [pid 6579] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6579] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6579] chdir("./bus") = 0 [pid 6579] ioctl(4, LOOP_CLR_FD) = 0 [pid 6579] close(4) = 0 [pid 6579] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6579] <... futex resumed>) = 1 [pid 6579] creat("./bus", 000) = 4 [pid 6579] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6579] <... futex resumed>) = 1 [pid 6579] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6579] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6579] <... futex resumed>) = 1 [pid 6579] ftruncate(4, 2048) = 0 [pid 6579] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6579] <... futex resumed>) = 1 [pid 6579] lseek(4, 0, SEEK_END) = 2048 [pid 6579] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6579] <... futex resumed>) = 1 [ 245.590938][ T6579] loop0: detected capacity change from 0 to 4096 [ 245.600144][ T6579] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6579] open("./bus", O_RDONLY) = 5 [pid 6579] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6579] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] <... futex resumed>) = 0 [pid 6578] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6578] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6579] <... futex resumed>) = 0 [pid 6579] sendfile(4, 5, NULL, 145139829833722 [pid 6578] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6578] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6578] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6578] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6580 attached , parent_tid=[6580], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6580 [pid 6580] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6580] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6578] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6580] <... futex resumed>) = 0 [ 245.647385][ T27] audit: type=1804 audit(1671454826.389:498): pid=6579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/496/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6580] sendfile(4, 5, NULL, 145139829833722 [pid 6578] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6578] exit_group(0) = ? [pid 6579] <... sendfile resumed>) = ? [pid 6579] +++ exited with 0 +++ [pid 6580] <... sendfile resumed>) = ? [pid 6580] +++ exited with 0 +++ [pid 6578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6578, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./496", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./496/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./496/binderfs") = 0 umount2("./496/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./496/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./496/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./496/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./496/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./496/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./496") = 0 mkdir("./497", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6581 ./strace-static-x86_64: Process 6581 attached [pid 6581] set_robust_list(0x5555556365e0, 24) = 0 [pid 6581] chdir("./497") = 0 [pid 6581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6581] setpgid(0, 0) = 0 [pid 6581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6581] write(3, "1000", 4) = 4 [pid 6581] close(3) = 0 [pid 6581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6581] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6581] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6582 attached , parent_tid=[6582], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6582 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6582] set_robust_list(0x7f54a22979e0, 24 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6582] <... set_robust_list resumed>) = 0 [pid 6582] memfd_create("syzkaller", 0) = 3 [pid 6582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6582] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6582] munmap(0x7f5499e77000, 2097152) = 0 [pid 6582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6582] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6582] close(3) = 0 [pid 6582] mkdir("./bus", 0777) = 0 [pid 6582] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6582] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6582] chdir("./bus") = 0 [pid 6582] ioctl(4, LOOP_CLR_FD) = 0 [pid 6582] close(4) = 0 [pid 6582] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6582] creat("./bus", 000) = 4 [pid 6582] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6582] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6582] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6582] ftruncate(4, 2048) = 0 [pid 6582] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6582] <... futex resumed>) = 1 [pid 6582] lseek(4, 0, SEEK_END) = 2048 [pid 6582] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 245.980964][ T6582] loop0: detected capacity change from 0 to 4096 [ 245.990433][ T6582] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6582] open("./bus", O_RDONLY) = 5 [pid 6582] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] <... futex resumed>) = 0 [pid 6581] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6582] <... futex resumed>) = 1 [pid 6582] sendfile(4, 5, NULL, 145139829833722 [pid 6581] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6581] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6581] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6581] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6581] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6583 attached , parent_tid=[6583], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6583 [pid 6581] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] set_robust_list(0x7f549a0769e0, 24) = 0 [ 246.040446][ T27] audit: type=1804 audit(1671454826.779:499): pid=6582 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/497/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6583] sendfile(4, 5, NULL, 145139829833722 [pid 6581] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6581] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6581] exit_group(0) = ? [pid 6582] <... sendfile resumed>) = ? [pid 6582] +++ exited with 0 +++ [pid 6583] <... sendfile resumed>) = ? [pid 6583] +++ exited with 0 +++ [pid 6581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6581, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- umount2("./497", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./497/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./497/binderfs") = 0 umount2("./497/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./497/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./497/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./497/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./497/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./497/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./497") = 0 mkdir("./498", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6584 ./strace-static-x86_64: Process 6584 attached [pid 6584] set_robust_list(0x5555556365e0, 24) = 0 [pid 6584] chdir("./498") = 0 [pid 6584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6584] setpgid(0, 0) = 0 [pid 6584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6584] write(3, "1000", 4) = 4 [pid 6584] close(3) = 0 [pid 6584] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6584] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6584] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6585 attached , parent_tid=[6585], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6585 [pid 6585] set_robust_list(0x7f54a22979e0, 24 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] <... set_robust_list resumed>) = 0 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6585] memfd_create("syzkaller", 0) = 3 [pid 6585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6585] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6585] munmap(0x7f5499e77000, 2097152) = 0 [pid 6585] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6585] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6585] close(3) = 0 [pid 6585] mkdir("./bus", 0777) = 0 [pid 6585] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6585] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6585] chdir("./bus") = 0 [pid 6585] ioctl(4, LOOP_CLR_FD) = 0 [pid 6585] close(4) = 0 [pid 6585] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] creat("./bus", 000) = 4 [pid 6585] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6585] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] <... futex resumed>) = 1 [pid 6585] ftruncate(4, 2048) = 0 [pid 6585] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] <... futex resumed>) = 1 [pid 6585] lseek(4, 0, SEEK_END) = 2048 [pid 6585] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... futex resumed>) = 0 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6585] <... futex resumed>) = 1 [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6585] open("./bus", O_RDONLY) = 5 [pid 6585] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6584] <... futex resumed>) = 0 [pid 6585] sendfile(4, 5, NULL, 145139829833722 [pid 6584] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 246.365099][ T6585] loop0: detected capacity change from 0 to 4096 [ 246.375635][ T6585] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6584] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6584] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6584] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6584] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6586], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6586 [pid 6584] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6586 attached [pid 6586] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6586] sendfile(4, 5, NULL, 145139829833722 [pid 6584] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6584] exit_group(0) = ? [pid 6585] <... sendfile resumed>) = ? [pid 6585] +++ exited with 0 +++ [pid 6586] <... sendfile resumed>) = ? [pid 6586] +++ exited with 0 +++ [pid 6584] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6584, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./498", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./498/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./498/binderfs") = 0 umount2("./498/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./498/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./498/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./498/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./498/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./498/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./498") = 0 mkdir("./499", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6587 ./strace-static-x86_64: Process 6587 attached [pid 6587] set_robust_list(0x5555556365e0, 24) = 0 [pid 6587] chdir("./499") = 0 [pid 6587] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6587] setpgid(0, 0) = 0 [pid 6587] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6587] write(3, "1000", 4) = 4 [pid 6587] close(3) = 0 [pid 6587] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6587] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6587] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6588], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6588 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6588 attached [pid 6588] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6588] memfd_create("syzkaller", 0) = 3 [pid 6588] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6588] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6588] munmap(0x7f5499e77000, 2097152) = 0 [pid 6588] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6588] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6588] close(3) = 0 [pid 6588] mkdir("./bus", 0777) = 0 [pid 6588] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6588] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6588] chdir("./bus") = 0 [pid 6588] ioctl(4, LOOP_CLR_FD) = 0 [pid 6588] close(4) = 0 [pid 6588] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6588] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6587] <... futex resumed>) = 0 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] <... futex resumed>) = 0 [pid 6588] creat("./bus", 000) = 4 [pid 6588] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] <... futex resumed>) = 0 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6588] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6587] <... futex resumed>) = 0 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] <... futex resumed>) = 1 [pid 6588] ftruncate(4, 2048) = 0 [pid 6588] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] <... futex resumed>) = 0 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] lseek(4, 0, SEEK_END) = 2048 [pid 6588] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] <... futex resumed>) = 0 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] open("./bus", O_RDONLY) = 5 [pid 6588] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6587] <... futex resumed>) = 0 [pid 6587] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 246.738101][ T6588] loop0: detected capacity change from 0 to 4096 [ 246.747159][ T6588] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6588] sendfile(4, 5, NULL, 145139829833722 [pid 6587] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6587] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6587] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6587] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6587] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6589 attached , parent_tid=[6589], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6589 [pid 6589] set_robust_list(0x7f549a0769e0, 24 [pid 6587] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6587] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] <... set_robust_list resumed>) = 0 [pid 6589] sendfile(4, 5, NULL, 145139829833722 [pid 6587] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6587] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6587] exit_group(0 [pid 6589] <... sendfile resumed>) = ? [pid 6587] <... exit_group resumed>) = ? [pid 6589] +++ exited with 0 +++ [pid 6588] <... sendfile resumed>) = ? [pid 6588] +++ exited with 0 +++ [pid 6587] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6587, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./499", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./499/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./499/binderfs") = 0 umount2("./499/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./499/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./499/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./499/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./499/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./499/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./499") = 0 mkdir("./500", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6590 ./strace-static-x86_64: Process 6590 attached [pid 6590] set_robust_list(0x5555556365e0, 24) = 0 [pid 6590] chdir("./500") = 0 [pid 6590] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6590] setpgid(0, 0) = 0 [pid 6590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6590] write(3, "1000", 4) = 4 [pid 6590] close(3) = 0 [pid 6590] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6590] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6590] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6591 attached , parent_tid=[6591], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6591 [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6591] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6591] memfd_create("syzkaller", 0) = 3 [pid 6591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6591] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6591] munmap(0x7f5499e77000, 2097152) = 0 [pid 6591] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6591] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6591] close(3) = 0 [pid 6591] mkdir("./bus", 0777) = 0 [pid 6591] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6591] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6591] chdir("./bus") = 0 [pid 6591] ioctl(4, LOOP_CLR_FD) = 0 [pid 6591] close(4) = 0 [pid 6591] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6590] <... futex resumed>) = 0 [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6591] creat("./bus", 000) = 4 [pid 6591] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] <... futex resumed>) = 0 [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6591] <... futex resumed>) = 1 [pid 6591] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6591] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6591] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6590] <... futex resumed>) = 0 [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6591] <... futex resumed>) = 0 [pid 6591] ftruncate(4, 2048) = 0 [pid 6591] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] <... futex resumed>) = 0 [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6591] <... futex resumed>) = 1 [pid 6591] lseek(4, 0, SEEK_END) = 2048 [pid 6591] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6590] <... futex resumed>) = 0 [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6591] open("./bus", O_RDONLY) = 5 [pid 6591] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6590] <... futex resumed>) = 0 [pid 6591] sendfile(4, 5, NULL, 145139829833722 [ 247.117395][ T6591] loop0: detected capacity change from 0 to 4096 [ 247.127998][ T6591] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6590] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6590] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6590] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6590] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6592 attached , parent_tid=[6592], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6592 [pid 6590] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6590] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6592] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6592] sendfile(4, 5, NULL, 145139829833722 [pid 6590] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6590] exit_group(0) = ? [pid 6592] <... sendfile resumed>) = ? [pid 6592] +++ exited with 0 +++ [pid 6591] <... sendfile resumed>) = ? [pid 6591] +++ exited with 0 +++ [pid 6590] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6590, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./500", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./500/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./500/binderfs") = 0 umount2("./500/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./500/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./500/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./500/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./500/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./500/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./500") = 0 mkdir("./501", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6593 ./strace-static-x86_64: Process 6593 attached [pid 6593] set_robust_list(0x5555556365e0, 24) = 0 [pid 6593] chdir("./501") = 0 [pid 6593] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6593] setpgid(0, 0) = 0 [pid 6593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6593] write(3, "1000", 4) = 4 [pid 6593] close(3) = 0 [pid 6593] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6593] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6593] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6594], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6594 [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6594 attached [pid 6594] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6594] memfd_create("syzkaller", 0) = 3 [pid 6594] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6594] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6594] munmap(0x7f5499e77000, 2097152) = 0 [pid 6594] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6594] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6594] close(3) = 0 [pid 6594] mkdir("./bus", 0777) = 0 [pid 6594] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6594] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6594] chdir("./bus") = 0 [pid 6594] ioctl(4, LOOP_CLR_FD) = 0 [pid 6594] close(4) = 0 [pid 6594] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... futex resumed>) = 1 [pid 6594] creat("./bus", 000) = 4 [pid 6594] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... futex resumed>) = 1 [pid 6594] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6594] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... futex resumed>) = 1 [pid 6594] ftruncate(4, 2048) = 0 [pid 6594] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] lseek(4, 0, SEEK_END [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... lseek resumed>) = 2048 [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6593] <... futex resumed>) = 0 [pid 6594] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6594] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6594] open("./bus", O_RDONLY [ 247.497133][ T6594] loop0: detected capacity change from 0 to 4096 [ 247.506684][ T6594] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... open resumed>) = 5 [pid 6594] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6593] <... futex resumed>) = 0 [pid 6593] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6594] <... futex resumed>) = 1 [pid 6594] sendfile(4, 5, NULL, 145139829833722 [pid 6593] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6593] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6593] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6593] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6595 attached , parent_tid=[6595], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6595 [pid 6593] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6595] set_robust_list(0x7f549a0769e0, 24) = 0 [ 247.555654][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 247.555669][ T27] audit: type=1804 audit(1671454828.299:503): pid=6594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/501/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6595] sendfile(4, 5, NULL, 145139829833722 [pid 6593] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6593] exit_group(0) = ? [pid 6594] <... sendfile resumed>) = ? [pid 6594] +++ exited with 0 +++ [pid 6595] <... sendfile resumed>) = ? [pid 6595] +++ exited with 0 +++ [pid 6593] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6593, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./501", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./501/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./501/binderfs") = 0 umount2("./501/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./501/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./501/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./501/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./501/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./501/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./501") = 0 mkdir("./502", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6596 ./strace-static-x86_64: Process 6596 attached [pid 6596] set_robust_list(0x5555556365e0, 24) = 0 [pid 6596] chdir("./502") = 0 [pid 6596] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6596] setpgid(0, 0) = 0 [pid 6596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6596] write(3, "1000", 4) = 4 [pid 6596] close(3) = 0 [pid 6596] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6596] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6596] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6597 attached , parent_tid=[6597], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6597 [pid 6597] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6597] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6597] <... futex resumed>) = 0 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6597] memfd_create("syzkaller", 0) = 3 [pid 6597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6597] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6597] munmap(0x7f5499e77000, 2097152) = 0 [pid 6597] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6597] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6597] close(3) = 0 [pid 6597] mkdir("./bus", 0777) = 0 [pid 6597] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6597] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6597] chdir("./bus") = 0 [pid 6597] ioctl(4, LOOP_CLR_FD) = 0 [pid 6597] close(4) = 0 [pid 6597] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] creat("./bus", 000) = 4 [pid 6597] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6597] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] <... futex resumed>) = 0 [pid 6597] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6597] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] <... futex resumed>) = 1 [pid 6597] ftruncate(4, 2048) = 0 [ 247.890954][ T6597] loop0: detected capacity change from 0 to 4096 [ 247.900705][ T6597] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6597] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6596] <... futex resumed>) = 0 [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] <... futex resumed>) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6597] lseek(4, 0, SEEK_END [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] <... lseek resumed>) = 2048 [pid 6597] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6597] open("./bus", O_RDONLY [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6597] <... open resumed>) = 5 [pid 6597] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6597] sendfile(4, 5, NULL, 145139829833722 [pid 6596] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6596] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6596] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6596] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6598 attached , parent_tid=[6598], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6598 [pid 6596] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6598] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6596] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 247.954993][ T27] audit: type=1804 audit(1671454828.699:504): pid=6597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/502/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6598] sendfile(4, 5, NULL, 145139829833722 [pid 6596] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6596] exit_group(0) = ? [pid 6597] <... sendfile resumed>) = ? [pid 6598] <... sendfile resumed>) = ? [pid 6597] +++ exited with 0 +++ [pid 6598] +++ exited with 0 +++ [pid 6596] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6596, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./502", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./502/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./502/binderfs") = 0 umount2("./502/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./502/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./502/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./502/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./502/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./502/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./502") = 0 mkdir("./503", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6599 ./strace-static-x86_64: Process 6599 attached [pid 6599] set_robust_list(0x5555556365e0, 24) = 0 [pid 6599] chdir("./503") = 0 [pid 6599] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6599] setpgid(0, 0) = 0 [pid 6599] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6599] write(3, "1000", 4) = 4 [pid 6599] close(3) = 0 [pid 6599] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6599] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6599] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6600], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6600 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6600 attached [pid 6600] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6600] memfd_create("syzkaller", 0) = 3 [pid 6600] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6600] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6600] munmap(0x7f5499e77000, 2097152) = 0 [pid 6600] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6600] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6600] close(3) = 0 [pid 6600] mkdir("./bus", 0777) = 0 [pid 6600] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6600] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6600] chdir("./bus") = 0 [pid 6600] ioctl(4, LOOP_CLR_FD) = 0 [pid 6600] close(4) = 0 [pid 6600] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... futex resumed>) = 0 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] <... futex resumed>) = 1 [pid 6600] creat("./bus", 000) = 4 [pid 6600] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... futex resumed>) = 0 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] <... futex resumed>) = 1 [pid 6600] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6600] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... futex resumed>) = 0 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] <... futex resumed>) = 1 [pid 6600] ftruncate(4, 2048) = 0 [pid 6600] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... futex resumed>) = 0 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] <... futex resumed>) = 1 [pid 6600] lseek(4, 0, SEEK_END) = 2048 [pid 6600] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6599] <... futex resumed>) = 0 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 248.283581][ T6600] loop0: detected capacity change from 0 to 4096 [ 248.293428][ T6600] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] <... futex resumed>) = 1 [pid 6600] open("./bus", O_RDONLY) = 5 [pid 6600] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6600] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6599] <... futex resumed>) = 0 [pid 6599] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6599] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6600] <... futex resumed>) = 0 [ 248.331549][ T27] audit: type=1804 audit(1671454829.079:505): pid=6600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/503/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6600] sendfile(4, 5, NULL, 145139829833722 [pid 6599] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6599] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6599] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6599] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6601], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6601 [pid 6599] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6599] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6601 attached [pid 6601] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6601] sendfile(4, 5, NULL, 145139829833722 [pid 6599] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6599] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6599] exit_group(0) = ? [pid 6600] <... sendfile resumed>) = ? [pid 6600] +++ exited with 0 +++ [pid 6601] <... sendfile resumed>) = ? [pid 6601] +++ exited with 0 +++ [pid 6599] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6599, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./503", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./503/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./503/binderfs") = 0 umount2("./503/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./503/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./503/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./503/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./503/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./503/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./503") = 0 mkdir("./504", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6602 ./strace-static-x86_64: Process 6602 attached [pid 6602] set_robust_list(0x5555556365e0, 24) = 0 [pid 6602] chdir("./504") = 0 [pid 6602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6602] setpgid(0, 0) = 0 [pid 6602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6602] write(3, "1000", 4) = 4 [pid 6602] close(3) = 0 [pid 6602] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6602] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6602] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6603], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6603 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6603 attached [pid 6603] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6603] memfd_create("syzkaller", 0) = 3 [pid 6603] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6603] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6603] munmap(0x7f5499e77000, 2097152) = 0 [pid 6603] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6603] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6603] close(3) = 0 [pid 6603] mkdir("./bus", 0777) = 0 [pid 6603] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6603] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6603] chdir("./bus") = 0 [pid 6603] ioctl(4, LOOP_CLR_FD) = 0 [pid 6603] close(4) = 0 [pid 6603] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] <... futex resumed>) = 1 [pid 6603] creat("./bus", 000) = 4 [pid 6603] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6603] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] ftruncate(4, 2048) = 0 [pid 6603] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] lseek(4, 0, SEEK_END) = 2048 [pid 6603] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6603] open("./bus", O_RDONLY [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] <... open resumed>) = 5 [ 248.671103][ T6603] loop0: detected capacity change from 0 to 4096 [ 248.681047][ T6603] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6603] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6603] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6602] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] <... futex resumed>) = 0 [pid 6603] sendfile(4, 5, NULL, 145139829833722 [pid 6602] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6602] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6602] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6602] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6604], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6604 ./strace-static-x86_64: Process 6604 attached [pid 6604] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6604] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6602] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 248.729295][ T27] audit: type=1804 audit(1671454829.469:506): pid=6603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/504/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6604] sendfile(4, 5, NULL, 145139829833722 [pid 6602] <... futex resumed>) = 0 [pid 6602] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6602] exit_group(0) = ? [pid 6604] <... sendfile resumed>) = ? [pid 6603] <... sendfile resumed>) = ? [pid 6603] +++ exited with 0 +++ [pid 6604] +++ exited with 0 +++ [pid 6602] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6602, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./504", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./504/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./504/binderfs") = 0 umount2("./504/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./504/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./504/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./504/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./504/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./504/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./504") = 0 mkdir("./505", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6605 ./strace-static-x86_64: Process 6605 attached [pid 6605] set_robust_list(0x5555556365e0, 24) = 0 [pid 6605] chdir("./505") = 0 [pid 6605] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6605] setpgid(0, 0) = 0 [pid 6605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6605] write(3, "1000", 4) = 4 [pid 6605] close(3) = 0 [pid 6605] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6605] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6605] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6606], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6606 [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6606 attached [pid 6606] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6606] memfd_create("syzkaller", 0) = 3 [pid 6606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6606] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6606] munmap(0x7f5499e77000, 2097152) = 0 [pid 6606] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6606] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6606] close(3) = 0 [pid 6606] mkdir("./bus", 0777) = 0 [pid 6606] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6606] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6606] chdir("./bus") = 0 [pid 6606] ioctl(4, LOOP_CLR_FD) = 0 [pid 6606] close(4) = 0 [pid 6606] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6605] <... futex resumed>) = 0 [pid 6606] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6605] <... futex resumed>) = 0 [pid 6606] creat("./bus", 000 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6606] <... creat resumed>) = 4 [pid 6606] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6605] <... futex resumed>) = 0 [pid 6606] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... fcntl resumed>) = 0 [pid 6605] <... futex resumed>) = 0 [pid 6606] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] <... futex resumed>) = 0 [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] ftruncate(4, 2048) = 0 [pid 6605] <... futex resumed>) = 0 [pid 6606] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6606] <... futex resumed>) = 0 [pid 6605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] lseek(4, 0, SEEK_END) = 2048 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6606] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6605] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6606] <... futex resumed>) = 0 [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 249.056333][ T6606] loop0: detected capacity change from 0 to 4096 [ 249.065540][ T6606] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6606] open("./bus", O_RDONLY) = 5 [pid 6605] <... futex resumed>) = 0 [pid 6606] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6606] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6605] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] <... futex resumed>) = 0 [pid 6605] <... futex resumed>) = 1 [pid 6606] sendfile(4, 5, NULL, 145139829833722 [pid 6605] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6605] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6605] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6605] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6607 attached [pid 6607] set_robust_list(0x7f549a0769e0, 24) = 0 [ 249.114127][ T27] audit: type=1804 audit(1671454829.859:507): pid=6606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/505/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6605] <... clone resumed>, parent_tid=[6607], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6607 [pid 6607] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6605] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6607] sendfile(4, 5, NULL, 145139829833722 [pid 6605] <... futex resumed>) = 0 [pid 6605] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6605] exit_group(0) = ? [pid 6606] <... sendfile resumed>) = ? [pid 6606] +++ exited with 0 +++ [pid 6607] <... sendfile resumed>) = ? [pid 6607] +++ exited with 0 +++ [pid 6605] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6605, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./505", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./505/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./505/binderfs") = 0 umount2("./505/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./505/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./505/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./505/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./505/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./505/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./505") = 0 mkdir("./506", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6608 ./strace-static-x86_64: Process 6608 attached [pid 6608] set_robust_list(0x5555556365e0, 24) = 0 [pid 6608] chdir("./506") = 0 [pid 6608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6608] setpgid(0, 0) = 0 [pid 6608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6608] write(3, "1000", 4) = 4 [pid 6608] close(3) = 0 [pid 6608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6608] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6608] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6609], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6609 [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6609 attached [pid 6609] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6609] memfd_create("syzkaller", 0) = 3 [pid 6609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6609] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6609] munmap(0x7f5499e77000, 2097152) = 0 [pid 6609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6609] close(3) = 0 [pid 6609] mkdir("./bus", 0777) = 0 [pid 6609] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6609] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6609] chdir("./bus") = 0 [pid 6609] ioctl(4, LOOP_CLR_FD) = 0 [pid 6609] close(4) = 0 [pid 6609] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] <... futex resumed>) = 0 [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6609] <... futex resumed>) = 1 [pid 6609] creat("./bus", 000) = 4 [pid 6609] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] <... futex resumed>) = 0 [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6609] <... futex resumed>) = 1 [pid 6609] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6609] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] <... futex resumed>) = 0 [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6609] <... futex resumed>) = 1 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6609] ftruncate(4, 2048) = 0 [pid 6609] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6608] <... futex resumed>) = 0 [pid 6609] lseek(4, 0, SEEK_END [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... lseek resumed>) = 2048 [pid 6608] <... futex resumed>) = 0 [pid 6609] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6609] <... futex resumed>) = 0 [pid 6608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6609] open("./bus", O_RDONLY [ 249.449735][ T6609] loop0: detected capacity change from 0 to 4096 [ 249.459904][ T6609] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... open resumed>) = 5 [pid 6608] <... futex resumed>) = 0 [pid 6609] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6609] <... futex resumed>) = 0 [pid 6608] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6609] sendfile(4, 5, NULL, 145139829833722 [pid 6608] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6608] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6608] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6608] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6610 attached , parent_tid=[6610], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6610 [pid 6610] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6610] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6608] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6610] <... futex resumed>) = 0 [pid 6608] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 249.505112][ T27] audit: type=1804 audit(1671454830.249:508): pid=6609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/506/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6610] sendfile(4, 5, NULL, 145139829833722 [pid 6608] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6608] exit_group(0) = ? [pid 6609] <... sendfile resumed>) = ? [pid 6609] +++ exited with 0 +++ [pid 6610] <... sendfile resumed>) = ? [pid 6610] +++ exited with 0 +++ [pid 6608] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6608, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./506", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./506/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./506/binderfs") = 0 umount2("./506/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./506/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./506/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./506/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./506/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./506/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./506") = 0 mkdir("./507", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6611 ./strace-static-x86_64: Process 6611 attached [pid 6611] set_robust_list(0x5555556365e0, 24) = 0 [pid 6611] chdir("./507") = 0 [pid 6611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6611] setpgid(0, 0) = 0 [pid 6611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6611] write(3, "1000", 4) = 4 [pid 6611] close(3) = 0 [pid 6611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6611] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6611] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6612], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6612 [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6612 attached [pid 6612] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6612] memfd_create("syzkaller", 0) = 3 [pid 6612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6612] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6612] munmap(0x7f5499e77000, 2097152) = 0 [pid 6612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6612] close(3) = 0 [pid 6612] mkdir("./bus", 0777) = 0 [pid 6612] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6612] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6612] chdir("./bus") = 0 [pid 6612] ioctl(4, LOOP_CLR_FD) = 0 [pid 6612] close(4) = 0 [pid 6612] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] <... futex resumed>) = 0 [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6612] <... futex resumed>) = 0 [pid 6612] creat("./bus", 000) = 4 [pid 6612] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] <... futex resumed>) = 0 [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6612] <... futex resumed>) = 1 [pid 6612] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6612] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] <... futex resumed>) = 0 [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6612] <... futex resumed>) = 1 [pid 6612] ftruncate(4, 2048) = 0 [pid 6612] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] <... futex resumed>) = 0 [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6612] lseek(4, 0, SEEK_END) = 2048 [pid 6612] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6611] <... futex resumed>) = 0 [pid 6612] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6612] <... futex resumed>) = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 249.835042][ T6612] loop0: detected capacity change from 0 to 4096 [ 249.844990][ T6612] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6612] open("./bus", O_RDONLY) = 5 [pid 6612] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] <... futex resumed>) = 0 [pid 6611] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6612] <... futex resumed>) = 1 [pid 6612] sendfile(4, 5, NULL, 145139829833722 [pid 6611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6611] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6611] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6611] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6613 attached , parent_tid=[6613], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6613 [pid 6611] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6611] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6613] set_robust_list(0x7f549a0769e0, 24) = 0 [ 249.892631][ T27] audit: type=1804 audit(1671454830.639:509): pid=6612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/507/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6613] sendfile(4, 5, NULL, 145139829833722 [pid 6611] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6611] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6611] exit_group(0) = ? [pid 6613] <... sendfile resumed>) = ? [pid 6613] +++ exited with 0 +++ [pid 6612] <... sendfile resumed>) = ? [pid 6612] +++ exited with 0 +++ [pid 6611] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6611, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./507", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./507/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./507/binderfs") = 0 umount2("./507/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./507/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./507/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./507/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./507/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./507/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./507") = 0 mkdir("./508", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6614 ./strace-static-x86_64: Process 6614 attached [pid 6614] set_robust_list(0x5555556365e0, 24) = 0 [pid 6614] chdir("./508") = 0 [pid 6614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6614] setpgid(0, 0) = 0 [pid 6614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6614] write(3, "1000", 4) = 4 [pid 6614] close(3) = 0 [pid 6614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6614] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6614] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6615 attached [pid 6615] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6615] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6614] <... clone resumed>, parent_tid=[6615], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6615 [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6614] <... futex resumed>) = 1 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6615] memfd_create("syzkaller", 0) = 3 [pid 6615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6615] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6615] munmap(0x7f5499e77000, 2097152) = 0 [pid 6615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6615] close(3) = 0 [pid 6615] mkdir("./bus", 0777) = 0 [pid 6615] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6615] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6615] chdir("./bus") = 0 [pid 6615] ioctl(4, LOOP_CLR_FD) = 0 [pid 6615] close(4) = 0 [pid 6615] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6614] <... futex resumed>) = 0 [pid 6615] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6614] <... futex resumed>) = 0 [pid 6615] creat("./bus", 000 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] <... creat resumed>) = 4 [pid 6615] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6614] <... futex resumed>) = 0 [pid 6615] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6614] <... futex resumed>) = 0 [pid 6615] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] <... fcntl resumed>) = 0 [pid 6615] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6614] <... futex resumed>) = 0 [pid 6615] ftruncate(4, 2048 [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6615] <... ftruncate resumed>) = 0 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6614] <... futex resumed>) = 0 [pid 6615] lseek(4, 0, SEEK_END [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... lseek resumed>) = 2048 [pid 6614] <... futex resumed>) = 0 [pid 6615] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] <... futex resumed>) = 0 [pid 6614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 250.221064][ T6615] loop0: detected capacity change from 0 to 4096 [ 250.230629][ T6615] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6615] open("./bus", O_RDONLY [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... open resumed>) = 5 [pid 6614] <... futex resumed>) = 0 [pid 6615] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6615] <... futex resumed>) = 0 [pid 6614] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6615] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6614] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6614] <... futex resumed>) = 0 [pid 6615] sendfile(4, 5, NULL, 145139829833722 [pid 6614] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6614] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6614] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6614] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6616], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6616 [pid 6614] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6614] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6616 attached [pid 6616] set_robust_list(0x7f549a0769e0, 24) = 0 [ 250.281997][ T27] audit: type=1804 audit(1671454831.029:510): pid=6615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/508/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6616] sendfile(4, 5, NULL, 145139829833722 [pid 6614] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6614] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6614] exit_group(0) = ? [pid 6615] <... sendfile resumed>) = ? [pid 6615] +++ exited with 0 +++ [pid 6616] <... sendfile resumed>) = ? [pid 6616] +++ exited with 0 +++ [pid 6614] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6614, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./508", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./508/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./508/binderfs") = 0 umount2("./508/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./508/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./508/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./508/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./508/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./508/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./508") = 0 mkdir("./509", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6617 ./strace-static-x86_64: Process 6617 attached [pid 6617] set_robust_list(0x5555556365e0, 24) = 0 [pid 6617] chdir("./509") = 0 [pid 6617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6617] setpgid(0, 0) = 0 [pid 6617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6617] write(3, "1000", 4) = 4 [pid 6617] close(3) = 0 [pid 6617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6617] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6617] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6618], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6618 [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6618 attached [pid 6618] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6618] memfd_create("syzkaller", 0) = 3 [pid 6618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6618] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6618] munmap(0x7f5499e77000, 2097152) = 0 [pid 6618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6618] close(3) = 0 [pid 6618] mkdir("./bus", 0777) = 0 [pid 6618] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6618] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6618] chdir("./bus") = 0 [pid 6618] ioctl(4, LOOP_CLR_FD) = 0 [pid 6618] close(4) = 0 [pid 6618] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6618] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6617] <... futex resumed>) = 0 [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6617] <... futex resumed>) = 1 [pid 6618] creat("./bus", 000 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6618] <... creat resumed>) = 4 [pid 6618] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6617] <... futex resumed>) = 0 [pid 6618] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... fcntl resumed>) = 0 [pid 6617] <... futex resumed>) = 0 [pid 6618] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6618] <... futex resumed>) = 0 [pid 6617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6618] ftruncate(4, 2048 [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6618] <... ftruncate resumed>) = 0 [pid 6618] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6617] <... futex resumed>) = 0 [pid 6618] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6618] lseek(4, 0, SEEK_END) = 2048 [pid 6618] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6618] <... futex resumed>) = 0 [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] open("./bus", O_RDONLY [pid 6617] <... futex resumed>) = 0 [ 250.605827][ T6618] loop0: detected capacity change from 0 to 4096 [ 250.615397][ T6618] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6618] <... open resumed>) = 5 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6618] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6618] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6617] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6618] <... futex resumed>) = 0 [pid 6617] <... futex resumed>) = 1 [pid 6618] sendfile(4, 5, NULL, 145139829833722 [pid 6617] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 250.653514][ T27] audit: type=1804 audit(1671454831.399:511): pid=6618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/509/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6617] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6617] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6617] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6619], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6619 [pid 6617] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6617] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6619 attached [pid 6619] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6619] sendfile(4, 5, NULL, 145139829833722 [pid 6617] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6617] exit_group(0) = ? [pid 6618] <... sendfile resumed>) = ? [pid 6619] <... sendfile resumed>) = ? [pid 6619] +++ exited with 0 +++ [pid 6618] +++ exited with 0 +++ [pid 6617] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6617, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./509", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./509/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./509/binderfs") = 0 umount2("./509/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./509/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./509/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./509/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./509/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./509/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./509") = 0 mkdir("./510", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6620 ./strace-static-x86_64: Process 6620 attached [pid 6620] set_robust_list(0x5555556365e0, 24) = 0 [pid 6620] chdir("./510") = 0 [pid 6620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6620] setpgid(0, 0) = 0 [pid 6620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6620] write(3, "1000", 4) = 4 [pid 6620] close(3) = 0 [pid 6620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6620] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6620] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6621], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6621 [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6621 attached [pid 6621] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6621] memfd_create("syzkaller", 0) = 3 [pid 6621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6621] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6621] munmap(0x7f5499e77000, 2097152) = 0 [pid 6621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6621] close(3) = 0 [pid 6621] mkdir("./bus", 0777) = 0 [pid 6621] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6621] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6621] chdir("./bus") = 0 [pid 6621] ioctl(4, LOOP_CLR_FD) = 0 [pid 6621] close(4) = 0 [pid 6621] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] <... futex resumed>) = 0 [pid 6621] creat("./bus", 000) = 4 [pid 6621] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] <... futex resumed>) = 1 [pid 6621] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6621] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] <... futex resumed>) = 0 [ 250.986789][ T6621] loop0: detected capacity change from 0 to 4096 [ 250.996398][ T6621] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6621] ftruncate(4, 2048) = 0 [pid 6621] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] <... futex resumed>) = 1 [pid 6621] lseek(4, 0, SEEK_END) = 2048 [pid 6621] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6620] <... futex resumed>) = 0 [pid 6621] open("./bus", O_RDONLY [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6621] <... open resumed>) = 5 [pid 6620] <... futex resumed>) = 0 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6620] <... futex resumed>) = 0 [pid 6621] sendfile(4, 5, NULL, 145139829833722 [pid 6620] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6620] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6620] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6620] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6622 attached [pid 6622] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6622] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6620] <... clone resumed>, parent_tid=[6622], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6622 [pid 6620] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... futex resumed>) = 0 [pid 6620] <... futex resumed>) = 1 [pid 6622] sendfile(4, 5, NULL, 145139829833722 [ 251.034974][ T27] audit: type=1804 audit(1671454831.779:512): pid=6621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/510/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6620] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6620] exit_group(0) = ? [pid 6622] <... sendfile resumed>) = ? [pid 6621] <... sendfile resumed>) = ? [pid 6622] +++ exited with 0 +++ [pid 6621] +++ exited with 0 +++ [pid 6620] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6620, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./510", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./510/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./510/binderfs") = 0 umount2("./510/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./510/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./510/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./510/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./510/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./510/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./510") = 0 mkdir("./511", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6623 ./strace-static-x86_64: Process 6623 attached [pid 6623] set_robust_list(0x5555556365e0, 24) = 0 [pid 6623] chdir("./511") = 0 [pid 6623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6623] setpgid(0, 0) = 0 [pid 6623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6623] write(3, "1000", 4) = 4 [pid 6623] close(3) = 0 [pid 6623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6623] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6623] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6624 attached , parent_tid=[6624], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6624 [pid 6624] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6624] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 0 [pid 6624] memfd_create("syzkaller", 0) = 3 [pid 6624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6624] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6624] munmap(0x7f5499e77000, 2097152) = 0 [pid 6624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6624] close(3) = 0 [pid 6624] mkdir("./bus", 0777) = 0 [pid 6624] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6624] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6624] chdir("./bus") = 0 [pid 6624] ioctl(4, LOOP_CLR_FD) = 0 [pid 6624] close(4) = 0 [pid 6624] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 1 [pid 6624] creat("./bus", 000) = 4 [pid 6624] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 1 [pid 6624] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6624] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 1 [pid 6624] ftruncate(4, 2048) = 0 [pid 6624] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 1 [pid 6624] lseek(4, 0, SEEK_END) = 2048 [pid 6624] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 1 [pid 6624] open("./bus", O_RDONLY) = 5 [pid 6624] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6624] <... futex resumed>) = 1 [ 251.365198][ T6624] loop0: detected capacity change from 0 to 4096 [ 251.374339][ T6624] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6624] sendfile(4, 5, NULL, 145139829833722 [pid 6623] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6623] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6623] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6623] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6625 attached , parent_tid=[6625], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6625 [pid 6625] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6625] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6623] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6625] <... futex resumed>) = 0 [pid 6623] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6625] sendfile(4, 5, NULL, 145139829833722 [pid 6623] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6623] exit_group(0) = ? [pid 6625] <... sendfile resumed>) = ? [pid 6624] <... sendfile resumed>) = ? [pid 6624] +++ exited with 0 +++ [pid 6625] +++ exited with 0 +++ [pid 6623] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6623, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./511", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./511/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./511/binderfs") = 0 umount2("./511/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./511/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./511/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./511/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./511/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./511/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./511") = 0 mkdir("./512", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6626 ./strace-static-x86_64: Process 6626 attached [pid 6626] set_robust_list(0x5555556365e0, 24) = 0 [pid 6626] chdir("./512") = 0 [pid 6626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6626] setpgid(0, 0) = 0 [pid 6626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6626] write(3, "1000", 4) = 4 [pid 6626] close(3) = 0 [pid 6626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6626] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6626] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6627], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6627 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6627 attached [pid 6627] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6627] memfd_create("syzkaller", 0) = 3 [pid 6627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6627] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6627] munmap(0x7f5499e77000, 2097152) = 0 [pid 6627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6627] close(3) = 0 [pid 6627] mkdir("./bus", 0777) = 0 [pid 6627] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6627] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6627] chdir("./bus") = 0 [pid 6627] ioctl(4, LOOP_CLR_FD) = 0 [pid 6627] close(4) = 0 [pid 6627] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] <... futex resumed>) = 1 [pid 6627] creat("./bus", 000) = 4 [pid 6627] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] <... futex resumed>) = 1 [pid 6627] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6627] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] <... futex resumed>) = 1 [pid 6627] ftruncate(4, 2048) = 0 [pid 6627] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] <... futex resumed>) = 1 [ 251.732171][ T6627] loop0: detected capacity change from 0 to 4096 [ 251.741576][ T6627] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6627] lseek(4, 0, SEEK_END) = 2048 [pid 6627] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] <... futex resumed>) = 1 [pid 6627] open("./bus", O_RDONLY) = 5 [pid 6627] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6626] <... futex resumed>) = 0 [pid 6626] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] sendfile(4, 5, NULL, 145139829833722 [pid 6626] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6626] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6626] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6626] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6628 attached , parent_tid=[6628], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6628 [pid 6628] set_robust_list(0x7f549a0769e0, 24 [pid 6626] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6628] <... set_robust_list resumed>) = 0 [pid 6626] <... futex resumed>) = 0 [pid 6628] sendfile(4, 5, NULL, 145139829833722 [pid 6626] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6626] exit_group(0) = ? [pid 6627] <... sendfile resumed>) = ? [pid 6627] +++ exited with 0 +++ [pid 6628] <... sendfile resumed>) = ? [pid 6628] +++ exited with 0 +++ [pid 6626] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6626, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- umount2("./512", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./512/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./512/binderfs") = 0 umount2("./512/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./512/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./512/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./512/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./512/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./512/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./512") = 0 mkdir("./513", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6629 ./strace-static-x86_64: Process 6629 attached [pid 6629] set_robust_list(0x5555556365e0, 24) = 0 [pid 6629] chdir("./513") = 0 [pid 6629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6629] setpgid(0, 0) = 0 [pid 6629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6629] write(3, "1000", 4) = 4 [pid 6629] close(3) = 0 [pid 6629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6629] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6629] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6630 attached , parent_tid=[6630], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6630 [pid 6630] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6630] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6630] <... futex resumed>) = 0 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6630] memfd_create("syzkaller", 0) = 3 [pid 6630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6630] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6630] munmap(0x7f5499e77000, 2097152) = 0 [pid 6630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6630] close(3) = 0 [pid 6630] mkdir("./bus", 0777) = 0 [pid 6630] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6630] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6630] chdir("./bus") = 0 [pid 6630] ioctl(4, LOOP_CLR_FD) = 0 [pid 6630] close(4) = 0 [pid 6630] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6629] <... futex resumed>) = 0 [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] creat("./bus", 000 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6630] <... creat resumed>) = 4 [pid 6630] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... futex resumed>) = 0 [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6630] <... futex resumed>) = 1 [pid 6630] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6630] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... futex resumed>) = 0 [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6630] <... futex resumed>) = 1 [ 252.128219][ T6630] loop0: detected capacity change from 0 to 4096 [ 252.138740][ T6630] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6630] ftruncate(4, 2048) = 0 [pid 6630] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... futex resumed>) = 0 [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6630] <... futex resumed>) = 1 [pid 6630] lseek(4, 0, SEEK_END) = 2048 [pid 6630] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] <... futex resumed>) = 0 [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] <... futex resumed>) = 1 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6630] open("./bus", O_RDONLY) = 5 [pid 6630] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6629] <... futex resumed>) = 0 [pid 6630] sendfile(4, 5, NULL, 145139829833722 [pid 6629] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6629] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6629] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6629] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6629] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6631], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6631 [pid 6629] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6629] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6631 attached [pid 6631] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6631] sendfile(4, 5, NULL, 145139829833722 [pid 6629] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6629] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6629] exit_group(0) = ? [pid 6631] <... sendfile resumed>) = ? [pid 6631] +++ exited with 0 +++ [pid 6630] <... sendfile resumed>) = ? [pid 6630] +++ exited with 0 +++ [pid 6629] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6629, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./513", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./513/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./513/binderfs") = 0 umount2("./513/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./513/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./513/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./513/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./513/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./513/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./513") = 0 mkdir("./514", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6632 ./strace-static-x86_64: Process 6632 attached [pid 6632] set_robust_list(0x5555556365e0, 24) = 0 [pid 6632] chdir("./514") = 0 [pid 6632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6632] setpgid(0, 0) = 0 [pid 6632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6632] write(3, "1000", 4) = 4 [pid 6632] close(3) = 0 [pid 6632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6632] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6632] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6633 attached , parent_tid=[6633], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6633 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6633] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6633] memfd_create("syzkaller", 0) = 3 [pid 6633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6633] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6633] munmap(0x7f5499e77000, 2097152) = 0 [pid 6633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6633] close(3) = 0 [pid 6633] mkdir("./bus", 0777) = 0 [pid 6633] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6633] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6633] chdir("./bus") = 0 [pid 6633] ioctl(4, LOOP_CLR_FD) = 0 [pid 6633] close(4) = 0 [pid 6633] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6633] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... futex resumed>) = 0 [pid 6633] creat("./bus", 000) = 4 [pid 6633] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... futex resumed>) = 1 [pid 6633] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6633] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... futex resumed>) = 1 [pid 6633] ftruncate(4, 2048) = 0 [pid 6633] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... futex resumed>) = 1 [pid 6633] lseek(4, 0, SEEK_END) = 2048 [pid 6633] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6632] <... futex resumed>) = 0 [pid 6633] <... futex resumed>) = 1 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] open("./bus", O_RDONLY [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6633] <... open resumed>) = 5 [pid 6633] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 252.535774][ T6633] loop0: detected capacity change from 0 to 4096 [ 252.545055][ T6633] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6633] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... futex resumed>) = 0 [pid 6632] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6633] <... futex resumed>) = 0 [pid 6632] <... futex resumed>) = 1 [pid 6633] sendfile(4, 5, NULL, 145139829833722 [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6632] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6632] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6632] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6632] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6634 attached [pid 6634] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6634] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6632] <... clone resumed>, parent_tid=[6634], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6634 [pid 6632] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6632] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6634] <... futex resumed>) = 0 [ 252.592478][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 252.592492][ T27] audit: type=1804 audit(1671454833.339:516): pid=6633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/514/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6634] sendfile(4, 5, NULL, 145139829833722 [pid 6632] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6632] exit_group(0) = ? [pid 6634] <... sendfile resumed>) = ? [pid 6634] +++ exited with 0 +++ [pid 6633] <... sendfile resumed>) = ? [pid 6633] +++ exited with 0 +++ [pid 6632] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6632, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./514", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./514/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./514/binderfs") = 0 umount2("./514/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./514/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./514/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./514/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./514/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./514/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./514") = 0 mkdir("./515", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6635 ./strace-static-x86_64: Process 6635 attached [pid 6635] set_robust_list(0x5555556365e0, 24) = 0 [pid 6635] chdir("./515") = 0 [pid 6635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6635] setpgid(0, 0) = 0 [pid 6635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6635] write(3, "1000", 4) = 4 [pid 6635] close(3) = 0 [pid 6635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6635] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6635] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6636 attached , parent_tid=[6636], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6636 [pid 6636] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6636] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6636] <... futex resumed>) = 0 [pid 6636] memfd_create("syzkaller", 0) = 3 [pid 6636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6636] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6636] munmap(0x7f5499e77000, 2097152) = 0 [pid 6636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6636] close(3) = 0 [pid 6636] mkdir("./bus", 0777) = 0 [pid 6636] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6636] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6636] chdir("./bus") = 0 [pid 6636] ioctl(4, LOOP_CLR_FD) = 0 [pid 6636] close(4) = 0 [pid 6636] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6635] <... futex resumed>) = 0 [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6636] creat("./bus", 000) = 4 [pid 6636] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = 0 [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6636] <... futex resumed>) = 1 [pid 6636] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6636] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = 0 [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6636] <... futex resumed>) = 1 [pid 6636] ftruncate(4, 2048) = 0 [pid 6636] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = 0 [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6636] <... futex resumed>) = 1 [pid 6636] lseek(4, 0, SEEK_END) = 2048 [pid 6636] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = 0 [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6636] <... futex resumed>) = 1 [ 252.917597][ T6636] loop0: detected capacity change from 0 to 4096 [ 252.926582][ T6636] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6636] open("./bus", O_RDONLY) = 5 [pid 6636] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6635] <... futex resumed>) = 0 [pid 6635] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6636] <... futex resumed>) = 1 [pid 6636] sendfile(4, 5, NULL, 145139829833722 [pid 6635] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6635] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6635] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6635] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6637], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6637 ./strace-static-x86_64: Process 6637 attached [pid 6637] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6637] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6635] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6637] <... futex resumed>) = 0 [pid 6637] sendfile(4, 5, NULL, 145139829833722 [ 252.973068][ T27] audit: type=1804 audit(1671454833.719:517): pid=6636 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/515/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6635] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6635] exit_group(0) = ? [pid 6637] <... sendfile resumed>) = ? [pid 6637] +++ exited with 0 +++ [pid 6636] <... sendfile resumed>) = ? [pid 6636] +++ exited with 0 +++ [pid 6635] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6635, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./515", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./515/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./515/binderfs") = 0 umount2("./515/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./515/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./515/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./515/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./515/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./515/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./515") = 0 mkdir("./516", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6638 ./strace-static-x86_64: Process 6638 attached [pid 6638] set_robust_list(0x5555556365e0, 24) = 0 [pid 6638] chdir("./516") = 0 [pid 6638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6638] setpgid(0, 0) = 0 [pid 6638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6638] write(3, "1000", 4) = 4 [pid 6638] close(3) = 0 [pid 6638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6638] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6638] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6639], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6639 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6639 attached [pid 6639] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6639] memfd_create("syzkaller", 0) = 3 [pid 6639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6639] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6639] munmap(0x7f5499e77000, 2097152) = 0 [pid 6639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6639] close(3) = 0 [pid 6639] mkdir("./bus", 0777) = 0 [pid 6639] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6639] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6639] chdir("./bus") = 0 [pid 6639] ioctl(4, LOOP_CLR_FD) = 0 [pid 6639] close(4) = 0 [pid 6639] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... futex resumed>) = 0 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6639] <... futex resumed>) = 1 [pid 6639] creat("./bus", 000) = 4 [pid 6639] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... futex resumed>) = 0 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6639] <... futex resumed>) = 1 [pid 6639] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6639] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... futex resumed>) = 0 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6639] <... futex resumed>) = 1 [pid 6639] ftruncate(4, 2048) = 0 [pid 6639] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... futex resumed>) = 0 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6639] <... futex resumed>) = 1 [pid 6639] lseek(4, 0, SEEK_END) = 2048 [pid 6639] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... futex resumed>) = 0 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6639] <... futex resumed>) = 1 [ 253.311664][ T6639] loop0: detected capacity change from 0 to 4096 [ 253.321242][ T6639] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6639] open("./bus", O_RDONLY) = 5 [pid 6639] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... futex resumed>) = 0 [pid 6638] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6639] <... futex resumed>) = 1 [pid 6639] sendfile(4, 5, NULL, 145139829833722 [pid 6638] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6638] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6638] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6638] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6638] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6640 attached , parent_tid=[6640], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6640 [pid 6640] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6640] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6638] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6638] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6640] <... futex resumed>) = 0 [ 253.358503][ T27] audit: type=1804 audit(1671454834.099:518): pid=6639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/516/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6640] sendfile(4, 5, NULL, 145139829833722 [pid 6638] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6638] exit_group(0 [pid 6639] <... sendfile resumed>) = ? [pid 6638] <... exit_group resumed>) = ? [pid 6639] +++ exited with 0 +++ [pid 6640] <... sendfile resumed>) = ? [pid 6640] +++ exited with 0 +++ [pid 6638] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6638, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./516", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./516/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./516/binderfs") = 0 umount2("./516/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./516/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./516/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./516/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./516/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./516/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./516") = 0 mkdir("./517", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6641 ./strace-static-x86_64: Process 6641 attached [pid 6641] set_robust_list(0x5555556365e0, 24) = 0 [pid 6641] chdir("./517") = 0 [pid 6641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6641] setpgid(0, 0) = 0 [pid 6641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6641] write(3, "1000", 4) = 4 [pid 6641] close(3) = 0 [pid 6641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6641] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6641] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6642 attached , parent_tid=[6642], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6642 [pid 6642] set_robust_list(0x7f54a22979e0, 24 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... set_robust_list resumed>) = 0 [pid 6641] <... futex resumed>) = 0 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6642] memfd_create("syzkaller", 0) = 3 [pid 6642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6642] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6642] munmap(0x7f5499e77000, 2097152) = 0 [pid 6642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6642] close(3) = 0 [pid 6642] mkdir("./bus", 0777) = 0 [pid 6642] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6642] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6642] chdir("./bus") = 0 [pid 6642] ioctl(4, LOOP_CLR_FD) = 0 [pid 6642] close(4) = 0 [pid 6642] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] <... futex resumed>) = 0 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] <... futex resumed>) = 1 [pid 6642] creat("./bus", 000) = 4 [pid 6642] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] <... futex resumed>) = 0 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] <... futex resumed>) = 1 [pid 6642] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6642] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] <... futex resumed>) = 0 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] <... futex resumed>) = 1 [pid 6642] ftruncate(4, 2048) = 0 [pid 6642] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] <... futex resumed>) = 0 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] <... futex resumed>) = 1 [pid 6642] lseek(4, 0, SEEK_END) = 2048 [pid 6642] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] <... futex resumed>) = 0 [pid 6642] <... futex resumed>) = 1 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6642] open("./bus", O_RDONLY [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] <... open resumed>) = 5 [pid 6642] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 253.675006][ T6642] loop0: detected capacity change from 0 to 4096 [ 253.684413][ T6642] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6642] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6641] <... futex resumed>) = 0 [pid 6641] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 0 [pid 6641] <... futex resumed>) = 1 [pid 6642] sendfile(4, 5, NULL, 145139829833722 [pid 6641] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6641] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6641] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6641] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6643 attached , parent_tid=[6643], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6643 [pid 6641] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [ 253.735223][ T27] audit: type=1804 audit(1671454834.479:519): pid=6642 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/517/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6643] set_robust_list(0x7f549a0769e0, 24 [pid 6641] <... futex resumed>) = 0 [pid 6643] <... set_robust_list resumed>) = 0 [pid 6641] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] sendfile(4, 5, NULL, 145139829833722 [pid 6641] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6641] exit_group(0) = ? [pid 6642] <... sendfile resumed>) = ? [pid 6642] +++ exited with 0 +++ [pid 6643] <... sendfile resumed>) = ? [pid 6643] +++ exited with 0 +++ [pid 6641] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6641, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./517", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./517/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./517/binderfs") = 0 umount2("./517/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./517/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./517/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./517/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./517/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./517/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./517") = 0 mkdir("./518", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6644 ./strace-static-x86_64: Process 6644 attached [pid 6644] set_robust_list(0x5555556365e0, 24) = 0 [pid 6644] chdir("./518") = 0 [pid 6644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6644] setpgid(0, 0) = 0 [pid 6644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6644] write(3, "1000", 4) = 4 [pid 6644] close(3) = 0 [pid 6644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6644] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6644] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6645 attached [pid 6645] set_robust_list(0x7f54a22979e0, 24 [pid 6644] <... clone resumed>, parent_tid=[6645], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6645 [pid 6645] <... set_robust_list resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6645] memfd_create("syzkaller", 0) = 3 [pid 6645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6645] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6645] munmap(0x7f5499e77000, 2097152) = 0 [pid 6645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6645] close(3) = 0 [pid 6645] mkdir("./bus", 0777) = 0 [pid 6645] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6645] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6645] chdir("./bus") = 0 [pid 6645] ioctl(4, LOOP_CLR_FD) = 0 [pid 6645] close(4) = 0 [pid 6645] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6645] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... futex resumed>) = 0 [pid 6645] creat("./bus", 000) = 4 [pid 6645] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6645] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] ftruncate(4, 2048) = 0 [pid 6645] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6645] lseek(4, 0, SEEK_END [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... lseek resumed>) = 2048 [pid 6645] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... futex resumed>) = 1 [pid 6645] open("./bus", O_RDONLY) = 5 [ 254.068421][ T6645] loop0: detected capacity change from 0 to 4096 [ 254.078282][ T6645] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6645] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... futex resumed>) = 0 [pid 6644] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6645] <... futex resumed>) = 1 [pid 6645] sendfile(4, 5, NULL, 145139829833722 [pid 6644] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6644] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6644] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6644] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6646 attached , parent_tid=[6646], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6646 [pid 6644] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6644] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6646] set_robust_list(0x7f549a0769e0, 24) = 0 [ 254.125138][ T27] audit: type=1804 audit(1671454834.869:520): pid=6645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/518/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6646] sendfile(4, 5, NULL, 145139829833722 [pid 6644] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6644] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6644] exit_group(0) = ? [pid 6645] <... sendfile resumed>) = ? [pid 6645] +++ exited with 0 +++ [pid 6646] <... sendfile resumed>) = ? [pid 6646] +++ exited with 0 +++ [pid 6644] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6644, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./518", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./518/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./518/binderfs") = 0 umount2("./518/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./518/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./518/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./518/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./518/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./518/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./518") = 0 mkdir("./519", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6647 ./strace-static-x86_64: Process 6647 attached [pid 6647] set_robust_list(0x5555556365e0, 24) = 0 [pid 6647] chdir("./519") = 0 [pid 6647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6647] setpgid(0, 0) = 0 [pid 6647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6647] write(3, "1000", 4) = 4 [pid 6647] close(3) = 0 [pid 6647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6647] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6647] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6648 attached , parent_tid=[6648], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6648 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6648] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6648] memfd_create("syzkaller", 0) = 3 [pid 6648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6648] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6648] munmap(0x7f5499e77000, 2097152) = 0 [pid 6648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6648] close(3) = 0 [pid 6648] mkdir("./bus", 0777) = 0 [pid 6648] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6648] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6648] chdir("./bus") = 0 [pid 6648] ioctl(4, LOOP_CLR_FD) = 0 [pid 6648] close(4) = 0 [pid 6648] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = 1 [pid 6648] creat("./bus", 000) = 4 [pid 6648] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = 1 [pid 6648] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6648] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = 1 [pid 6648] ftruncate(4, 2048) = 0 [pid 6648] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = 1 [pid 6648] lseek(4, 0, SEEK_END) = 2048 [pid 6648] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = 1 [ 254.450724][ T6648] loop0: detected capacity change from 0 to 4096 [ 254.460314][ T6648] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6648] open("./bus", O_RDONLY) = 5 [pid 6648] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... futex resumed>) = 0 [pid 6647] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... futex resumed>) = 1 [pid 6648] sendfile(4, 5, NULL, 145139829833722 [pid 6647] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6647] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6647] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6647] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6647] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6649], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6649 [pid 6647] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6647] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6649 attached [pid 6649] set_robust_list(0x7f549a0769e0, 24) = 0 [ 254.506637][ T27] audit: type=1804 audit(1671454835.249:521): pid=6648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/519/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6649] sendfile(4, 5, NULL, 145139829833722 [pid 6647] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6647] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6647] exit_group(0) = ? [pid 6648] <... sendfile resumed>) = ? [pid 6648] +++ exited with 0 +++ [pid 6649] <... sendfile resumed>) = ? [pid 6649] +++ exited with 0 +++ [pid 6647] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6647, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./519", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./519/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./519/binderfs") = 0 umount2("./519/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./519/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./519/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./519/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./519/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./519/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./519") = 0 mkdir("./520", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6650 ./strace-static-x86_64: Process 6650 attached [pid 6650] set_robust_list(0x5555556365e0, 24) = 0 [pid 6650] chdir("./520") = 0 [pid 6650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6650] setpgid(0, 0) = 0 [pid 6650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6650] write(3, "1000", 4) = 4 [pid 6650] close(3) = 0 [pid 6650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6650] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6650] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6651 attached , parent_tid=[6651], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6651 [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6651] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6651] memfd_create("syzkaller", 0) = 3 [pid 6651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6651] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6651] munmap(0x7f5499e77000, 2097152) = 0 [pid 6651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6651] close(3) = 0 [pid 6651] mkdir("./bus", 0777) = 0 [pid 6651] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6651] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6651] chdir("./bus") = 0 [pid 6651] ioctl(4, LOOP_CLR_FD) = 0 [pid 6651] close(4) = 0 [pid 6651] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6651] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... futex resumed>) = 0 [pid 6651] creat("./bus", 000) = 4 [pid 6651] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6651] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... futex resumed>) = 1 [pid 6651] ftruncate(4, 2048) = 0 [pid 6651] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6651] <... futex resumed>) = 1 [pid 6651] lseek(4, 0, SEEK_END) = 2048 [pid 6651] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6650] <... futex resumed>) = 0 [pid 6651] open("./bus", O_RDONLY [ 254.829669][ T6651] loop0: detected capacity change from 0 to 4096 [ 254.839663][ T6651] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] <... open resumed>) = 5 [pid 6651] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6651] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6650] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6651] <... futex resumed>) = 0 [pid 6650] <... futex resumed>) = 1 [pid 6651] sendfile(4, 5, NULL, 145139829833722 [pid 6650] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6650] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6650] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6650] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6652 attached [ 254.891092][ T27] audit: type=1804 audit(1671454835.639:522): pid=6651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/520/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6652] set_robust_list(0x7f549a0769e0, 24 [pid 6650] <... clone resumed>, parent_tid=[6652], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6652 [pid 6652] <... set_robust_list resumed>) = 0 [pid 6650] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6652] sendfile(4, 5, NULL, 145139829833722 [pid 6650] <... futex resumed>) = 0 [pid 6650] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6650] exit_group(0 [pid 6651] <... sendfile resumed>) = ? [pid 6650] <... exit_group resumed>) = ? [pid 6651] +++ exited with 0 +++ [pid 6652] <... sendfile resumed>) = ? [pid 6652] +++ exited with 0 +++ [pid 6650] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6650, si_uid=0, si_status=0, si_utime=0, si_stime=28 /* 0.28 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./520", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./520/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./520/binderfs") = 0 umount2("./520/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./520/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./520/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./520/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./520/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./520/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./520") = 0 mkdir("./521", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6653 ./strace-static-x86_64: Process 6653 attached [pid 6653] set_robust_list(0x5555556365e0, 24) = 0 [pid 6653] chdir("./521") = 0 [pid 6653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6653] setpgid(0, 0) = 0 [pid 6653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6653] write(3, "1000", 4) = 4 [pid 6653] close(3) = 0 [pid 6653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6653] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6653] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6654 attached , parent_tid=[6654], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6654 [pid 6654] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6654] memfd_create("syzkaller", 0) = 3 [pid 6654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6654] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6654] munmap(0x7f5499e77000, 2097152) = 0 [pid 6654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6654] close(3) = 0 [pid 6654] mkdir("./bus", 0777) = 0 [pid 6654] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6654] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6654] chdir("./bus") = 0 [pid 6654] ioctl(4, LOOP_CLR_FD) = 0 [pid 6654] close(4) = 0 [pid 6654] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6653] <... futex resumed>) = 0 [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] <... futex resumed>) = 1 [pid 6654] creat("./bus", 000) = 4 [pid 6654] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6653] <... futex resumed>) = 0 [pid 6654] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... fcntl resumed>) = 0 [pid 6653] <... futex resumed>) = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6653] <... futex resumed>) = 0 [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] ftruncate(4, 2048 [pid 6653] <... futex resumed>) = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] <... ftruncate resumed>) = 0 [pid 6654] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6653] <... futex resumed>) = 0 [pid 6654] lseek(4, 0, SEEK_END [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6654] <... lseek resumed>) = 2048 [pid 6653] <... futex resumed>) = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6653] <... futex resumed>) = 0 [pid 6654] open("./bus", O_RDONLY [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] <... open resumed>) = 5 [ 255.228560][ T6654] loop0: detected capacity change from 0 to 4096 [ 255.238060][ T6654] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6654] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6654] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6653] <... futex resumed>) = 0 [pid 6653] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6653] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] <... futex resumed>) = 0 [ 255.272161][ T27] audit: type=1804 audit(1671454836.019:523): pid=6654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/521/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6654] sendfile(4, 5, NULL, 145139829833722 [pid 6653] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6653] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6653] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6653] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6655 attached , parent_tid=[6655], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6655 [pid 6653] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6655] sendfile(4, 5, NULL, 145139829833722 [pid 6653] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6653] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6653] exit_group(0) = ? [pid 6654] <... sendfile resumed>) = ? [pid 6654] +++ exited with 0 +++ [pid 6655] <... sendfile resumed>) = ? [pid 6655] +++ exited with 0 +++ [pid 6653] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6653, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./521", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./521/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./521/binderfs") = 0 umount2("./521/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./521/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./521/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./521/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./521/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./521/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./521") = 0 mkdir("./522", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6656 ./strace-static-x86_64: Process 6656 attached [pid 6656] set_robust_list(0x5555556365e0, 24) = 0 [pid 6656] chdir("./522") = 0 [pid 6656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6656] setpgid(0, 0) = 0 [pid 6656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6656] write(3, "1000", 4) = 4 [pid 6656] close(3) = 0 [pid 6656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6656] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6656] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6657 attached , parent_tid=[6657], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6657 [pid 6657] set_robust_list(0x7f54a22979e0, 24 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6657] <... set_robust_list resumed>) = 0 [pid 6657] memfd_create("syzkaller", 0) = 3 [pid 6657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6657] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6657] munmap(0x7f5499e77000, 2097152) = 0 [pid 6657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6657] close(3) = 0 [pid 6657] mkdir("./bus", 0777) = 0 [pid 6657] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6657] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6657] chdir("./bus") = 0 [pid 6657] ioctl(4, LOOP_CLR_FD) = 0 [ 255.681297][ T6657] loop0: detected capacity change from 0 to 4096 [ 255.692912][ T6657] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6657] close(4) = 0 [pid 6657] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] <... futex resumed>) = 1 [pid 6657] creat("./bus", 000) = 4 [pid 6657] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] <... futex resumed>) = 1 [pid 6657] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6657] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] <... futex resumed>) = 1 [pid 6657] ftruncate(4, 2048) = 0 [pid 6657] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] <... futex resumed>) = 1 [pid 6657] lseek(4, 0, SEEK_END) = 2048 [pid 6657] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] <... futex resumed>) = 1 [pid 6657] open("./bus", O_RDONLY) = 5 [pid 6657] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... futex resumed>) = 0 [pid 6656] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] <... futex resumed>) = 1 [pid 6656] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6657] sendfile(4, 5, NULL, 145139829833722 [pid 6656] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6656] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6656] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6656] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6658], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6658 [pid 6656] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6656] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6658 attached [ 255.776883][ T27] audit: type=1804 audit(1671454836.519:524): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/522/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6658] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6658] sendfile(4, 5, NULL, 145139829833722 [pid 6656] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6656] exit_group(0) = ? [pid 6657] <... sendfile resumed>) = ? [pid 6657] +++ exited with 0 +++ [pid 6658] <... sendfile resumed>) = ? [pid 6658] +++ exited with 0 +++ [pid 6656] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6656, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./522", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./522/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./522/binderfs") = 0 umount2("./522/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./522/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./522/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./522/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./522/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./522/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./522") = 0 mkdir("./523", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6659 ./strace-static-x86_64: Process 6659 attached [pid 6659] set_robust_list(0x5555556365e0, 24) = 0 [pid 6659] chdir("./523") = 0 [pid 6659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6659] setpgid(0, 0) = 0 [pid 6659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6659] write(3, "1000", 4) = 4 [pid 6659] close(3) = 0 [pid 6659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6659] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6659] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6660], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6660 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6660 attached [pid 6660] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6660] memfd_create("syzkaller", 0) = 3 [pid 6660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6660] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6660] munmap(0x7f5499e77000, 2097152) = 0 [pid 6660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6660] close(3) = 0 [pid 6660] mkdir("./bus", 0777) = 0 [pid 6660] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6660] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6660] chdir("./bus") = 0 [pid 6660] ioctl(4, LOOP_CLR_FD) = 0 [pid 6660] close(4) = 0 [pid 6660] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6659] <... futex resumed>) = 0 [pid 6660] creat("./bus", 000 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6660] <... creat resumed>) = 4 [pid 6660] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6659] <... futex resumed>) = 0 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6660] <... futex resumed>) = 1 [pid 6660] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6660] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6659] <... futex resumed>) = 0 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6660] <... futex resumed>) = 1 [pid 6660] ftruncate(4, 2048) = 0 [pid 6660] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6659] <... futex resumed>) = 0 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6660] lseek(4, 0, SEEK_END) = 2048 [pid 6660] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6659] <... futex resumed>) = 0 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6660] open("./bus", O_RDONLY) = 5 [ 256.111515][ T6660] loop0: detected capacity change from 0 to 4096 [ 256.121011][ T6660] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6660] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6659] <... futex resumed>) = 0 [pid 6659] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6660] <... futex resumed>) = 1 [pid 6660] sendfile(4, 5, NULL, 145139829833722 [pid 6659] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6659] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6659] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6659] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6659] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6661 attached , parent_tid=[6661], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6661 [pid 6661] set_robust_list(0x7f549a0769e0, 24) = 0 [ 256.170425][ T27] audit: type=1804 audit(1671454836.909:525): pid=6660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/523/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6661] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6659] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6659] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6661] sendfile(4, 5, NULL, 145139829833722 [pid 6659] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6659] exit_group(0) = ? [pid 6661] <... sendfile resumed>) = ? [pid 6661] +++ exited with 0 +++ [pid 6660] <... sendfile resumed>) = ? [pid 6660] +++ exited with 0 +++ [pid 6659] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6659, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./523", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./523/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./523/binderfs") = 0 umount2("./523/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./523/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./523/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./523/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./523/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./523/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./523") = 0 mkdir("./524", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6662 ./strace-static-x86_64: Process 6662 attached [pid 6662] set_robust_list(0x5555556365e0, 24) = 0 [pid 6662] chdir("./524") = 0 [pid 6662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6662] setpgid(0, 0) = 0 [pid 6662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6662] write(3, "1000", 4) = 4 [pid 6662] close(3) = 0 [pid 6662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6662] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6662] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6663], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6663 [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6663 attached [pid 6663] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6663] memfd_create("syzkaller", 0) = 3 [pid 6663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6663] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6663] munmap(0x7f5499e77000, 2097152) = 0 [pid 6663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6663] close(3) = 0 [pid 6663] mkdir("./bus", 0777) = 0 [pid 6663] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6663] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6663] chdir("./bus") = 0 [pid 6663] ioctl(4, LOOP_CLR_FD) = 0 [pid 6663] close(4) = 0 [pid 6663] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... futex resumed>) = 0 [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] <... futex resumed>) = 1 [pid 6663] creat("./bus", 000) = 4 [pid 6663] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] <... futex resumed>) = 0 [pid 6663] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6662] <... futex resumed>) = 0 [pid 6663] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] <... fcntl resumed>) = 0 [pid 6663] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] <... futex resumed>) = 0 [pid 6663] ftruncate(4, 2048 [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] <... ftruncate resumed>) = 0 [pid 6663] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] <... futex resumed>) = 0 [pid 6663] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6662] <... futex resumed>) = 0 [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] lseek(4, 0, SEEK_END) = 2048 [pid 6663] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6662] <... futex resumed>) = 0 [pid 6663] open("./bus", O_RDONLY [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6663] <... open resumed>) = 5 [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6663] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6663] <... futex resumed>) = 0 [pid 6662] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6663] sendfile(4, 5, NULL, 145139829833722 [pid 6662] <... futex resumed>) = 0 [ 256.499300][ T6663] loop0: detected capacity change from 0 to 4096 [ 256.508795][ T6663] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6662] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6662] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6662] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6662] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6664], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6664 ./strace-static-x86_64: Process 6664 attached [pid 6664] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6664] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6662] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6664] <... futex resumed>) = 0 [pid 6664] sendfile(4, 5, NULL, 145139829833722 [pid 6662] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6662] exit_group(0) = ? [pid 6663] <... sendfile resumed>) = ? [pid 6664] <... sendfile resumed>) = ? [pid 6663] +++ exited with 0 +++ [pid 6664] +++ exited with 0 +++ [pid 6662] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6662, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./524", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./524/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./524/binderfs") = 0 umount2("./524/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./524/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./524/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./524/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./524/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./524/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./524") = 0 mkdir("./525", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6665 ./strace-static-x86_64: Process 6665 attached [pid 6665] set_robust_list(0x5555556365e0, 24) = 0 [pid 6665] chdir("./525") = 0 [pid 6665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6665] setpgid(0, 0) = 0 [pid 6665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6665] write(3, "1000", 4) = 4 [pid 6665] close(3) = 0 [pid 6665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6665] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6665] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6666], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6666 [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6666 attached [pid 6666] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6666] memfd_create("syzkaller", 0) = 3 [pid 6666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6666] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6666] munmap(0x7f5499e77000, 2097152) = 0 [pid 6666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6666] close(3) = 0 [pid 6666] mkdir("./bus", 0777) = 0 [pid 6666] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6666] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6666] chdir("./bus") = 0 [pid 6666] ioctl(4, LOOP_CLR_FD) = 0 [pid 6666] close(4) = 0 [pid 6666] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... futex resumed>) = 0 [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] <... futex resumed>) = 1 [pid 6666] creat("./bus", 000) = 4 [pid 6666] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6665] <... futex resumed>) = 0 [pid 6666] <... fcntl resumed>) = 0 [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6666] <... futex resumed>) = 0 [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] ftruncate(4, 2048 [pid 6665] <... futex resumed>) = 0 [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] <... ftruncate resumed>) = 0 [pid 6666] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6665] <... futex resumed>) = 0 [pid 6666] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6665] <... futex resumed>) = 0 [pid 6666] lseek(4, 0, SEEK_END [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] <... lseek resumed>) = 2048 [pid 6666] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6665] <... futex resumed>) = 0 [pid 6666] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6665] <... futex resumed>) = 0 [pid 6666] open("./bus", O_RDONLY [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6666] <... open resumed>) = 5 [pid 6666] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6665] <... futex resumed>) = 0 [pid 6666] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = 1 [pid 6666] sendfile(4, 5, NULL, 145139829833722 [ 256.877802][ T6666] loop0: detected capacity change from 0 to 4096 [ 256.887402][ T6666] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6665] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6665] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6665] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6665] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6667 attached , parent_tid=[6667], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6667 [pid 6667] set_robust_list(0x7f549a0769e0, 24 [pid 6665] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... set_robust_list resumed>) = 0 [pid 6665] <... futex resumed>) = 0 [pid 6667] sendfile(4, 5, NULL, 145139829833722 [pid 6665] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6665] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6665] exit_group(0) = ? [pid 6667] <... sendfile resumed>) = ? [pid 6667] +++ exited with 0 +++ [pid 6666] <... sendfile resumed>) = ? [pid 6666] +++ exited with 0 +++ [pid 6665] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6665, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./525", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./525/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./525/binderfs") = 0 umount2("./525/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./525/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./525/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./525/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./525/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./525/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./525") = 0 mkdir("./526", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6668 ./strace-static-x86_64: Process 6668 attached [pid 6668] set_robust_list(0x5555556365e0, 24) = 0 [pid 6668] chdir("./526") = 0 [pid 6668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6668] setpgid(0, 0) = 0 [pid 6668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6668] write(3, "1000", 4) = 4 [pid 6668] close(3) = 0 [pid 6668] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6668] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6668] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6669], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6669 [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6669 attached [pid 6669] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6669] memfd_create("syzkaller", 0) = 3 [pid 6669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6669] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6669] munmap(0x7f5499e77000, 2097152) = 0 [pid 6669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6669] close(3) = 0 [pid 6669] mkdir("./bus", 0777) = 0 [pid 6669] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6669] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6669] chdir("./bus") = 0 [pid 6669] ioctl(4, LOOP_CLR_FD) = 0 [pid 6669] close(4) = 0 [pid 6669] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] <... futex resumed>) = 0 [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] <... futex resumed>) = 0 [pid 6669] creat("./bus", 000) = 4 [pid 6669] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] <... futex resumed>) = 0 [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] <... futex resumed>) = 1 [pid 6669] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6669] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6668] <... futex resumed>) = 0 [pid 6669] ftruncate(4, 2048 [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] <... ftruncate resumed>) = 0 [pid 6669] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6668] <... futex resumed>) = 0 [pid 6669] lseek(4, 0, SEEK_END [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6669] <... lseek resumed>) = 2048 [pid 6668] <... futex resumed>) = 0 [pid 6669] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] open("./bus", O_RDONLY [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6669] <... open resumed>) = 5 [pid 6669] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6668] <... futex resumed>) = 0 [pid 6668] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6669] <... futex resumed>) = 0 [pid 6668] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 257.258842][ T6669] loop0: detected capacity change from 0 to 4096 [ 257.268388][ T6669] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6669] sendfile(4, 5, NULL, 145139829833722 [pid 6668] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6668] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6668] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6668] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6670 attached , parent_tid=[6670], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6670 [pid 6668] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6670] set_robust_list(0x7f549a0769e0, 24 [pid 6668] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6670] <... set_robust_list resumed>) = 0 [pid 6670] sendfile(4, 5, NULL, 145139829833722 [pid 6668] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6668] exit_group(0) = ? [pid 6670] <... sendfile resumed>) = ? [pid 6669] <... sendfile resumed>) = ? [pid 6669] +++ exited with 0 +++ [pid 6670] +++ exited with 0 +++ [pid 6668] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6668, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./526", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./526/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./526/binderfs") = 0 umount2("./526/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./526/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./526/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./526/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./526/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./526/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./526") = 0 mkdir("./527", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6671 ./strace-static-x86_64: Process 6671 attached [pid 6671] set_robust_list(0x5555556365e0, 24) = 0 [pid 6671] chdir("./527") = 0 [pid 6671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6671] setpgid(0, 0) = 0 [pid 6671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6671] write(3, "1000", 4) = 4 [pid 6671] close(3) = 0 [pid 6671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6671] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6671] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6672], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6672 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6672 attached [pid 6672] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6672] memfd_create("syzkaller", 0) = 3 [pid 6672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6672] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6672] munmap(0x7f5499e77000, 2097152) = 0 [pid 6672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6672] close(3) = 0 [pid 6672] mkdir("./bus", 0777) = 0 [pid 6672] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6672] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6672] chdir("./bus") = 0 [pid 6672] ioctl(4, LOOP_CLR_FD) = 0 [pid 6672] close(4) = 0 [pid 6672] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6672] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6672] <... futex resumed>) = 0 [pid 6672] creat("./bus", 000) = 4 [pid 6672] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6672] <... futex resumed>) = 1 [pid 6672] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6672] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6672] <... futex resumed>) = 1 [pid 6672] ftruncate(4, 2048) = 0 [pid 6672] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6672] <... futex resumed>) = 1 [pid 6672] lseek(4, 0, SEEK_END) = 2048 [pid 6672] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6672] <... futex resumed>) = 1 [pid 6672] open("./bus", O_RDONLY) = 5 [ 257.643651][ T6672] loop0: detected capacity change from 0 to 4096 [ 257.653021][ T6672] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6672] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6672] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6671] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6672] <... futex resumed>) = 0 [pid 6672] sendfile(4, 5, NULL, 145139829833722 [pid 6671] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6671] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6671] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6671] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6673 attached [pid 6673] set_robust_list(0x7f549a0769e0, 24 [pid 6671] <... clone resumed>, parent_tid=[6673], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6673 [pid 6671] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6673] <... set_robust_list resumed>) = 0 [pid 6671] <... futex resumed>) = 0 [pid 6671] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 257.704301][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 257.704314][ T27] audit: type=1804 audit(1671454838.449:529): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/527/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6673] sendfile(4, 5, NULL, 145139829833722 [pid 6671] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6671] exit_group(0) = ? [pid 6673] <... sendfile resumed>) = ? [pid 6673] +++ exited with 0 +++ [pid 6672] <... sendfile resumed>) = ? [pid 6672] +++ exited with 0 +++ [pid 6671] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6671, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./527", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./527/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./527/binderfs") = 0 umount2("./527/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./527/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./527/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./527/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./527/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./527/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./527") = 0 mkdir("./528", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6674 ./strace-static-x86_64: Process 6674 attached [pid 6674] set_robust_list(0x5555556365e0, 24) = 0 [pid 6674] chdir("./528") = 0 [pid 6674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6674] setpgid(0, 0) = 0 [pid 6674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6674] write(3, "1000", 4) = 4 [pid 6674] close(3) = 0 [pid 6674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6674] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6674] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6675 attached , parent_tid=[6675], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6675 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6675] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6675] memfd_create("syzkaller", 0) = 3 [pid 6675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6675] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6675] munmap(0x7f5499e77000, 2097152) = 0 [pid 6675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6675] close(3) = 0 [pid 6675] mkdir("./bus", 0777) = 0 [pid 6675] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6675] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6675] chdir("./bus") = 0 [pid 6675] ioctl(4, LOOP_CLR_FD) = 0 [pid 6675] close(4) = 0 [pid 6675] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] <... futex resumed>) = 1 [pid 6675] creat("./bus", 000) = 4 [pid 6675] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] <... futex resumed>) = 1 [pid 6675] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6675] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] <... futex resumed>) = 1 [pid 6675] ftruncate(4, 2048) = 0 [pid 6675] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] lseek(4, 0, SEEK_END) = 2048 [pid 6675] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] <... futex resumed>) = 1 [pid 6675] open("./bus", O_RDONLY) = 5 [ 258.040896][ T6675] loop0: detected capacity change from 0 to 4096 [ 258.049859][ T6675] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6675] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... futex resumed>) = 0 [pid 6674] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] <... futex resumed>) = 1 [pid 6675] sendfile(4, 5, NULL, 145139829833722 [pid 6674] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6674] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6674] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6674] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6676 attached , parent_tid=[6676], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6676 [pid 6676] set_robust_list(0x7f549a0769e0, 24 [pid 6674] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6674] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6676] <... set_robust_list resumed>) = 0 [ 258.095724][ T27] audit: type=1804 audit(1671454838.839:530): pid=6675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/528/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6676] sendfile(4, 5, NULL, 145139829833722 [pid 6674] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6674] exit_group(0) = ? [pid 6676] <... sendfile resumed>) = ? [pid 6676] +++ exited with 0 +++ [pid 6675] <... sendfile resumed>) = ? [pid 6675] +++ exited with 0 +++ [pid 6674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6674, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./528", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./528/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./528/binderfs") = 0 umount2("./528/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./528/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./528/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./528/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./528/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./528/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./528") = 0 mkdir("./529", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6677 ./strace-static-x86_64: Process 6677 attached [pid 6677] set_robust_list(0x5555556365e0, 24) = 0 [pid 6677] chdir("./529") = 0 [pid 6677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6677] setpgid(0, 0) = 0 [pid 6677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6677] write(3, "1000", 4) = 4 [pid 6677] close(3) = 0 [pid 6677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6677] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6677] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6678], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6678 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6678 attached [pid 6678] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6678] memfd_create("syzkaller", 0) = 3 [pid 6678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6678] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6678] munmap(0x7f5499e77000, 2097152) = 0 [pid 6678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6678] close(3) = 0 [pid 6678] mkdir("./bus", 0777) = 0 [pid 6678] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6678] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6678] chdir("./bus") = 0 [pid 6678] ioctl(4, LOOP_CLR_FD) = 0 [pid 6678] close(4) = 0 [pid 6678] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6678] <... futex resumed>) = 0 [pid 6678] creat("./bus", 000) = 4 [pid 6678] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6678] <... futex resumed>) = 1 [pid 6678] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6678] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6678] <... futex resumed>) = 1 [pid 6678] ftruncate(4, 2048) = 0 [pid 6678] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6678] <... futex resumed>) = 1 [pid 6678] lseek(4, 0, SEEK_END) = 2048 [pid 6678] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6678] <... futex resumed>) = 1 [ 258.416952][ T6678] loop0: detected capacity change from 0 to 4096 [ 258.426394][ T6678] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6678] open("./bus", O_RDONLY) = 5 [pid 6678] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6678] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6677] <... futex resumed>) = 0 [pid 6677] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6677] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6678] <... futex resumed>) = 0 [pid 6678] sendfile(4, 5, NULL, 145139829833722 [pid 6677] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6677] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6677] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6677] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6679], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6679 [pid 6677] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6677] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6679 attached [pid 6679] set_robust_list(0x7f549a0769e0, 24) = 0 [ 258.473152][ T27] audit: type=1804 audit(1671454839.219:531): pid=6678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/529/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6679] sendfile(4, 5, NULL, 145139829833722 [pid 6677] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6677] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6677] exit_group(0) = ? [pid 6679] <... sendfile resumed>) = ? [pid 6679] +++ exited with 0 +++ [pid 6678] <... sendfile resumed>) = ? [pid 6678] +++ exited with 0 +++ [pid 6677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6677, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./529", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./529/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./529/binderfs") = 0 umount2("./529/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./529/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./529/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./529/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./529/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./529/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./529") = 0 mkdir("./530", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6680 ./strace-static-x86_64: Process 6680 attached [pid 6680] set_robust_list(0x5555556365e0, 24) = 0 [pid 6680] chdir("./530") = 0 [pid 6680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6680] setpgid(0, 0) = 0 [pid 6680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6680] write(3, "1000", 4) = 4 [pid 6680] close(3) = 0 [pid 6680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6680] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6680] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6681], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6681 ./strace-static-x86_64: Process 6681 attached [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] set_robust_list(0x7f54a22979e0, 24 [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6681] <... set_robust_list resumed>) = 0 [pid 6681] memfd_create("syzkaller", 0) = 3 [pid 6681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6681] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6681] munmap(0x7f5499e77000, 2097152) = 0 [pid 6681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6681] close(3) = 0 [pid 6681] mkdir("./bus", 0777) = 0 [pid 6681] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6681] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6681] chdir("./bus") = 0 [pid 6681] ioctl(4, LOOP_CLR_FD) = 0 [pid 6681] close(4) = 0 [pid 6681] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] <... futex resumed>) = 0 [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6681] <... futex resumed>) = 0 [pid 6681] creat("./bus", 000) = 4 [pid 6681] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6681] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] <... futex resumed>) = 0 [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = 1 [pid 6681] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6681] <... fcntl resumed>) = 0 [pid 6681] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6680] <... futex resumed>) = 0 [pid 6681] ftruncate(4, 2048 [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6681] <... ftruncate resumed>) = 0 [pid 6681] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6680] <... futex resumed>) = 0 [pid 6681] lseek(4, 0, SEEK_END [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... lseek resumed>) = 2048 [pid 6680] <... futex resumed>) = 0 [pid 6681] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6681] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6681] open("./bus", O_RDONLY [ 258.782885][ T6681] loop0: detected capacity change from 0 to 4096 [ 258.792763][ T6681] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] <... open resumed>) = 5 [pid 6681] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6681] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6680] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... futex resumed>) = 0 [pid 6680] <... futex resumed>) = 1 [pid 6681] sendfile(4, 5, NULL, 145139829833722 [ 258.835484][ T27] audit: type=1804 audit(1671454839.579:532): pid=6681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/530/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6680] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6680] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6680] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6680] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6682], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6682 [pid 6680] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6680] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6682 attached [pid 6682] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6682] sendfile(4, 5, NULL, 145139829833722 [pid 6680] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6680] exit_group(0) = ? [pid 6681] <... sendfile resumed>) = ? [pid 6681] +++ exited with 0 +++ [pid 6682] <... sendfile resumed>) = ? [pid 6682] +++ exited with 0 +++ [pid 6680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6680, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./530", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./530/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./530/binderfs") = 0 umount2("./530/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./530/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./530/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./530/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./530/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./530/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./530") = 0 mkdir("./531", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6683 ./strace-static-x86_64: Process 6683 attached [pid 6683] set_robust_list(0x5555556365e0, 24) = 0 [pid 6683] chdir("./531") = 0 [pid 6683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6683] setpgid(0, 0) = 0 [pid 6683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6683] write(3, "1000", 4) = 4 [pid 6683] close(3) = 0 [pid 6683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6683] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6683] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6684 attached , parent_tid=[6684], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6684 [pid 6684] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6684] memfd_create("syzkaller", 0) = 3 [pid 6684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6684] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6684] munmap(0x7f5499e77000, 2097152) = 0 [pid 6684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6684] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6684] close(3) = 0 [pid 6684] mkdir("./bus", 0777) = 0 [pid 6684] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6684] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6684] chdir("./bus") = 0 [pid 6684] ioctl(4, LOOP_CLR_FD) = 0 [pid 6684] close(4) = 0 [pid 6684] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6684] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6683] <... futex resumed>) = 0 [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... futex resumed>) = 0 [pid 6683] <... futex resumed>) = 1 [pid 6684] creat("./bus", 000 [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] <... creat resumed>) = 4 [pid 6684] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] <... futex resumed>) = 0 [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] <... fcntl resumed>) = 0 [pid 6684] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] <... futex resumed>) = 0 [pid 6684] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] ftruncate(4, 2048) = 0 [pid 6684] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] <... futex resumed>) = 0 [pid 6684] lseek(4, 0, SEEK_END [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... lseek resumed>) = 2048 [pid 6683] <... futex resumed>) = 0 [ 259.188747][ T6684] loop0: detected capacity change from 0 to 4096 [ 259.198431][ T6684] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6684] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6684] <... futex resumed>) = 0 [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] open("./bus", O_RDONLY [pid 6683] <... futex resumed>) = 0 [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] <... open resumed>) = 5 [pid 6684] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6684] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6683] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6683] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6684] <... futex resumed>) = 0 [pid 6684] sendfile(4, 5, NULL, 145139829833722 [pid 6683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6683] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6683] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6683] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6685], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6685 ./strace-static-x86_64: Process 6685 attached [pid 6685] set_robust_list(0x7f549a0769e0, 24 [pid 6683] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... set_robust_list resumed>) = 0 [pid 6683] <... futex resumed>) = 0 [pid 6683] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 259.250735][ T27] audit: type=1804 audit(1671454839.989:533): pid=6684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/531/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6685] sendfile(4, 5, NULL, 145139829833722 [pid 6683] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6683] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6683] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6683] exit_group(0) = ? [pid 6684] <... sendfile resumed>) = ? [pid 6685] <... sendfile resumed>) = ? [pid 6684] +++ exited with 0 +++ [pid 6685] +++ exited with 0 +++ [pid 6683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6683, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./531", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./531/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./531/binderfs") = 0 umount2("./531/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./531/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./531/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./531/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./531/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./531/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./531") = 0 mkdir("./532", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6686 ./strace-static-x86_64: Process 6686 attached [pid 6686] set_robust_list(0x5555556365e0, 24) = 0 [pid 6686] chdir("./532") = 0 [pid 6686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6686] setpgid(0, 0) = 0 [pid 6686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6686] write(3, "1000", 4) = 4 [pid 6686] close(3) = 0 [pid 6686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6686] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6686] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6687 attached , parent_tid=[6687], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6687 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6687] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6687] memfd_create("syzkaller", 0) = 3 [pid 6687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6687] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6687] munmap(0x7f5499e77000, 2097152) = 0 [pid 6687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6687] close(3) = 0 [pid 6687] mkdir("./bus", 0777) = 0 [pid 6687] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6687] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6687] chdir("./bus") = 0 [pid 6687] ioctl(4, LOOP_CLR_FD) = 0 [pid 6687] close(4) = 0 [pid 6687] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... futex resumed>) = 0 [pid 6687] creat("./bus", 000) = 4 [pid 6687] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... futex resumed>) = 1 [pid 6687] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6687] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... futex resumed>) = 1 [pid 6687] ftruncate(4, 2048) = 0 [pid 6687] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 259.580608][ T6687] loop0: detected capacity change from 0 to 4096 [ 259.589809][ T6687] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... futex resumed>) = 1 [pid 6687] lseek(4, 0, SEEK_END) = 2048 [pid 6687] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... futex resumed>) = 1 [pid 6687] open("./bus", O_RDONLY) = 5 [pid 6687] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6687] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6686] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6687] <... futex resumed>) = 0 [ 259.622441][ T27] audit: type=1804 audit(1671454840.369:534): pid=6687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/532/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6687] sendfile(4, 5, NULL, 145139829833722 [pid 6686] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6686] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6686] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6686] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6688], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6688 ./strace-static-x86_64: Process 6688 attached [pid 6688] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6688] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6686] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6688] sendfile(4, 5, NULL, 145139829833722 [pid 6686] <... futex resumed>) = 0 [pid 6686] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6686] exit_group(0) = ? [pid 6687] <... sendfile resumed>) = ? [pid 6688] <... sendfile resumed>) = ? [pid 6688] +++ exited with 0 +++ [pid 6687] +++ exited with 0 +++ [pid 6686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6686, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./532", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./532/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./532/binderfs") = 0 umount2("./532/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./532/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./532/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./532/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./532/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./532/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./532") = 0 mkdir("./533", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6689 ./strace-static-x86_64: Process 6689 attached [pid 6689] set_robust_list(0x5555556365e0, 24) = 0 [pid 6689] chdir("./533") = 0 [pid 6689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6689] setpgid(0, 0) = 0 [pid 6689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6689] write(3, "1000", 4) = 4 [pid 6689] close(3) = 0 [pid 6689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6689] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6689] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6690 attached , parent_tid=[6690], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6690 [pid 6690] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6690] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6690] memfd_create("syzkaller", 0) = 3 [pid 6690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6690] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6690] munmap(0x7f5499e77000, 2097152) = 0 [pid 6690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6690] close(3) = 0 [pid 6690] mkdir("./bus", 0777) = 0 [pid 6690] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6690] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6690] chdir("./bus") = 0 [pid 6690] ioctl(4, LOOP_CLR_FD) = 0 [pid 6690] close(4) = 0 [pid 6690] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6690] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] <... futex resumed>) = 0 [pid 6690] creat("./bus", 000) = 4 [pid 6690] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] <... futex resumed>) = 1 [pid 6690] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6690] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] <... futex resumed>) = 1 [pid 6690] ftruncate(4, 2048) = 0 [pid 6690] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] lseek(4, 0, SEEK_END) = 2048 [pid 6690] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6689] <... futex resumed>) = 0 [ 259.964505][ T6690] loop0: detected capacity change from 0 to 4096 [ 259.973819][ T6690] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6690] open("./bus", O_RDONLY [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] <... open resumed>) = 5 [pid 6690] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] <... futex resumed>) = 0 [pid 6689] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6690] <... futex resumed>) = 1 [pid 6690] sendfile(4, 5, NULL, 145139829833722 [pid 6689] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6689] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6689] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6689] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6689] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6691], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6691 [pid 6689] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6689] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6691 attached [pid 6691] set_robust_list(0x7f549a0769e0, 24) = 0 [ 260.018798][ T27] audit: type=1804 audit(1671454840.759:535): pid=6690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/533/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6691] sendfile(4, 5, NULL, 145139829833722 [pid 6689] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6689] exit_group(0) = ? [pid 6691] <... sendfile resumed>) = ? [pid 6691] +++ exited with 0 +++ [pid 6690] <... sendfile resumed>) = ? [pid 6690] +++ exited with 0 +++ [pid 6689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6689, si_uid=0, si_status=0, si_utime=0, si_stime=16 /* 0.16 s */} --- umount2("./533", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./533/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./533/binderfs") = 0 umount2("./533/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./533/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./533/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./533/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./533/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./533/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./533") = 0 mkdir("./534", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6692 ./strace-static-x86_64: Process 6692 attached [pid 6692] set_robust_list(0x5555556365e0, 24) = 0 [pid 6692] chdir("./534") = 0 [pid 6692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6692] setpgid(0, 0) = 0 [pid 6692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6692] write(3, "1000", 4) = 4 [pid 6692] close(3) = 0 [pid 6692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6692] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6692] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6693 attached , parent_tid=[6693], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6693 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6693] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6693] memfd_create("syzkaller", 0) = 3 [pid 6693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6693] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6693] munmap(0x7f5499e77000, 2097152) = 0 [pid 6693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6693] close(3) = 0 [pid 6693] mkdir("./bus", 0777) = 0 [pid 6693] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6693] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6693] chdir("./bus") = 0 [pid 6693] ioctl(4, LOOP_CLR_FD) = 0 [pid 6693] close(4) = 0 [pid 6693] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... futex resumed>) = 0 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... futex resumed>) = 1 [pid 6693] creat("./bus", 000) = 4 [pid 6693] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... futex resumed>) = 0 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... futex resumed>) = 1 [pid 6693] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6693] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... futex resumed>) = 0 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... futex resumed>) = 1 [pid 6693] ftruncate(4, 2048) = 0 [pid 6693] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... futex resumed>) = 0 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... futex resumed>) = 1 [pid 6693] lseek(4, 0, SEEK_END) = 2048 [pid 6693] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... futex resumed>) = 0 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... futex resumed>) = 1 [ 260.329624][ T6693] loop0: detected capacity change from 0 to 4096 [ 260.339412][ T6693] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6693] open("./bus", O_RDONLY) = 5 [pid 6693] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6692] <... futex resumed>) = 0 [pid 6692] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6693] <... futex resumed>) = 1 [pid 6693] sendfile(4, 5, NULL, 145139829833722 [pid 6692] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6692] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6692] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6692] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6694], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6694 [pid 6692] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6692] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6694 attached [pid 6694] set_robust_list(0x7f549a0769e0, 24) = 0 [ 260.383058][ T27] audit: type=1804 audit(1671454841.129:536): pid=6693 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/534/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6694] sendfile(4, 5, NULL, 145139829833722 [pid 6692] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6692] exit_group(0) = ? [pid 6693] <... sendfile resumed>) = ? [pid 6693] +++ exited with 0 +++ [pid 6694] <... sendfile resumed>) = ? [pid 6694] +++ exited with 0 +++ [pid 6692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6692, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./534", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./534/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./534/binderfs") = 0 umount2("./534/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./534/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./534/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./534/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./534/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./534/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./534") = 0 mkdir("./535", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6695 ./strace-static-x86_64: Process 6695 attached [pid 6695] set_robust_list(0x5555556365e0, 24) = 0 [pid 6695] chdir("./535") = 0 [pid 6695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6695] setpgid(0, 0) = 0 [pid 6695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6695] write(3, "1000", 4) = 4 [pid 6695] close(3) = 0 [pid 6695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6695] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6695] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6696 attached [pid 6696] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6696] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] <... clone resumed>, parent_tid=[6696], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6696 [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] <... futex resumed>) = 0 [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6696] memfd_create("syzkaller", 0) = 3 [pid 6696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6696] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6696] munmap(0x7f5499e77000, 2097152) = 0 [pid 6696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6696] close(3) = 0 [pid 6696] mkdir("./bus", 0777) = 0 [pid 6696] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6696] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6696] chdir("./bus") = 0 [pid 6696] ioctl(4, LOOP_CLR_FD) = 0 [pid 6696] close(4) = 0 [pid 6696] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6696] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] <... futex resumed>) = 0 [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... futex resumed>) = 0 [pid 6696] creat("./bus", 000) = 4 [pid 6696] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6696] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... fcntl resumed>) = 0 [pid 6695] <... futex resumed>) = 0 [pid 6696] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... futex resumed>) = 0 [pid 6695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6696] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6695] <... futex resumed>) = 0 [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] ftruncate(4, 2048) = 0 [pid 6696] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6696] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6695] <... futex resumed>) = 0 [pid 6696] lseek(4, 0, SEEK_END [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... lseek resumed>) = 2048 [pid 6696] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6696] open("./bus", O_RDONLY [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6696] <... open resumed>) = 5 [pid 6695] <... futex resumed>) = 0 [pid 6696] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 260.712426][ T6696] loop0: detected capacity change from 0 to 4096 [ 260.722563][ T6696] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... futex resumed>) = 0 [pid 6695] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6696] sendfile(4, 5, NULL, 145139829833722 [pid 6695] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6695] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6695] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6695] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6697 attached [pid 6697] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6697] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] <... clone resumed>, parent_tid=[6697], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6697 [pid 6695] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6697] <... futex resumed>) = 0 [pid 6697] sendfile(4, 5, NULL, 145139829833722 [ 260.770463][ T27] audit: type=1804 audit(1671454841.509:537): pid=6696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/535/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6695] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6695] exit_group(0 [pid 6696] <... sendfile resumed>) = ? [pid 6695] <... exit_group resumed>) = ? [pid 6696] +++ exited with 0 +++ [pid 6697] <... sendfile resumed>) = ? [pid 6697] +++ exited with 0 +++ [pid 6695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6695, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./535", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./535/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./535/binderfs") = 0 umount2("./535/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./535/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./535/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./535/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./535/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./535/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./535") = 0 mkdir("./536", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6698 ./strace-static-x86_64: Process 6698 attached [pid 6698] set_robust_list(0x5555556365e0, 24) = 0 [pid 6698] chdir("./536") = 0 [pid 6698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6698] setpgid(0, 0) = 0 [pid 6698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6698] write(3, "1000", 4) = 4 [pid 6698] close(3) = 0 [pid 6698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6698] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6698] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6699 attached , parent_tid=[6699], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6699 [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6699] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6698] <... futex resumed>) = 0 [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6699] memfd_create("syzkaller", 0) = 3 [pid 6699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6699] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6699] munmap(0x7f5499e77000, 2097152) = 0 [pid 6699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6699] close(3) = 0 [pid 6699] mkdir("./bus", 0777) = 0 [pid 6699] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6699] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6699] chdir("./bus") = 0 [pid 6699] ioctl(4, LOOP_CLR_FD) = 0 [pid 6699] close(4) = 0 [pid 6699] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6698] <... futex resumed>) = 0 [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6699] <... futex resumed>) = 1 [pid 6699] creat("./bus", 000) = 4 [pid 6699] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6698] <... futex resumed>) = 0 [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6699] <... futex resumed>) = 1 [pid 6699] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6699] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6698] <... futex resumed>) = 0 [pid 6699] ftruncate(4, 2048 [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] <... ftruncate resumed>) = 0 [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6699] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6698] <... futex resumed>) = 0 [pid 6699] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6698] <... futex resumed>) = 0 [pid 6699] lseek(4, 0, SEEK_END [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6699] <... lseek resumed>) = 2048 [pid 6699] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6698] <... futex resumed>) = 0 [pid 6699] open("./bus", O_RDONLY [ 261.103814][ T6699] loop0: detected capacity change from 0 to 4096 [ 261.113827][ T6699] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] <... open resumed>) = 5 [pid 6699] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6699] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6698] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6699] <... futex resumed>) = 0 [pid 6698] <... futex resumed>) = 1 [pid 6699] sendfile(4, 5, NULL, 145139829833722 [pid 6698] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6698] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6698] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6698] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6700 attached [pid 6700] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6698] <... clone resumed>, parent_tid=[6700], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6700 [ 261.160330][ T27] audit: type=1804 audit(1671454841.899:538): pid=6699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/536/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6700] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6698] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... futex resumed>) = 0 [pid 6698] <... futex resumed>) = 1 [pid 6700] sendfile(4, 5, NULL, 145139829833722 [pid 6698] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6698] exit_group(0) = ? [pid 6700] <... sendfile resumed>) = ? [pid 6700] +++ exited with 0 +++ [pid 6699] <... sendfile resumed>) = ? [pid 6699] +++ exited with 0 +++ [pid 6698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6698, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./536", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./536/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./536/binderfs") = 0 umount2("./536/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./536/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./536/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./536/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./536/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./536/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./536") = 0 mkdir("./537", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6701 ./strace-static-x86_64: Process 6701 attached [pid 6701] set_robust_list(0x5555556365e0, 24) = 0 [pid 6701] chdir("./537") = 0 [pid 6701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6701] setpgid(0, 0) = 0 [pid 6701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6701] write(3, "1000", 4) = 4 [pid 6701] close(3) = 0 [pid 6701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6701] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6701] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6702], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6702 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6702 attached [pid 6702] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6702] memfd_create("syzkaller", 0) = 3 [pid 6702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6702] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6702] munmap(0x7f5499e77000, 2097152) = 0 [pid 6702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6702] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6702] close(3) = 0 [pid 6702] mkdir("./bus", 0777) = 0 [pid 6702] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6702] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6702] chdir("./bus") = 0 [pid 6702] ioctl(4, LOOP_CLR_FD) = 0 [pid 6702] close(4) = 0 [pid 6702] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] <... futex resumed>) = 1 [pid 6702] creat("./bus", 000) = 4 [pid 6702] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] <... futex resumed>) = 1 [pid 6702] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6702] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] <... futex resumed>) = 1 [pid 6702] ftruncate(4, 2048) = 0 [pid 6702] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] <... futex resumed>) = 1 [pid 6702] lseek(4, 0, SEEK_END) = 2048 [pid 6702] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] <... futex resumed>) = 1 [pid 6702] open("./bus", O_RDONLY) = 5 [pid 6702] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6701] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] <... futex resumed>) = 1 [ 261.488566][ T6702] loop0: detected capacity change from 0 to 4096 [ 261.498194][ T6702] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6702] sendfile(4, 5, NULL, 145139829833722 [pid 6701] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6701] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6701] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6701] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6701] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6703], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6703 [pid 6701] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6701] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6703 attached [pid 6703] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6703] sendfile(4, 5, NULL, 145139829833722 [pid 6701] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6701] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6701] exit_group(0) = ? [pid 6702] <... sendfile resumed>) = ? [pid 6702] +++ exited with 0 +++ [pid 6703] <... sendfile resumed>) = ? [pid 6703] +++ exited with 0 +++ [pid 6701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6701, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./537", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./537/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./537/binderfs") = 0 umount2("./537/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./537/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./537/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./537/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./537/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./537/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./537") = 0 mkdir("./538", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6704 ./strace-static-x86_64: Process 6704 attached [pid 6704] set_robust_list(0x5555556365e0, 24) = 0 [pid 6704] chdir("./538") = 0 [pid 6704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6704] setpgid(0, 0) = 0 [pid 6704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6704] write(3, "1000", 4) = 4 [pid 6704] close(3) = 0 [pid 6704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6704] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6704] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6705], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6705 [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6705 attached [pid 6705] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6705] memfd_create("syzkaller", 0) = 3 [pid 6705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6705] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6705] munmap(0x7f5499e77000, 2097152) = 0 [pid 6705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6705] close(3) = 0 [pid 6705] mkdir("./bus", 0777) = 0 [pid 6705] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6705] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6705] chdir("./bus") = 0 [pid 6705] ioctl(4, LOOP_CLR_FD) = 0 [pid 6705] close(4) = 0 [pid 6705] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6704] <... futex resumed>) = 0 [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] <... futex resumed>) = 0 [pid 6705] creat("./bus", 000) = 4 [pid 6705] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6704] <... futex resumed>) = 0 [pid 6705] <... futex resumed>) = 1 [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6704] <... futex resumed>) = 0 [pid 6705] <... fcntl resumed>) = 0 [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6704] <... futex resumed>) = 0 [pid 6705] ftruncate(4, 2048 [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] <... ftruncate resumed>) = 0 [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6704] <... futex resumed>) = 0 [pid 6705] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] lseek(4, 0, SEEK_END) = 2048 [pid 6705] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6705] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6704] <... futex resumed>) = 0 [pid 6705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] open("./bus", O_RDONLY [pid 6704] <... futex resumed>) = 0 [pid 6705] <... open resumed>) = 5 [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6705] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6704] <... futex resumed>) = 0 [pid 6705] sendfile(4, 5, NULL, 145139829833722 [pid 6704] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 261.843623][ T6705] loop0: detected capacity change from 0 to 4096 [ 261.853278][ T6705] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6704] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6704] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6704] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6704] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6706 attached , parent_tid=[6706], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6706 [pid 6706] set_robust_list(0x7f549a0769e0, 24 [pid 6704] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] <... set_robust_list resumed>) = 0 [pid 6704] <... futex resumed>) = 0 [pid 6706] sendfile(4, 5, NULL, 145139829833722 [pid 6704] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6704] exit_group(0) = ? [pid 6706] <... sendfile resumed>) = ? [pid 6705] <... sendfile resumed>) = ? [pid 6706] +++ exited with 0 +++ [pid 6705] +++ exited with 0 +++ [pid 6704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6704, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./538", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./538/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./538/binderfs") = 0 umount2("./538/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./538/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./538/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./538/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./538/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./538/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./538") = 0 mkdir("./539", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6707 ./strace-static-x86_64: Process 6707 attached [pid 6707] set_robust_list(0x5555556365e0, 24) = 0 [pid 6707] chdir("./539") = 0 [pid 6707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6707] setpgid(0, 0) = 0 [pid 6707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6707] write(3, "1000", 4) = 4 [pid 6707] close(3) = 0 [pid 6707] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6707] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6707] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6708 attached , parent_tid=[6708], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6708 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6708] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6708] memfd_create("syzkaller", 0) = 3 [pid 6708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6708] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6708] munmap(0x7f5499e77000, 2097152) = 0 [pid 6708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6708] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6708] close(3) = 0 [pid 6708] mkdir("./bus", 0777) = 0 [pid 6708] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6708] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6708] chdir("./bus") = 0 [pid 6708] ioctl(4, LOOP_CLR_FD) = 0 [pid 6708] close(4) = 0 [pid 6708] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... futex resumed>) = 1 [pid 6708] creat("./bus", 000) = 4 [pid 6708] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... futex resumed>) = 1 [pid 6708] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6708] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... futex resumed>) = 1 [pid 6708] ftruncate(4, 2048) = 0 [pid 6708] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] <... futex resumed>) = 1 [pid 6708] lseek(4, 0, SEEK_END) = 2048 [pid 6708] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6708] open("./bus", O_RDONLY) = 5 [pid 6708] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6707] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 262.219916][ T6708] loop0: detected capacity change from 0 to 4096 [ 262.229388][ T6708] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6708] sendfile(4, 5, NULL, 145139829833722 [pid 6707] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6707] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6707] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6707] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6709], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6709 ./strace-static-x86_64: Process 6709 attached [pid 6709] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6709] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6707] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6709] <... futex resumed>) = 0 [pid 6707] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6709] sendfile(4, 5, NULL, 145139829833722 [pid 6707] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6707] exit_group(0 [pid 6709] <... sendfile resumed>) = ? [pid 6707] <... exit_group resumed>) = ? [pid 6709] +++ exited with 0 +++ [pid 6708] <... sendfile resumed>) = ? [pid 6708] +++ exited with 0 +++ [pid 6707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6707, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./539", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./539/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./539/binderfs") = 0 umount2("./539/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./539/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./539/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./539/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./539/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./539/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./539") = 0 mkdir("./540", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6710 ./strace-static-x86_64: Process 6710 attached [pid 6710] set_robust_list(0x5555556365e0, 24) = 0 [pid 6710] chdir("./540") = 0 [pid 6710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6710] setpgid(0, 0) = 0 [pid 6710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6710] write(3, "1000", 4) = 4 [pid 6710] close(3) = 0 [pid 6710] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6710] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6711 attached , parent_tid=[6711], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6711 [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] set_robust_list(0x7f54a22979e0, 24 [pid 6710] <... futex resumed>) = 0 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6711] <... set_robust_list resumed>) = 0 [pid 6711] memfd_create("syzkaller", 0) = 3 [pid 6711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6711] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6711] munmap(0x7f5499e77000, 2097152) = 0 [pid 6711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6711] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6711] close(3) = 0 [pid 6711] mkdir("./bus", 0777) = 0 [pid 6711] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6711] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6711] chdir("./bus") = 0 [pid 6711] ioctl(4, LOOP_CLR_FD) = 0 [pid 6711] close(4) = 0 [pid 6711] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6711] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6710] <... futex resumed>) = 0 [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6711] <... futex resumed>) = 0 [pid 6711] creat("./bus", 000) = 4 [pid 6711] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] <... futex resumed>) = 0 [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6711] <... futex resumed>) = 1 [pid 6711] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6711] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6711] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6711] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6710] <... futex resumed>) = 0 [pid 6711] ftruncate(4, 2048 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6711] <... ftruncate resumed>) = 0 [pid 6711] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6711] lseek(4, 0, SEEK_END [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6711] <... lseek resumed>) = 2048 [pid 6711] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6711] open("./bus", O_RDONLY) = 5 [pid 6711] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6711] sendfile(4, 5, NULL, 145139829833722 [pid 6710] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 262.603852][ T6711] loop0: detected capacity change from 0 to 4096 [ 262.613237][ T6711] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6710] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6710] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6710] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6712 attached [pid 6712] set_robust_list(0x7f549a0769e0, 24 [pid 6710] <... clone resumed>, parent_tid=[6712], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6712 [pid 6712] <... set_robust_list resumed>) = 0 [pid 6712] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6710] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6712] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6710] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6712] sendfile(4, 5, NULL, 145139829833722 [pid 6710] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6710] exit_group(0) = ? [pid 6711] <... sendfile resumed>) = ? [pid 6712] <... sendfile resumed>) = ? [pid 6712] +++ exited with 0 +++ [pid 6711] +++ exited with 0 +++ [pid 6710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6710, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=24 /* 0.24 s */} --- umount2("./540", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./540/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./540/binderfs") = 0 umount2("./540/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./540/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./540/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./540/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./540/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./540/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./540") = 0 mkdir("./541", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6713 ./strace-static-x86_64: Process 6713 attached [pid 6713] set_robust_list(0x5555556365e0, 24) = 0 [pid 6713] chdir("./541") = 0 [pid 6713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6713] setpgid(0, 0) = 0 [pid 6713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6713] write(3, "1000", 4) = 4 [pid 6713] close(3) = 0 [pid 6713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6713] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6713] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6714], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6714 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6714 attached [pid 6714] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6714] memfd_create("syzkaller", 0) = 3 [pid 6714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6714] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6714] munmap(0x7f5499e77000, 2097152) = 0 [pid 6714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6714] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6714] close(3) = 0 [pid 6714] mkdir("./bus", 0777) = 0 [pid 6714] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6714] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6714] chdir("./bus") = 0 [pid 6714] ioctl(4, LOOP_CLR_FD) = 0 [pid 6714] close(4) = 0 [pid 6714] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 0 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = 1 [pid 6714] creat("./bus", 000) = 4 [pid 6714] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 0 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = 1 [pid 6714] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6714] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 0 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = 1 [pid 6714] ftruncate(4, 2048) = 0 [pid 6714] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 0 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = 1 [pid 6714] lseek(4, 0, SEEK_END) = 2048 [pid 6714] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 0 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = 1 [pid 6714] open("./bus", O_RDONLY) = 5 [ 262.978574][ T6714] loop0: detected capacity change from 0 to 4096 [ 262.988029][ T6714] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6714] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] <... futex resumed>) = 0 [pid 6713] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = 1 [pid 6714] sendfile(4, 5, NULL, 145139829833722 [pid 6713] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6713] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6713] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6713] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6715 attached , parent_tid=[6715], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6715 [pid 6713] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6713] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6715] set_robust_list(0x7f549a0769e0, 24) = 0 [ 263.030145][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 263.030159][ T27] audit: type=1804 audit(1671454843.769:543): pid=6714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/541/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6715] sendfile(4, 5, NULL, 145139829833722 [pid 6713] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6713] exit_group(0) = ? [pid 6715] <... sendfile resumed>) = ? [pid 6715] +++ exited with 0 +++ [pid 6714] <... sendfile resumed>) = ? [pid 6714] +++ exited with 0 +++ [pid 6713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6713, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./541", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./541/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./541/binderfs") = 0 umount2("./541/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./541/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./541/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./541/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./541/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./541/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./541") = 0 mkdir("./542", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6716 ./strace-static-x86_64: Process 6716 attached [pid 6716] set_robust_list(0x5555556365e0, 24) = 0 [pid 6716] chdir("./542") = 0 [pid 6716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6716] setpgid(0, 0) = 0 [pid 6716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6716] write(3, "1000", 4) = 4 [pid 6716] close(3) = 0 [pid 6716] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6716] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6716] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6717], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6717 [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6717 attached [pid 6717] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6717] memfd_create("syzkaller", 0) = 3 [pid 6717] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6717] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6717] munmap(0x7f5499e77000, 2097152) = 0 [pid 6717] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6717] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6717] close(3) = 0 [pid 6717] mkdir("./bus", 0777) = 0 [pid 6717] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6717] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6717] chdir("./bus") = 0 [pid 6717] ioctl(4, LOOP_CLR_FD) = 0 [pid 6717] close(4) = 0 [pid 6717] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6716] <... futex resumed>) = 0 [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... futex resumed>) = 1 [pid 6717] creat("./bus", 000) = 4 [pid 6717] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] <... futex resumed>) = 0 [pid 6717] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] <... futex resumed>) = 0 [pid 6717] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... fcntl resumed>) = 0 [pid 6717] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] <... futex resumed>) = 0 [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6717] ftruncate(4, 2048 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... ftruncate resumed>) = 0 [pid 6717] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] <... futex resumed>) = 0 [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] lseek(4, 0, SEEK_END) = 2048 [pid 6717] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6717] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6716] <... futex resumed>) = 0 [pid 6717] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] open("./bus", O_RDONLY [pid 6716] <... futex resumed>) = 0 [pid 6717] <... open resumed>) = 5 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 263.354596][ T6717] loop0: detected capacity change from 0 to 4096 [ 263.363978][ T6717] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6717] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6716] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] <... futex resumed>) = 0 [pid 6717] sendfile(4, 5, NULL, 145139829833722 [pid 6716] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6716] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6716] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6716] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6718 attached [pid 6718] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6716] <... clone resumed>, parent_tid=[6718], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6718 [pid 6718] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6716] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6716] <... futex resumed>) = 0 [pid 6718] sendfile(4, 5, NULL, 145139829833722 [ 263.412017][ T27] audit: type=1804 audit(1671454844.159:544): pid=6717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/542/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6716] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6716] exit_group(0) = ? [pid 6718] <... sendfile resumed>) = ? [pid 6718] +++ exited with 0 +++ [pid 6717] <... sendfile resumed>) = ? [pid 6717] +++ exited with 0 +++ [pid 6716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6716, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./542", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./542/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./542/binderfs") = 0 umount2("./542/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./542/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./542/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./542/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./542/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./542/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./542") = 0 mkdir("./543", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6719 ./strace-static-x86_64: Process 6719 attached [pid 6719] set_robust_list(0x5555556365e0, 24) = 0 [pid 6719] chdir("./543") = 0 [pid 6719] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6719] setpgid(0, 0) = 0 [pid 6719] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6719] write(3, "1000", 4) = 4 [pid 6719] close(3) = 0 [pid 6719] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6719] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6719] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6720], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6720 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6720 attached [pid 6720] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6720] memfd_create("syzkaller", 0) = 3 [pid 6720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6720] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6720] munmap(0x7f5499e77000, 2097152) = 0 [pid 6720] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6720] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6720] close(3) = 0 [pid 6720] mkdir("./bus", 0777) = 0 [pid 6720] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6720] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6720] chdir("./bus") = 0 [pid 6720] ioctl(4, LOOP_CLR_FD) = 0 [pid 6720] close(4) = 0 [pid 6720] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... futex resumed>) = 1 [pid 6720] creat("./bus", 000) = 4 [pid 6720] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... futex resumed>) = 1 [pid 6720] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6720] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... futex resumed>) = 1 [pid 6720] ftruncate(4, 2048) = 0 [pid 6720] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... futex resumed>) = 1 [pid 6720] lseek(4, 0, SEEK_END) = 2048 [pid 6720] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... futex resumed>) = 1 [ 263.730634][ T6720] loop0: detected capacity change from 0 to 4096 [ 263.739906][ T6720] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6720] open("./bus", O_RDONLY) = 5 [pid 6720] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6719] <... futex resumed>) = 0 [pid 6719] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... futex resumed>) = 1 [pid 6720] sendfile(4, 5, NULL, 145139829833722 [pid 6719] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6719] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6719] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6719] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6721 attached , parent_tid=[6721], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6721 [pid 6719] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6719] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6721] set_robust_list(0x7f549a0769e0, 24) = 0 [ 263.781486][ T27] audit: type=1804 audit(1671454844.529:545): pid=6720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/543/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6721] sendfile(4, 5, NULL, 145139829833722 [pid 6719] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6719] exit_group(0) = ? [pid 6721] <... sendfile resumed>) = ? [pid 6720] <... sendfile resumed>) = ? [pid 6720] +++ exited with 0 +++ [pid 6721] +++ exited with 0 +++ [pid 6719] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6719, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./543", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./543/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./543/binderfs") = 0 umount2("./543/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./543/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./543/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./543/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./543/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./543/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./543") = 0 mkdir("./544", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6722 ./strace-static-x86_64: Process 6722 attached [pid 6722] set_robust_list(0x5555556365e0, 24) = 0 [pid 6722] chdir("./544") = 0 [pid 6722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6722] setpgid(0, 0) = 0 [pid 6722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6722] write(3, "1000", 4) = 4 [pid 6722] close(3) = 0 [pid 6722] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6722] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6722] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6723], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6723 ./strace-static-x86_64: Process 6723 attached [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] set_robust_list(0x7f54a22979e0, 24 [pid 6722] <... futex resumed>) = 0 [pid 6723] <... set_robust_list resumed>) = 0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6723] memfd_create("syzkaller", 0) = 3 [pid 6723] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6723] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6723] munmap(0x7f5499e77000, 2097152) = 0 [pid 6723] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6723] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6723] close(3) = 0 [pid 6723] mkdir("./bus", 0777) = 0 [pid 6723] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6723] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6723] chdir("./bus") = 0 [pid 6723] ioctl(4, LOOP_CLR_FD) = 0 [pid 6723] close(4) = 0 [ 264.112422][ T6723] loop0: detected capacity change from 0 to 4096 [ 264.122199][ T6723] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6723] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6723] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6722] <... futex resumed>) = 0 [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 0 [pid 6723] creat("./bus", 000) = 4 [pid 6723] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = 0 [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 1 [pid 6723] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6723] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = 0 [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 1 [pid 6723] ftruncate(4, 2048) = 0 [pid 6723] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = 0 [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 1 [pid 6723] lseek(4, 0, SEEK_END) = 2048 [pid 6723] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] <... futex resumed>) = 0 [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6723] <... futex resumed>) = 1 [pid 6723] open("./bus", O_RDONLY) = 5 [pid 6723] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6723] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6722] <... futex resumed>) = 0 [pid 6722] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6722] <... futex resumed>) = 1 [pid 6723] sendfile(4, 5, NULL, 145139829833722 [ 264.157566][ T27] audit: type=1804 audit(1671454844.899:546): pid=6723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/544/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6722] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6722] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6722] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6722] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6724 attached , parent_tid=[6724], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6724 [pid 6722] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6722] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6724] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6724] sendfile(4, 5, NULL, 145139829833722 [pid 6722] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6722] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6722] exit_group(0) = ? [pid 6723] <... sendfile resumed>) = ? [pid 6724] <... sendfile resumed>) = ? [pid 6724] +++ exited with 0 +++ [pid 6723] +++ exited with 0 +++ [pid 6722] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6722, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./544", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./544/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./544/binderfs") = 0 umount2("./544/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./544/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./544/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./544/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./544/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./544/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./544") = 0 mkdir("./545", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6725 ./strace-static-x86_64: Process 6725 attached [pid 6725] set_robust_list(0x5555556365e0, 24) = 0 [pid 6725] chdir("./545") = 0 [pid 6725] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6725] setpgid(0, 0) = 0 [pid 6725] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6725] write(3, "1000", 4) = 4 [pid 6725] close(3) = 0 [pid 6725] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6725] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6725] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6726], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6726 ./strace-static-x86_64: Process 6726 attached [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] set_robust_list(0x7f54a22979e0, 24 [pid 6725] <... futex resumed>) = 0 [pid 6726] <... set_robust_list resumed>) = 0 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6726] memfd_create("syzkaller", 0) = 3 [pid 6726] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6726] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6726] munmap(0x7f5499e77000, 2097152) = 0 [pid 6726] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6726] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6726] close(3) = 0 [pid 6726] mkdir("./bus", 0777) = 0 [pid 6726] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6726] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6726] chdir("./bus") = 0 [pid 6726] ioctl(4, LOOP_CLR_FD) = 0 [pid 6726] close(4) = 0 [pid 6726] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] <... futex resumed>) = 0 [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... futex resumed>) = 0 [pid 6726] creat("./bus", 000) = 4 [pid 6726] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... futex resumed>) = 0 [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... futex resumed>) = 1 [pid 6726] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6726] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... futex resumed>) = 0 [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... futex resumed>) = 1 [pid 6725] <... futex resumed>) = 0 [pid 6726] ftruncate(4, 2048 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... ftruncate resumed>) = 0 [pid 6726] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6725] <... futex resumed>) = 0 [pid 6726] lseek(4, 0, SEEK_END [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6726] <... lseek resumed>) = 2048 [pid 6725] <... futex resumed>) = 0 [pid 6726] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... futex resumed>) = 0 [pid 6726] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6726] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 264.496910][ T6726] loop0: detected capacity change from 0 to 4096 [ 264.506113][ T6726] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6726] open("./bus", O_RDONLY) = 5 [pid 6726] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6726] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6725] <... futex resumed>) = 0 [pid 6725] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6726] <... futex resumed>) = 0 [pid 6726] sendfile(4, 5, NULL, 145139829833722 [pid 6725] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6725] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6725] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6725] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6725] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6727], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6727 [pid 6725] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6725] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6727 attached [pid 6727] set_robust_list(0x7f549a0769e0, 24) = 0 [ 264.553915][ T27] audit: type=1804 audit(1671454845.299:547): pid=6726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/545/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6727] sendfile(4, 5, NULL, 145139829833722 [pid 6725] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6725] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6725] exit_group(0) = ? [pid 6726] <... sendfile resumed>) = ? [pid 6726] +++ exited with 0 +++ [pid 6727] <... sendfile resumed>) = ? [pid 6727] +++ exited with 0 +++ [pid 6725] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6725, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./545", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./545/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./545/binderfs") = 0 umount2("./545/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./545/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./545/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./545/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./545/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./545/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./545") = 0 mkdir("./546", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6728 ./strace-static-x86_64: Process 6728 attached [pid 6728] set_robust_list(0x5555556365e0, 24) = 0 [pid 6728] chdir("./546") = 0 [pid 6728] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6728] setpgid(0, 0) = 0 [pid 6728] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6728] write(3, "1000", 4) = 4 [pid 6728] close(3) = 0 [pid 6728] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6728] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6728] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6729 attached , parent_tid=[6729], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6729 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6729] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6729] memfd_create("syzkaller", 0) = 3 [pid 6729] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6729] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6729] munmap(0x7f5499e77000, 2097152) = 0 [pid 6729] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6729] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6729] close(3) = 0 [pid 6729] mkdir("./bus", 0777) = 0 [pid 6729] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6729] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6729] chdir("./bus") = 0 [pid 6729] ioctl(4, LOOP_CLR_FD) = 0 [ 264.885271][ T6729] loop0: detected capacity change from 0 to 4096 [ 264.894548][ T6729] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6729] close(4) = 0 [pid 6729] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = 1 [pid 6729] creat("./bus", 000) = 4 [pid 6729] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = 1 [pid 6729] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6729] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = 1 [pid 6729] ftruncate(4, 2048) = 0 [pid 6729] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = 1 [pid 6729] lseek(4, 0, SEEK_END) = 2048 [pid 6729] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = 1 [pid 6729] open("./bus", O_RDONLY) = 5 [pid 6729] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6728] <... futex resumed>) = 0 [pid 6728] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6729] <... futex resumed>) = 1 [pid 6729] sendfile(4, 5, NULL, 145139829833722 [pid 6728] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6728] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6728] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6728] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6728] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6730 attached , parent_tid=[6730], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6730 [pid 6728] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6728] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] set_robust_list(0x7f549a0769e0, 24) = 0 [ 264.928223][ T27] audit: type=1804 audit(1671454845.669:548): pid=6729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/546/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6730] sendfile(4, 5, NULL, 145139829833722 [pid 6728] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6728] exit_group(0) = ? [pid 6729] <... sendfile resumed>) = ? [pid 6730] <... sendfile resumed>) = ? [pid 6730] +++ exited with 0 +++ [pid 6729] +++ exited with 0 +++ [pid 6728] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6728, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./546", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./546/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./546/binderfs") = 0 umount2("./546/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./546/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./546/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./546/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./546/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./546/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./546") = 0 mkdir("./547", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6731 ./strace-static-x86_64: Process 6731 attached [pid 6731] set_robust_list(0x5555556365e0, 24) = 0 [pid 6731] chdir("./547") = 0 [pid 6731] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6731] setpgid(0, 0) = 0 [pid 6731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6731] write(3, "1000", 4) = 4 [pid 6731] close(3) = 0 [pid 6731] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6731] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6731] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6732 attached , parent_tid=[6732], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6732 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6732] memfd_create("syzkaller", 0) = 3 [pid 6732] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6732] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6732] munmap(0x7f5499e77000, 2097152) = 0 [pid 6732] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6732] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6732] close(3) = 0 [pid 6732] mkdir("./bus", 0777) = 0 [pid 6732] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6732] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6732] chdir("./bus") = 0 [pid 6732] ioctl(4, LOOP_CLR_FD) = 0 [pid 6732] close(4) = 0 [pid 6732] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... futex resumed>) = 1 [pid 6732] creat("./bus", 000) = 4 [pid 6732] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... futex resumed>) = 1 [pid 6732] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6732] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... futex resumed>) = 1 [pid 6732] ftruncate(4, 2048) = 0 [pid 6732] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] <... futex resumed>) = 1 [pid 6732] lseek(4, 0, SEEK_END) = 2048 [pid 6732] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6732] open("./bus", O_RDONLY) = 5 [ 265.253414][ T6732] loop0: detected capacity change from 0 to 4096 [ 265.263089][ T6732] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6732] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6732] <... futex resumed>) = 1 [pid 6731] <... futex resumed>) = 0 [pid 6732] sendfile(4, 5, NULL, 145139829833722 [pid 6731] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6731] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6731] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6731] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6733 attached , parent_tid=[6733], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6733 [pid 6731] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] set_robust_list(0x7f549a0769e0, 24 [pid 6731] <... futex resumed>) = 0 [pid 6731] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6733] <... set_robust_list resumed>) = 0 [ 265.307381][ T27] audit: type=1804 audit(1671454846.049:549): pid=6732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/547/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6733] sendfile(4, 5, NULL, 145139829833722 [pid 6731] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6731] exit_group(0) = ? [pid 6733] <... sendfile resumed>) = ? [pid 6733] +++ exited with 0 +++ [pid 6732] <... sendfile resumed>) = ? [pid 6732] +++ exited with 0 +++ [pid 6731] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6731, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./547", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./547/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./547/binderfs") = 0 umount2("./547/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./547/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./547/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./547/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./547/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./547/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./547") = 0 mkdir("./548", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6734 ./strace-static-x86_64: Process 6734 attached [pid 6734] set_robust_list(0x5555556365e0, 24) = 0 [pid 6734] chdir("./548") = 0 [pid 6734] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6734] setpgid(0, 0) = 0 [pid 6734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6734] write(3, "1000", 4) = 4 [pid 6734] close(3) = 0 [pid 6734] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6734] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6734] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6735], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6735 [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6735 attached [pid 6735] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6735] memfd_create("syzkaller", 0) = 3 [pid 6735] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6735] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6735] munmap(0x7f5499e77000, 2097152) = 0 [pid 6735] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6735] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6735] close(3) = 0 [pid 6735] mkdir("./bus", 0777) = 0 [pid 6735] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6735] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6735] chdir("./bus") = 0 [pid 6735] ioctl(4, LOOP_CLR_FD) = 0 [pid 6735] close(4) = 0 [pid 6735] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... futex resumed>) = 0 [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] <... futex resumed>) = 1 [pid 6735] creat("./bus", 000) = 4 [pid 6735] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... futex resumed>) = 0 [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] <... futex resumed>) = 1 [pid 6735] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6735] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6735] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6734] <... futex resumed>) = 0 [pid 6735] ftruncate(4, 2048 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] <... ftruncate resumed>) = 0 [pid 6735] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6734] <... futex resumed>) = 0 [pid 6735] lseek(4, 0, SEEK_END [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... lseek resumed>) = 2048 [pid 6734] <... futex resumed>) = 0 [pid 6735] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] <... futex resumed>) = 0 [pid 6734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6735] open("./bus", O_RDONLY [ 265.625803][ T6735] loop0: detected capacity change from 0 to 4096 [ 265.635457][ T6735] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... open resumed>) = 5 [pid 6734] <... futex resumed>) = 0 [pid 6735] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6735] <... futex resumed>) = 0 [pid 6734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6735] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6734] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6735] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6734] <... futex resumed>) = 0 [pid 6735] sendfile(4, 5, NULL, 145139829833722 [pid 6734] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6734] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6734] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6734] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6736 attached , parent_tid=[6736], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6736 [pid 6734] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] set_robust_list(0x7f549a0769e0, 24) = 0 [ 265.677149][ T27] audit: type=1804 audit(1671454846.419:550): pid=6735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/548/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6736] sendfile(4, 5, NULL, 145139829833722 [pid 6734] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6734] exit_group(0) = ? [pid 6736] <... sendfile resumed>) = ? [pid 6735] <... sendfile resumed>) = ? [pid 6736] +++ exited with 0 +++ [pid 6735] +++ exited with 0 +++ [pid 6734] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6734, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./548", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./548/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./548/binderfs") = 0 umount2("./548/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./548/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./548/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./548/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./548/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./548/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./548") = 0 mkdir("./549", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6737 ./strace-static-x86_64: Process 6737 attached [pid 6737] set_robust_list(0x5555556365e0, 24) = 0 [pid 6737] chdir("./549") = 0 [pid 6737] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6737] setpgid(0, 0) = 0 [pid 6737] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6737] write(3, "1000", 4) = 4 [pid 6737] close(3) = 0 [pid 6737] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6737] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6737] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6738], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6738 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6738 attached [pid 6738] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6738] memfd_create("syzkaller", 0) = 3 [pid 6738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6738] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6738] munmap(0x7f5499e77000, 2097152) = 0 [pid 6738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6738] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6738] close(3) = 0 [pid 6738] mkdir("./bus", 0777) = 0 [pid 6738] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6738] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6738] chdir("./bus") = 0 [pid 6738] ioctl(4, LOOP_CLR_FD) = 0 [pid 6738] close(4) = 0 [pid 6738] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... futex resumed>) = 1 [pid 6738] creat("./bus", 000) = 4 [pid 6738] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... futex resumed>) = 1 [pid 6738] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6738] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... futex resumed>) = 1 [pid 6738] ftruncate(4, 2048) = 0 [pid 6738] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6738] <... futex resumed>) = 1 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] lseek(4, 0, SEEK_END) = 2048 [pid 6738] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... futex resumed>) = 1 [ 265.997653][ T6738] loop0: detected capacity change from 0 to 4096 [ 266.007258][ T6738] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6738] open("./bus", O_RDONLY) = 5 [pid 6738] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6737] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6738] <... futex resumed>) = 1 [pid 6738] sendfile(4, 5, NULL, 145139829833722 [pid 6737] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6737] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6737] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6737] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6737] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6739 attached , parent_tid=[6739], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6739 [pid 6739] set_robust_list(0x7f549a0769e0, 24 [pid 6737] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] <... set_robust_list resumed>) = 0 [pid 6737] <... futex resumed>) = 0 [pid 6739] sendfile(4, 5, NULL, 145139829833722 [ 266.057666][ T27] audit: type=1804 audit(1671454846.799:551): pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/549/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6737] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6737] exit_group(0) = ? [pid 6738] <... sendfile resumed>) = ? [pid 6738] +++ exited with 0 +++ [pid 6739] <... sendfile resumed>) = ? [pid 6739] +++ exited with 0 +++ [pid 6737] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6737, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./549", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./549/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./549/binderfs") = 0 umount2("./549/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./549/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./549/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./549/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./549/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./549/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./549") = 0 mkdir("./550", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6740 ./strace-static-x86_64: Process 6740 attached [pid 6740] set_robust_list(0x5555556365e0, 24) = 0 [pid 6740] chdir("./550") = 0 [pid 6740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6740] setpgid(0, 0) = 0 [pid 6740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6740] write(3, "1000", 4) = 4 [pid 6740] close(3) = 0 [pid 6740] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6740] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6740] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6741], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6741 [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6741 attached [pid 6741] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6741] memfd_create("syzkaller", 0) = 3 [pid 6741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6741] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6741] munmap(0x7f5499e77000, 2097152) = 0 [pid 6741] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6741] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6741] close(3) = 0 [pid 6741] mkdir("./bus", 0777) = 0 [pid 6741] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6741] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6741] chdir("./bus") = 0 [pid 6741] ioctl(4, LOOP_CLR_FD) = 0 [pid 6741] close(4) = 0 [pid 6741] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6741] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] <... futex resumed>) = 0 [pid 6741] creat("./bus", 000) = 4 [pid 6741] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6741] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] ftruncate(4, 2048) = 0 [pid 6741] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] lseek(4, 0, SEEK_END) = 2048 [pid 6741] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6740] <... futex resumed>) = 0 [pid 6741] open("./bus", O_RDONLY [ 266.384692][ T6741] loop0: detected capacity change from 0 to 4096 [ 266.394848][ T6741] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] <... open resumed>) = 5 [pid 6741] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6740] <... futex resumed>) = 0 [pid 6740] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6741] <... futex resumed>) = 1 [pid 6741] sendfile(4, 5, NULL, 145139829833722 [pid 6740] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6740] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6740] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [ 266.439868][ T27] audit: type=1804 audit(1671454847.179:552): pid=6741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/550/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6740] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6742 attached , parent_tid=[6742], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6742 [pid 6742] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6742] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6740] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] <... futex resumed>) = 0 [pid 6740] <... futex resumed>) = 1 [pid 6742] sendfile(4, 5, NULL, 145139829833722 [pid 6740] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6740] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6740] exit_group(0) = ? [pid 6742] <... sendfile resumed>) = ? [pid 6742] +++ exited with 0 +++ [pid 6741] <... sendfile resumed>) = ? [pid 6741] +++ exited with 0 +++ [pid 6740] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6740, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./550", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./550/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./550/binderfs") = 0 umount2("./550/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./550/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./550/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./550/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./550/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./550/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./550") = 0 mkdir("./551", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6743 ./strace-static-x86_64: Process 6743 attached [pid 6743] set_robust_list(0x5555556365e0, 24) = 0 [pid 6743] chdir("./551") = 0 [pid 6743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6743] setpgid(0, 0) = 0 [pid 6743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6743] write(3, "1000", 4) = 4 [pid 6743] close(3) = 0 [pid 6743] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6743] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6743] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6744 attached , parent_tid=[6744], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6744 [pid 6744] set_robust_list(0x7f54a22979e0, 24 [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] <... set_robust_list resumed>) = 0 [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6744] memfd_create("syzkaller", 0) = 3 [pid 6744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6744] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6744] munmap(0x7f5499e77000, 2097152) = 0 [pid 6744] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6744] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6744] close(3) = 0 [pid 6744] mkdir("./bus", 0777) = 0 [pid 6744] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6744] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6744] chdir("./bus") = 0 [pid 6744] ioctl(4, LOOP_CLR_FD) = 0 [pid 6744] close(4) = 0 [pid 6744] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6744] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] <... futex resumed>) = 0 [pid 6744] creat("./bus", 000) = 4 [pid 6744] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6744] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] <... fcntl resumed>) = 0 [pid 6743] <... futex resumed>) = 0 [pid 6744] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6744] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6744] ftruncate(4, 2048) = 0 [pid 6744] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6744] lseek(4, 0, SEEK_END [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] <... lseek resumed>) = 2048 [pid 6743] <... futex resumed>) = 0 [pid 6744] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] <... futex resumed>) = 0 [pid 6743] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6744] open("./bus", O_RDONLY) = 5 [pid 6744] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6744] sendfile(4, 5, NULL, 145139829833722 [pid 6743] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 266.771840][ T6744] loop0: detected capacity change from 0 to 4096 [ 266.781722][ T6744] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6743] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6743] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6743] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6743] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6745], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6745 ./strace-static-x86_64: Process 6745 attached [pid 6743] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] set_robust_list(0x7f549a0769e0, 24 [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] <... set_robust_list resumed>) = 0 [pid 6745] sendfile(4, 5, NULL, 145139829833722 [pid 6743] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6743] exit_group(0) = ? [pid 6744] <... sendfile resumed>) = ? [pid 6744] +++ exited with 0 +++ [pid 6745] <... sendfile resumed>) = ? [pid 6745] +++ exited with 0 +++ [pid 6743] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6743, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./551", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./551/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./551/binderfs") = 0 umount2("./551/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./551/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./551/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./551/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./551/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./551/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./551") = 0 mkdir("./552", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6746 ./strace-static-x86_64: Process 6746 attached [pid 6746] set_robust_list(0x5555556365e0, 24) = 0 [pid 6746] chdir("./552") = 0 [pid 6746] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6746] setpgid(0, 0) = 0 [pid 6746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6746] write(3, "1000", 4) = 4 [pid 6746] close(3) = 0 [pid 6746] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6746] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6746] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6747], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6747 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6747 attached [pid 6747] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6747] memfd_create("syzkaller", 0) = 3 [pid 6747] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6747] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6747] munmap(0x7f5499e77000, 2097152) = 0 [pid 6747] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6747] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6747] close(3) = 0 [pid 6747] mkdir("./bus", 0777) = 0 [pid 6747] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6747] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6747] chdir("./bus") = 0 [pid 6747] ioctl(4, LOOP_CLR_FD) = 0 [pid 6747] close(4) = 0 [pid 6747] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] creat("./bus", 000) = 4 [pid 6747] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... futex resumed>) = 1 [pid 6747] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6747] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... futex resumed>) = 1 [pid 6747] ftruncate(4, 2048) = 0 [pid 6747] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... futex resumed>) = 1 [pid 6747] lseek(4, 0, SEEK_END) = 2048 [pid 6747] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... futex resumed>) = 1 [pid 6747] open("./bus", O_RDONLY) = 5 [pid 6747] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6747] <... futex resumed>) = 1 [ 267.150076][ T6747] loop0: detected capacity change from 0 to 4096 [ 267.159499][ T6747] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6747] sendfile(4, 5, NULL, 145139829833722 [pid 6746] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6746] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6746] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6746] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6748], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6748 [pid 6746] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6748 attached [pid 6748] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6748] sendfile(4, 5, NULL, 145139829833722 [pid 6746] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6746] exit_group(0) = ? [pid 6747] <... sendfile resumed>) = ? [pid 6747] +++ exited with 0 +++ [pid 6748] <... sendfile resumed>) = ? [pid 6748] +++ exited with 0 +++ [pid 6746] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6746, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./552", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./552/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./552/binderfs") = 0 umount2("./552/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./552/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./552/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./552/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./552/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./552/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./552") = 0 mkdir("./553", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6749 ./strace-static-x86_64: Process 6749 attached [pid 6749] set_robust_list(0x5555556365e0, 24) = 0 [pid 6749] chdir("./553") = 0 [pid 6749] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6749] setpgid(0, 0) = 0 [pid 6749] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6749] write(3, "1000", 4) = 4 [pid 6749] close(3) = 0 [pid 6749] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6749] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6749] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6750 attached , parent_tid=[6750], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6750 [pid 6750] set_robust_list(0x7f54a22979e0, 24 [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6750] <... set_robust_list resumed>) = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6750] memfd_create("syzkaller", 0) = 3 [pid 6750] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6750] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6750] munmap(0x7f5499e77000, 2097152) = 0 [pid 6750] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6750] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6750] close(3) = 0 [pid 6750] mkdir("./bus", 0777) = 0 [pid 6750] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6750] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6750] chdir("./bus") = 0 [pid 6750] ioctl(4, LOOP_CLR_FD) = 0 [pid 6750] close(4) = 0 [pid 6750] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] <... futex resumed>) = 0 [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] <... futex resumed>) = 1 [pid 6750] creat("./bus", 000) = 4 [pid 6750] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] <... futex resumed>) = 0 [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] <... futex resumed>) = 1 [pid 6750] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6750] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] <... futex resumed>) = 0 [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] <... futex resumed>) = 1 [pid 6750] ftruncate(4, 2048) = 0 [pid 6750] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6749] <... futex resumed>) = 0 [pid 6750] lseek(4, 0, SEEK_END [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6750] <... lseek resumed>) = 2048 [pid 6749] <... futex resumed>) = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6750] <... futex resumed>) = 0 [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6750] open("./bus", O_RDONLY) = 5 [pid 6750] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6749] <... futex resumed>) = 0 [pid 6750] sendfile(4, 5, NULL, 145139829833722 [pid 6749] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 267.533700][ T6750] loop0: detected capacity change from 0 to 4096 [ 267.543338][ T6750] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6749] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6749] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6749] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6749] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6751], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6751 [pid 6749] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6749] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6751 attached [pid 6751] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6751] sendfile(4, 5, NULL, 145139829833722 [pid 6749] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6749] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6749] exit_group(0 [pid 6750] <... sendfile resumed>) = ? [pid 6749] <... exit_group resumed>) = ? [pid 6751] <... sendfile resumed>) = ? [pid 6750] +++ exited with 0 +++ [pid 6751] +++ exited with 0 +++ [pid 6749] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6749, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./553", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./553/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./553/binderfs") = 0 umount2("./553/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./553/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./553/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./553/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./553/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./553/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./553") = 0 mkdir("./554", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6752 ./strace-static-x86_64: Process 6752 attached [pid 6752] set_robust_list(0x5555556365e0, 24) = 0 [pid 6752] chdir("./554") = 0 [pid 6752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6752] setpgid(0, 0) = 0 [pid 6752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6752] write(3, "1000", 4) = 4 [pid 6752] close(3) = 0 [pid 6752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6752] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6753 attached , parent_tid=[6753], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6753 [pid 6753] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6753] memfd_create("syzkaller", 0) = 3 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6753] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6753] munmap(0x7f5499e77000, 2097152) = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6753] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6753] close(3) = 0 [pid 6753] mkdir("./bus", 0777) = 0 [pid 6753] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6753] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6753] chdir("./bus") = 0 [pid 6753] ioctl(4, LOOP_CLR_FD) = 0 [pid 6753] close(4) = 0 [pid 6753] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... futex resumed>) = 1 [pid 6753] creat("./bus", 000) = 4 [pid 6753] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... futex resumed>) = 0 [pid 6753] <... futex resumed>) = 1 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6753] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6752] <... futex resumed>) = 1 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6753] <... futex resumed>) = 0 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] ftruncate(4, 2048 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... ftruncate resumed>) = 0 [pid 6753] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... futex resumed>) = 1 [pid 6753] lseek(4, 0, SEEK_END) = 2048 [pid 6753] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6753] <... futex resumed>) = 1 [pid 6753] open("./bus", O_RDONLY) = 5 [pid 6753] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... futex resumed>) = 0 [pid 6752] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6753] <... futex resumed>) = 1 [pid 6752] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 267.913425][ T6753] loop0: detected capacity change from 0 to 4096 [ 267.923099][ T6753] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6753] sendfile(4, 5, NULL, 145139829833722 [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6752] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6752] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6754], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6754 [pid 6752] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6752] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6754 attached [pid 6754] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6754] sendfile(4, 5, NULL, 145139829833722 [pid 6752] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6752] exit_group(0) = ? [pid 6754] <... sendfile resumed>) = ? [pid 6754] +++ exited with 0 +++ [pid 6753] <... sendfile resumed>) = ? [pid 6753] +++ exited with 0 +++ [pid 6752] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6752, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./554", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./554/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./554/binderfs") = 0 umount2("./554/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./554/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./554/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./554/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./554/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./554/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./554") = 0 mkdir("./555", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6755 ./strace-static-x86_64: Process 6755 attached [pid 6755] set_robust_list(0x5555556365e0, 24) = 0 [pid 6755] chdir("./555") = 0 [pid 6755] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6755] setpgid(0, 0) = 0 [pid 6755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6755] write(3, "1000", 4) = 4 [pid 6755] close(3) = 0 [pid 6755] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6755] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6755] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6756], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6756 [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6756 attached ) = 0 [pid 6756] set_robust_list(0x7f54a22979e0, 24 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6756] <... set_robust_list resumed>) = 0 [pid 6756] memfd_create("syzkaller", 0) = 3 [pid 6756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6756] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6756] munmap(0x7f5499e77000, 2097152) = 0 [pid 6756] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6756] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6756] close(3) = 0 [pid 6756] mkdir("./bus", 0777) = 0 [pid 6756] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6756] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6756] chdir("./bus") = 0 [pid 6756] ioctl(4, LOOP_CLR_FD) = 0 [pid 6756] close(4) = 0 [pid 6756] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = 1 [pid 6756] creat("./bus", 000) = 4 [pid 6756] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6756] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... fcntl resumed>) = 0 [pid 6756] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] ftruncate(4, 2048 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... ftruncate resumed>) = 0 [ 268.287862][ T6756] loop0: detected capacity change from 0 to 4096 [ 268.297200][ T6756] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6756] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] <... futex resumed>) = 0 [pid 6756] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = 0 [pid 6756] lseek(4, 0, SEEK_END) = 2048 [pid 6756] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = 1 [pid 6756] open("./bus", O_RDONLY) = 5 [pid 6756] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = 0 [pid 6756] sendfile(4, 5, NULL, 145139829833722 [pid 6755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6755] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6755] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6755] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6757 attached [pid 6757] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6757] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... clone resumed>, parent_tid=[6757], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6757 [pid 6755] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6755] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6757] <... futex resumed>) = 0 [ 268.353213][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 268.353227][ T27] audit: type=1804 audit(1671454849.099:557): pid=6756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/555/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6757] sendfile(4, 5, NULL, 145139829833722 [pid 6755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6755] exit_group(0) = ? [pid 6756] <... sendfile resumed>) = ? [pid 6757] <... sendfile resumed>) = ? [pid 6756] +++ exited with 0 +++ [pid 6757] +++ exited with 0 +++ [pid 6755] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6755, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./555", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./555/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./555/binderfs") = 0 umount2("./555/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./555/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./555/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./555/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./555/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./555/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./555") = 0 mkdir("./556", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6758 ./strace-static-x86_64: Process 6758 attached [pid 6758] set_robust_list(0x5555556365e0, 24) = 0 [pid 6758] chdir("./556") = 0 [pid 6758] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6758] setpgid(0, 0) = 0 [pid 6758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6758] write(3, "1000", 4) = 4 [pid 6758] close(3) = 0 [pid 6758] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6758] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6758] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6759], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6759 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6759 attached [pid 6759] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6759] memfd_create("syzkaller", 0) = 3 [pid 6759] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6759] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6759] munmap(0x7f5499e77000, 2097152) = 0 [pid 6759] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6759] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6759] close(3) = 0 [pid 6759] mkdir("./bus", 0777) = 0 [pid 6759] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6759] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6759] chdir("./bus") = 0 [pid 6759] ioctl(4, LOOP_CLR_FD) = 0 [pid 6759] close(4) = 0 [pid 6759] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 1 [pid 6759] creat("./bus", 000) = 4 [pid 6759] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 1 [pid 6759] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6759] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 1 [pid 6759] ftruncate(4, 2048) = 0 [pid 6759] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 1 [pid 6759] lseek(4, 0, SEEK_END) = 2048 [pid 6759] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 1 [ 268.671595][ T6759] loop0: detected capacity change from 0 to 4096 [ 268.681525][ T6759] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6759] open("./bus", O_RDONLY) = 5 [pid 6759] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6759] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6758] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6759] <... futex resumed>) = 0 [pid 6759] sendfile(4, 5, NULL, 145139829833722 [pid 6758] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6758] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6758] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6758] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6760 attached , parent_tid=[6760], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6760 [pid 6758] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6760] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6758] <... futex resumed>) = 0 [ 268.709323][ T27] audit: type=1804 audit(1671454849.449:558): pid=6759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/556/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6760] sendfile(4, 5, NULL, 145139829833722 [pid 6758] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6758] exit_group(0) = ? [pid 6759] <... sendfile resumed>) = ? [pid 6759] +++ exited with 0 +++ [pid 6760] <... sendfile resumed>) = ? [pid 6760] +++ exited with 0 +++ [pid 6758] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6758, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./556", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./556/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./556/binderfs") = 0 umount2("./556/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./556/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./556/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./556/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./556/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./556/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./556") = 0 mkdir("./557", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6761 ./strace-static-x86_64: Process 6761 attached [pid 6761] set_robust_list(0x5555556365e0, 24) = 0 [pid 6761] chdir("./557") = 0 [pid 6761] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6761] setpgid(0, 0) = 0 [pid 6761] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6761] write(3, "1000", 4) = 4 [pid 6761] close(3) = 0 [pid 6761] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6761] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6761] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6762 attached , parent_tid=[6762], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6762 [pid 6762] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6762] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6761] <... futex resumed>) = 0 [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6762] memfd_create("syzkaller", 0) = 3 [pid 6762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6762] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6762] munmap(0x7f5499e77000, 2097152) = 0 [pid 6762] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6762] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6762] close(3) = 0 [pid 6762] mkdir("./bus", 0777) = 0 [pid 6762] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6762] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6762] chdir("./bus") = 0 [pid 6762] ioctl(4, LOOP_CLR_FD) = 0 [pid 6762] close(4) = 0 [pid 6762] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6762] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6761] <... futex resumed>) = 0 [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6762] <... futex resumed>) = 0 [pid 6762] creat("./bus", 000) = 4 [pid 6762] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] <... futex resumed>) = 0 [pid 6762] <... futex resumed>) = 1 [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6761] <... futex resumed>) = 0 [pid 6762] <... fcntl resumed>) = 0 [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6762] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6762] <... futex resumed>) = 0 [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] ftruncate(4, 2048 [pid 6761] <... futex resumed>) = 0 [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6762] <... ftruncate resumed>) = 0 [pid 6762] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6761] <... futex resumed>) = 0 [pid 6762] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6761] <... futex resumed>) = 0 [pid 6762] lseek(4, 0, SEEK_END [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6762] <... lseek resumed>) = 2048 [pid 6762] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6761] <... futex resumed>) = 0 [pid 6762] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6761] <... futex resumed>) = 0 [pid 6762] open("./bus", O_RDONLY [ 269.060557][ T6762] loop0: detected capacity change from 0 to 4096 [ 269.070207][ T6762] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6762] <... open resumed>) = 5 [pid 6762] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6761] <... futex resumed>) = 0 [pid 6761] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6762] <... futex resumed>) = 1 [ 269.108864][ T27] audit: type=1804 audit(1671454849.849:559): pid=6762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/557/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6762] sendfile(4, 5, NULL, 145139829833722 [pid 6761] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6761] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6761] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6761] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6761] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6761] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6763], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6763 [pid 6761] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6761] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6763 attached [pid 6763] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6763] sendfile(4, 5, NULL, 145139829833722 [pid 6761] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6761] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6761] exit_group(0) = ? [pid 6763] <... sendfile resumed>) = ? [pid 6763] +++ exited with 0 +++ [pid 6762] <... sendfile resumed>) = ? [pid 6762] +++ exited with 0 +++ [pid 6761] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6761, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./557", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./557/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./557/binderfs") = 0 umount2("./557/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./557/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./557/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./557/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./557/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./557/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./557") = 0 mkdir("./558", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6764 ./strace-static-x86_64: Process 6764 attached [pid 6764] set_robust_list(0x5555556365e0, 24) = 0 [pid 6764] chdir("./558") = 0 [pid 6764] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6764] setpgid(0, 0) = 0 [pid 6764] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6764] write(3, "1000", 4) = 4 [pid 6764] close(3) = 0 [pid 6764] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6764] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6764] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6765 attached , parent_tid=[6765], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6765 [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6765] memfd_create("syzkaller", 0) = 3 [pid 6765] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6765] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6765] munmap(0x7f5499e77000, 2097152) = 0 [pid 6765] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6765] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6765] close(3) = 0 [pid 6765] mkdir("./bus", 0777) = 0 [pid 6765] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6765] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6765] chdir("./bus") = 0 [pid 6765] ioctl(4, LOOP_CLR_FD) = 0 [pid 6765] close(4) = 0 [pid 6765] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 0 [pid 6765] creat("./bus", 000) = 4 [pid 6765] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6765] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... fcntl resumed>) = 0 [pid 6764] <... futex resumed>) = 0 [pid 6765] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 0 [pid 6764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6765] ftruncate(4, 2048 [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... ftruncate resumed>) = 0 [pid 6765] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] <... futex resumed>) = 0 [pid 6765] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... futex resumed>) = 0 [pid 6765] lseek(4, 0, SEEK_END) = 2048 [pid 6765] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6764] <... futex resumed>) = 0 [pid 6765] <... futex resumed>) = 1 [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] open("./bus", O_RDONLY [pid 6764] <... futex resumed>) = 0 [ 269.446786][ T6765] loop0: detected capacity change from 0 to 4096 [ 269.466569][ T6765] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6765] <... open resumed>) = 5 [pid 6765] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6765] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6764] <... futex resumed>) = 0 [pid 6764] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] <... futex resumed>) = 0 [pid 6764] <... futex resumed>) = 1 [pid 6765] sendfile(4, 5, NULL, 145139829833722 [ 269.520744][ T27] audit: type=1804 audit(1671454850.259:560): pid=6765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/558/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6764] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6764] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6764] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6764] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6766], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6766 [pid 6764] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6764] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6766 attached [pid 6766] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6766] sendfile(4, 5, NULL, 145139829833722 [pid 6764] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6764] exit_group(0) = ? [pid 6766] <... sendfile resumed>) = ? [pid 6766] +++ exited with 0 +++ [pid 6765] <... sendfile resumed>) = ? [pid 6765] +++ exited with 0 +++ [pid 6764] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6764, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./558", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./558/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./558/binderfs") = 0 umount2("./558/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./558/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./558/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./558/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./558/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./558/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./558") = 0 mkdir("./559", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6767 ./strace-static-x86_64: Process 6767 attached [pid 6767] set_robust_list(0x5555556365e0, 24) = 0 [pid 6767] chdir("./559") = 0 [pid 6767] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6767] setpgid(0, 0) = 0 [pid 6767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6767] write(3, "1000", 4) = 4 [pid 6767] close(3) = 0 [pid 6767] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6767] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6767] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6768 attached [pid 6768] set_robust_list(0x7f54a22979e0, 24 [pid 6767] <... clone resumed>, parent_tid=[6768], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6768 [pid 6768] <... set_robust_list resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6768] memfd_create("syzkaller", 0) = 3 [pid 6768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6768] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6768] munmap(0x7f5499e77000, 2097152) = 0 [pid 6768] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6768] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6768] close(3) = 0 [pid 6768] mkdir("./bus", 0777) = 0 [pid 6768] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6768] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6768] chdir("./bus") = 0 [pid 6768] ioctl(4, LOOP_CLR_FD) = 0 [pid 6768] close(4) = 0 [pid 6768] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6768] <... futex resumed>) = 1 [pid 6768] creat("./bus", 000) = 4 [pid 6768] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6768] <... futex resumed>) = 1 [pid 6768] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6768] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6768] ftruncate(4, 2048) = 0 [pid 6768] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6768] lseek(4, 0, SEEK_END) = 2048 [pid 6768] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6768] open("./bus", O_RDONLY) = 5 [pid 6768] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 269.874709][ T6768] loop0: detected capacity change from 0 to 4096 [ 269.884454][ T6768] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6768] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] <... futex resumed>) = 0 [pid 6767] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6767] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6768] <... futex resumed>) = 0 [pid 6768] sendfile(4, 5, NULL, 145139829833722 [pid 6767] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6767] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6767] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6767] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6769], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6769 ./strace-static-x86_64: Process 6769 attached [pid 6769] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6769] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6769] <... futex resumed>) = 0 [pid 6769] sendfile(4, 5, NULL, 145139829833722 [ 269.933659][ T27] audit: type=1804 audit(1671454850.679:561): pid=6768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/559/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6767] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6767] exit_group(0) = ? [pid 6768] <... sendfile resumed>) = ? [pid 6768] +++ exited with 0 +++ [pid 6769] <... sendfile resumed>) = ? [pid 6769] +++ exited with 0 +++ [pid 6767] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6767, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./559", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./559/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./559/binderfs") = 0 umount2("./559/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./559/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./559/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./559/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./559/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./559/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./559") = 0 mkdir("./560", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6770 ./strace-static-x86_64: Process 6770 attached [pid 6770] set_robust_list(0x5555556365e0, 24) = 0 [pid 6770] chdir("./560") = 0 [pid 6770] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6770] setpgid(0, 0) = 0 [pid 6770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6770] write(3, "1000", 4) = 4 [pid 6770] close(3) = 0 [pid 6770] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6770] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6770] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6771], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6771 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6771 attached ) = 0 [pid 6771] set_robust_list(0x7f54a22979e0, 24 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6771] <... set_robust_list resumed>) = 0 [pid 6771] memfd_create("syzkaller", 0) = 3 [pid 6771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6771] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6771] munmap(0x7f5499e77000, 2097152) = 0 [pid 6771] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6771] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6771] close(3) = 0 [pid 6771] mkdir("./bus", 0777) = 0 [pid 6771] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6771] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6771] chdir("./bus") = 0 [pid 6771] ioctl(4, LOOP_CLR_FD) = 0 [pid 6771] close(4) = 0 [pid 6771] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6771] <... futex resumed>) = 0 [pid 6770] <... futex resumed>) = 1 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] creat("./bus", 000) = 4 [pid 6771] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6771] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] <... futex resumed>) = 1 [pid 6771] ftruncate(4, 2048) = 0 [pid 6771] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] <... futex resumed>) = 1 [pid 6771] lseek(4, 0, SEEK_END) = 2048 [pid 6771] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] <... futex resumed>) = 1 [ 270.257600][ T6771] loop0: detected capacity change from 0 to 4096 [ 270.267278][ T6771] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6771] open("./bus", O_RDONLY) = 5 [pid 6771] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] <... futex resumed>) = 1 [pid 6771] sendfile(4, 5, NULL, 145139829833722 [pid 6770] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6770] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6770] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6770] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6770] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6772], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6772 ./strace-static-x86_64: Process 6772 attached [pid 6772] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6772] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6772] <... futex resumed>) = 0 [pid 6770] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 270.316100][ T27] audit: type=1804 audit(1671454851.059:562): pid=6771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/560/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6772] sendfile(4, 5, NULL, 145139829833722 [pid 6770] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6770] exit_group(0) = ? [pid 6771] <... sendfile resumed>) = ? [pid 6771] +++ exited with 0 +++ [pid 6772] <... sendfile resumed>) = ? [pid 6772] +++ exited with 0 +++ [pid 6770] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6770, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./560", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./560/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./560/binderfs") = 0 umount2("./560/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./560/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./560/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./560/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./560/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./560/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./560") = 0 mkdir("./561", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6773 ./strace-static-x86_64: Process 6773 attached [pid 6773] set_robust_list(0x5555556365e0, 24) = 0 [pid 6773] chdir("./561") = 0 [pid 6773] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6773] setpgid(0, 0) = 0 [pid 6773] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6773] write(3, "1000", 4) = 4 [pid 6773] close(3) = 0 [pid 6773] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6773] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6773] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6774], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6774 [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6774 attached [pid 6774] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6774] memfd_create("syzkaller", 0) = 3 [pid 6774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6774] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6774] munmap(0x7f5499e77000, 2097152) = 0 [pid 6774] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6774] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6774] close(3) = 0 [pid 6774] mkdir("./bus", 0777) = 0 [pid 6774] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6774] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6774] chdir("./bus") = 0 [pid 6774] ioctl(4, LOOP_CLR_FD) = 0 [ 270.632902][ T6774] loop0: detected capacity change from 0 to 4096 [ 270.642661][ T6774] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6774] close(4) = 0 [pid 6774] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6774] creat("./bus", 000 [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... creat resumed>) = 4 [pid 6774] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... futex resumed>) = 1 [pid 6774] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6774] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... futex resumed>) = 0 [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6774] ftruncate(4, 2048 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... ftruncate resumed>) = 0 [pid 6774] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... futex resumed>) = 0 [pid 6774] <... futex resumed>) = 1 [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] lseek(4, 0, SEEK_END [pid 6773] <... futex resumed>) = 0 [pid 6774] <... lseek resumed>) = 2048 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] <... futex resumed>) = 0 [pid 6774] open("./bus", O_RDONLY [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] <... open resumed>) = 5 [pid 6774] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6774] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6773] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... futex resumed>) = 0 [pid 6773] <... futex resumed>) = 1 [pid 6774] sendfile(4, 5, NULL, 145139829833722 [ 270.674627][ T27] audit: type=1804 audit(1671454851.419:563): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/561/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6773] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6773] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6773] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6773] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6773] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6775 attached , parent_tid=[6775], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6775 [pid 6775] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6775] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6773] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6775] <... futex resumed>) = 0 [pid 6773] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6775] sendfile(4, 5, NULL, 145139829833722 [pid 6773] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6773] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6773] exit_group(0) = ? [pid 6775] <... sendfile resumed>) = ? [pid 6774] <... sendfile resumed>) = ? [pid 6774] +++ exited with 0 +++ [pid 6775] +++ exited with 0 +++ [pid 6773] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6773, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./561", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./561/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./561/binderfs") = 0 umount2("./561/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./561/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./561/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./561/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./561/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./561/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./561") = 0 mkdir("./562", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6776 ./strace-static-x86_64: Process 6776 attached [pid 6776] set_robust_list(0x5555556365e0, 24) = 0 [pid 6776] chdir("./562") = 0 [pid 6776] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6776] setpgid(0, 0) = 0 [pid 6776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6776] write(3, "1000", 4) = 4 [pid 6776] close(3) = 0 [pid 6776] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6776] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6776] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6777], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6777 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6777 attached [pid 6777] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6777] memfd_create("syzkaller", 0) = 3 [pid 6777] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6777] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6777] munmap(0x7f5499e77000, 2097152) = 0 [pid 6777] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6777] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6777] close(3) = 0 [pid 6777] mkdir("./bus", 0777) = 0 [pid 6777] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6777] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6777] chdir("./bus") = 0 [pid 6777] ioctl(4, LOOP_CLR_FD) = 0 [pid 6777] close(4) = 0 [pid 6777] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] <... futex resumed>) = 0 [pid 6777] creat("./bus", 000) = 4 [pid 6777] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6777] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] ftruncate(4, 2048) = 0 [pid 6777] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] lseek(4, 0, SEEK_END) = 2048 [pid 6777] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] open("./bus", O_RDONLY) = 5 [ 271.037398][ T6777] loop0: detected capacity change from 0 to 4096 [ 271.046775][ T6777] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6777] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6777] <... futex resumed>) = 0 [pid 6777] sendfile(4, 5, NULL, 145139829833722 [pid 6776] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6776] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6776] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6776] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6776] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6778 attached , parent_tid=[6778], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6778 [pid 6778] set_robust_list(0x7f549a0769e0, 24 [pid 6776] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6778] <... set_robust_list resumed>) = 0 [ 271.093147][ T27] audit: type=1804 audit(1671454851.839:564): pid=6777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/562/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6776] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6778] sendfile(4, 5, NULL, 145139829833722 [pid 6776] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6776] exit_group(0) = ? [pid 6778] <... sendfile resumed>) = ? [pid 6778] +++ exited with 0 +++ [pid 6777] <... sendfile resumed>) = ? [pid 6777] +++ exited with 0 +++ [pid 6776] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6776, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./562", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./562/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./562/binderfs") = 0 umount2("./562/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./562/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./562/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./562/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./562/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./562/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./562") = 0 mkdir("./563", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6779 ./strace-static-x86_64: Process 6779 attached [pid 6779] set_robust_list(0x5555556365e0, 24) = 0 [pid 6779] chdir("./563") = 0 [pid 6779] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6779] setpgid(0, 0) = 0 [pid 6779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6779] write(3, "1000", 4) = 4 [pid 6779] close(3) = 0 [pid 6779] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6779] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6779] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6780], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6780 [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6780 attached [pid 6780] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6780] memfd_create("syzkaller", 0) = 3 [pid 6780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6780] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6780] munmap(0x7f5499e77000, 2097152) = 0 [pid 6780] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6780] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6780] close(3) = 0 [pid 6780] mkdir("./bus", 0777) = 0 [pid 6780] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6780] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6780] chdir("./bus") = 0 [pid 6780] ioctl(4, LOOP_CLR_FD) = 0 [pid 6780] close(4) = 0 [pid 6780] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] <... futex resumed>) = 0 [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... futex resumed>) = 1 [pid 6780] creat("./bus", 000) = 4 [pid 6780] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6780] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] <... futex resumed>) = 0 [pid 6780] <... futex resumed>) = 1 [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] ftruncate(4, 2048 [pid 6779] <... futex resumed>) = 0 [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... ftruncate resumed>) = 0 [pid 6780] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] <... futex resumed>) = 0 [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6780] lseek(4, 0, SEEK_END [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... lseek resumed>) = 2048 [pid 6780] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6780] open("./bus", O_RDONLY [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... open resumed>) = 5 [pid 6779] <... futex resumed>) = 0 [pid 6780] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 271.417550][ T6780] loop0: detected capacity change from 0 to 4096 [ 271.427411][ T6780] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6780] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6779] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6780] <... futex resumed>) = 0 [pid 6780] sendfile(4, 5, NULL, 145139829833722 [pid 6779] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6779] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6779] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6779] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6779] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6781 attached , parent_tid=[6781], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6781 [pid 6781] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6779] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6781] sendfile(4, 5, NULL, 145139829833722 [ 271.475755][ T27] audit: type=1804 audit(1671454852.219:565): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/563/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6779] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6779] exit_group(0) = ? [pid 6780] <... sendfile resumed>) = ? [pid 6780] +++ exited with 0 +++ [pid 6781] <... sendfile resumed>) = ? [pid 6781] +++ exited with 0 +++ [pid 6779] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6779, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./563", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./563/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./563/binderfs") = 0 umount2("./563/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./563/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./563/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./563/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./563/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./563/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./563") = 0 mkdir("./564", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6782 ./strace-static-x86_64: Process 6782 attached [pid 6782] set_robust_list(0x5555556365e0, 24) = 0 [pid 6782] chdir("./564") = 0 [pid 6782] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6782] setpgid(0, 0) = 0 [pid 6782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6782] write(3, "1000", 4) = 4 [pid 6782] close(3) = 0 [pid 6782] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6782] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6782] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6783], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6783 ./strace-static-x86_64: Process 6783 attached [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6783] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6783] memfd_create("syzkaller", 0) = 3 [pid 6783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6783] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6783] munmap(0x7f5499e77000, 2097152) = 0 [pid 6783] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6783] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6783] close(3) = 0 [pid 6783] mkdir("./bus", 0777) = 0 [pid 6783] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6783] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6783] chdir("./bus") = 0 [pid 6783] ioctl(4, LOOP_CLR_FD) = 0 [pid 6783] close(4) = 0 [pid 6783] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6783] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6782] <... futex resumed>) = 0 [pid 6783] creat("./bus", 000 [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... creat resumed>) = 4 [pid 6783] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6783] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6782] <... futex resumed>) = 0 [pid 6783] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... fcntl resumed>) = 0 [pid 6783] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6783] ftruncate(4, 2048 [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... ftruncate resumed>) = 0 [pid 6783] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6783] lseek(4, 0, SEEK_END [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... lseek resumed>) = 2048 [pid 6782] <... futex resumed>) = 0 [pid 6783] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 271.809927][ T6783] loop0: detected capacity change from 0 to 4096 [ 271.819557][ T6783] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... futex resumed>) = 0 [pid 6782] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6783] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6782] <... futex resumed>) = 0 [pid 6783] open("./bus", O_RDONLY [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... open resumed>) = 5 [pid 6783] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6783] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6782] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6782] <... futex resumed>) = 0 [pid 6783] sendfile(4, 5, NULL, 145139829833722 [ 271.871998][ T27] audit: type=1804 audit(1671454852.619:566): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/564/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6782] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6782] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6782] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6782] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6784], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6784 [pid 6782] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6784 attached ) = 0 [pid 6784] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6784] sendfile(4, 5, NULL, 145139829833722 [pid 6782] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6782] exit_group(0) = ? [pid 6784] <... sendfile resumed>) = ? [pid 6784] +++ exited with 0 +++ [pid 6783] <... sendfile resumed>) = ? [pid 6783] +++ exited with 0 +++ [pid 6782] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6782, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./564", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./564/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./564/binderfs") = 0 umount2("./564/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./564/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./564/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./564/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./564/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./564/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./564") = 0 mkdir("./565", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6785 ./strace-static-x86_64: Process 6785 attached [pid 6785] set_robust_list(0x5555556365e0, 24) = 0 [pid 6785] chdir("./565") = 0 [pid 6785] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6785] setpgid(0, 0) = 0 [pid 6785] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6785] write(3, "1000", 4) = 4 [pid 6785] close(3) = 0 [pid 6785] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6785] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6785] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6786], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6786 [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6786 attached [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6786] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6786] memfd_create("syzkaller", 0) = 3 [pid 6786] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6786] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6786] munmap(0x7f5499e77000, 2097152) = 0 [pid 6786] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6786] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6786] close(3) = 0 [pid 6786] mkdir("./bus", 0777) = 0 [pid 6786] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6786] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6786] chdir("./bus") = 0 [pid 6786] ioctl(4, LOOP_CLR_FD) = 0 [pid 6786] close(4) = 0 [pid 6786] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6786] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6785] <... futex resumed>) = 0 [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = 0 [pid 6785] <... futex resumed>) = 1 [pid 6786] creat("./bus", 000 [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] <... creat resumed>) = 4 [pid 6786] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] <... futex resumed>) = 0 [pid 6786] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6785] <... futex resumed>) = 0 [pid 6786] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] <... fcntl resumed>) = 0 [pid 6786] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] <... futex resumed>) = 0 [pid 6786] ftruncate(4, 2048 [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6786] <... ftruncate resumed>) = 0 [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] <... futex resumed>) = 0 [pid 6786] lseek(4, 0, SEEK_END [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... lseek resumed>) = 2048 [pid 6785] <... futex resumed>) = 0 [pid 6786] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] <... futex resumed>) = 0 [pid 6785] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6786] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6785] <... futex resumed>) = 0 [pid 6786] open("./bus", O_RDONLY [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6786] <... open resumed>) = 5 [pid 6786] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6785] <... futex resumed>) = 0 [pid 6786] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6785] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 272.218267][ T6786] loop0: detected capacity change from 0 to 4096 [ 272.228103][ T6786] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6785] <... futex resumed>) = 0 [pid 6786] sendfile(4, 5, NULL, 145139829833722 [pid 6785] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6785] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6785] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6785] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6785] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6787 attached , parent_tid=[6787], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6787 [pid 6787] set_robust_list(0x7f549a0769e0, 24 [pid 6785] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6787] <... set_robust_list resumed>) = 0 [pid 6785] <... futex resumed>) = 0 [pid 6787] sendfile(4, 5, NULL, 145139829833722 [pid 6785] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6785] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6785] exit_group(0 [pid 6787] <... sendfile resumed>) = ? [pid 6785] <... exit_group resumed>) = ? [pid 6786] <... sendfile resumed>) = ? [pid 6786] +++ exited with 0 +++ [pid 6787] +++ exited with 0 +++ [pid 6785] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6785, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./565", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./565/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./565/binderfs") = 0 umount2("./565/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./565/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./565/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./565/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./565/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./565/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./565") = 0 mkdir("./566", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6788 ./strace-static-x86_64: Process 6788 attached [pid 6788] set_robust_list(0x5555556365e0, 24) = 0 [pid 6788] chdir("./566") = 0 [pid 6788] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6788] setpgid(0, 0) = 0 [pid 6788] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6788] write(3, "1000", 4) = 4 [pid 6788] close(3) = 0 [pid 6788] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6788] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6788] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6789 attached , parent_tid=[6789], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6789 [pid 6789] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6789] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6789] <... futex resumed>) = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6789] memfd_create("syzkaller", 0) = 3 [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6789] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6789] munmap(0x7f5499e77000, 2097152) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6789] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6789] close(3) = 0 [pid 6789] mkdir("./bus", 0777) = 0 [pid 6789] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6789] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6789] chdir("./bus") = 0 [pid 6789] ioctl(4, LOOP_CLR_FD) = 0 [pid 6789] close(4) = 0 [pid 6789] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... futex resumed>) = 1 [pid 6789] creat("./bus", 000) = 4 [pid 6789] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... futex resumed>) = 1 [pid 6789] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6789] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... futex resumed>) = 1 [pid 6789] ftruncate(4, 2048) = 0 [pid 6789] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... futex resumed>) = 1 [pid 6789] lseek(4, 0, SEEK_END) = 2048 [pid 6789] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6788] <... futex resumed>) = 0 [pid 6789] <... futex resumed>) = 1 [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] open("./bus", O_RDONLY [pid 6788] <... futex resumed>) = 0 [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6789] <... open resumed>) = 5 [pid 6789] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6788] <... futex resumed>) = 0 [pid 6789] sendfile(4, 5, NULL, 145139829833722 [pid 6788] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 272.594332][ T6789] loop0: detected capacity change from 0 to 4096 [ 272.605053][ T6789] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6788] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6788] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6788] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6788] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6790], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6790 [pid 6788] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6788] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6790 attached [pid 6790] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6790] sendfile(4, 5, NULL, 145139829833722 [pid 6788] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6788] exit_group(0) = ? [pid 6790] <... sendfile resumed>) = ? [pid 6789] <... sendfile resumed>) = ? [pid 6789] +++ exited with 0 +++ [pid 6790] +++ exited with 0 +++ [pid 6788] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6788, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./566", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./566/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./566/binderfs") = 0 umount2("./566/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./566/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./566/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./566/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./566/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./566/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./566") = 0 mkdir("./567", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6791 attached [pid 6791] set_robust_list(0x5555556365e0, 24) = 0 [pid 6791] chdir("./567") = 0 [pid 6791] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] <... clone resumed>, child_tidptr=0x5555556365d0) = 6791 [pid 6791] setpgid(0, 0) = 0 [pid 6791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6791] write(3, "1000", 4) = 4 [pid 6791] close(3) = 0 [pid 6791] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6791] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6791] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6792], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6792 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6792 attached [pid 6792] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6792] memfd_create("syzkaller", 0) = 3 [pid 6792] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6792] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6792] munmap(0x7f5499e77000, 2097152) = 0 [pid 6792] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6792] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6792] close(3) = 0 [pid 6792] mkdir("./bus", 0777) = 0 [pid 6792] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6792] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6792] chdir("./bus") = 0 [pid 6792] ioctl(4, LOOP_CLR_FD) = 0 [pid 6792] close(4) = 0 [pid 6792] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... futex resumed>) = 1 [pid 6792] creat("./bus", 000) = 4 [pid 6792] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... futex resumed>) = 1 [pid 6792] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6792] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... futex resumed>) = 1 [pid 6792] ftruncate(4, 2048) = 0 [pid 6792] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... futex resumed>) = 1 [pid 6792] lseek(4, 0, SEEK_END) = 2048 [pid 6792] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... futex resumed>) = 1 [pid 6792] open("./bus", O_RDONLY) = 5 [pid 6792] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... futex resumed>) = 0 [pid 6791] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6792] <... futex resumed>) = 1 [ 272.971673][ T6792] loop0: detected capacity change from 0 to 4096 [ 272.981264][ T6792] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6792] sendfile(4, 5, NULL, 145139829833722 [pid 6791] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6791] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6791] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6791] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6793], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6793 [pid 6791] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6791] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6793 attached [pid 6793] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6793] sendfile(4, 5, NULL, 145139829833722 [pid 6791] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6791] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6791] exit_group(0) = ? [pid 6792] <... sendfile resumed>) = ? [pid 6793] <... sendfile resumed>) = ? [pid 6792] +++ exited with 0 +++ [pid 6793] +++ exited with 0 +++ [pid 6791] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6791, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./567", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./567/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./567/binderfs") = 0 umount2("./567/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./567/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./567/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./567/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./567/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./567/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./567") = 0 mkdir("./568", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6794 ./strace-static-x86_64: Process 6794 attached [pid 6794] set_robust_list(0x5555556365e0, 24) = 0 [pid 6794] chdir("./568") = 0 [pid 6794] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6794] setpgid(0, 0) = 0 [pid 6794] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6794] write(3, "1000", 4) = 4 [pid 6794] close(3) = 0 [pid 6794] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6794] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6794] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6795 attached , parent_tid=[6795], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6795 [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6795] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6795] memfd_create("syzkaller", 0) = 3 [pid 6795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6795] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6795] munmap(0x7f5499e77000, 2097152) = 0 [pid 6795] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6795] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6795] close(3) = 0 [pid 6795] mkdir("./bus", 0777) = 0 [pid 6795] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6795] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6795] chdir("./bus") = 0 [pid 6795] ioctl(4, LOOP_CLR_FD) = 0 [pid 6795] close(4) = 0 [pid 6795] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] creat("./bus", 000 [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... creat resumed>) = 4 [pid 6795] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6795] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... fcntl resumed>) = 0 [pid 6795] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] ftruncate(4, 2048 [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... ftruncate resumed>) = 0 [pid 6795] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] lseek(4, 0, SEEK_END [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... lseek resumed>) = 2048 [pid 6794] <... futex resumed>) = 0 [pid 6795] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... futex resumed>) = 0 [pid 6794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6795] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [ 273.349453][ T6795] loop0: detected capacity change from 0 to 4096 [ 273.359405][ T6795] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] <... futex resumed>) = 0 [pid 6795] open("./bus", O_RDONLY [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] <... open resumed>) = 5 [pid 6795] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6794] <... futex resumed>) = 0 [pid 6795] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] <... futex resumed>) = 0 [pid 6795] sendfile(4, 5, NULL, 145139829833722 [pid 6794] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6794] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6794] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6794] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6796], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6796 [pid 6794] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6794] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6796 attached [pid 6796] set_robust_list(0x7f549a0769e0, 24) = 0 [ 273.407890][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 273.407905][ T27] audit: type=1804 audit(1671454854.149:570): pid=6795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/568/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6796] sendfile(4, 5, NULL, 145139829833722 [pid 6794] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6794] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6794] exit_group(0) = ? [pid 6795] <... sendfile resumed>) = ? [pid 6795] +++ exited with 0 +++ [pid 6796] <... sendfile resumed>) = ? [pid 6796] +++ exited with 0 +++ [pid 6794] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6794, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./568", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./568/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./568/binderfs") = 0 umount2("./568/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./568/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./568/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./568/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./568/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./568/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./568") = 0 mkdir("./569", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6797 ./strace-static-x86_64: Process 6797 attached [pid 6797] set_robust_list(0x5555556365e0, 24) = 0 [pid 6797] chdir("./569") = 0 [pid 6797] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6797] setpgid(0, 0) = 0 [pid 6797] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6797] write(3, "1000", 4) = 4 [pid 6797] close(3) = 0 [pid 6797] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6797] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6797] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6798 attached , parent_tid=[6798], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6798 [pid 6798] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6798] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6798] memfd_create("syzkaller", 0) = 3 [pid 6798] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6798] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6798] munmap(0x7f5499e77000, 2097152) = 0 [pid 6798] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6798] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6798] close(3) = 0 [pid 6798] mkdir("./bus", 0777) = 0 [pid 6798] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6798] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6798] chdir("./bus") = 0 [pid 6798] ioctl(4, LOOP_CLR_FD) = 0 [pid 6798] close(4) = 0 [pid 6798] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... futex resumed>) = 0 [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] <... futex resumed>) = 1 [pid 6798] creat("./bus", 000) = 4 [pid 6798] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6797] <... futex resumed>) = 0 [pid 6798] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... fcntl resumed>) = 0 [pid 6797] <... futex resumed>) = 0 [pid 6798] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] <... futex resumed>) = 0 [pid 6797] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6798] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6797] <... futex resumed>) = 0 [pid 6798] ftruncate(4, 2048 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] <... ftruncate resumed>) = 0 [pid 6798] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6797] <... futex resumed>) = 0 [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] lseek(4, 0, SEEK_END) = 2048 [pid 6798] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6797] <... futex resumed>) = 0 [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 273.732016][ T6798] loop0: detected capacity change from 0 to 4096 [ 273.741717][ T6798] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] open("./bus", O_RDONLY) = 5 [pid 6798] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] <... futex resumed>) = 0 [pid 6797] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6797] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6798] <... futex resumed>) = 1 [ 273.791273][ T27] audit: type=1804 audit(1671454854.539:571): pid=6798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/569/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6798] sendfile(4, 5, NULL, 145139829833722 [pid 6797] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6797] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6797] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6797] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6797] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6799 attached , parent_tid=[6799], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6799 [pid 6799] set_robust_list(0x7f549a0769e0, 24 [pid 6797] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6799] <... set_robust_list resumed>) = 0 [pid 6797] <... futex resumed>) = 0 [pid 6799] sendfile(4, 5, NULL, 145139829833722 [pid 6797] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6797] exit_group(0) = ? [pid 6798] <... sendfile resumed>) = ? [pid 6798] +++ exited with 0 +++ [pid 6799] <... sendfile resumed>) = ? [pid 6799] +++ exited with 0 +++ [pid 6797] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6797, si_uid=0, si_status=0, si_utime=0, si_stime=31 /* 0.31 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./569", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./569/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./569/binderfs") = 0 umount2("./569/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./569/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./569/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./569/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./569/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./569/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./569") = 0 mkdir("./570", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6800 ./strace-static-x86_64: Process 6800 attached [pid 6800] set_robust_list(0x5555556365e0, 24) = 0 [pid 6800] chdir("./570") = 0 [pid 6800] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6800] setpgid(0, 0) = 0 [pid 6800] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6800] write(3, "1000", 4) = 4 [pid 6800] close(3) = 0 [pid 6800] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6800] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6800] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6801 attached , parent_tid=[6801], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6801 [pid 6801] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6801] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6801] <... futex resumed>) = 0 [pid 6801] memfd_create("syzkaller", 0) = 3 [pid 6801] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6801] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6801] munmap(0x7f5499e77000, 2097152) = 0 [pid 6801] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6801] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6801] close(3) = 0 [pid 6801] mkdir("./bus", 0777) = 0 [pid 6801] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6801] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6801] chdir("./bus") = 0 [pid 6801] ioctl(4, LOOP_CLR_FD) = 0 [pid 6801] close(4) = 0 [pid 6801] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] <... futex resumed>) = 0 [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] creat("./bus", 000) = 4 [pid 6801] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6801] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6800] <... futex resumed>) = 0 [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] <... futex resumed>) = 0 [pid 6801] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6801] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6800] <... futex resumed>) = 0 [ 274.132584][ T6801] loop0: detected capacity change from 0 to 4096 [ 274.142654][ T6801] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] <... futex resumed>) = 1 [pid 6801] ftruncate(4, 2048) = 0 [pid 6801] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] <... futex resumed>) = 0 [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6801] lseek(4, 0, SEEK_END [pid 6800] <... futex resumed>) = 0 [pid 6801] <... lseek resumed>) = 2048 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] <... futex resumed>) = 0 [pid 6801] open("./bus", O_RDONLY [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] <... open resumed>) = 5 [pid 6801] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6800] <... futex resumed>) = 0 [pid 6801] sendfile(4, 5, NULL, 145139829833722 [pid 6800] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6800] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6800] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6800] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6800] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6802 attached , parent_tid=[6802], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6802 [pid 6802] set_robust_list(0x7f549a0769e0, 24 [pid 6800] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6802] <... set_robust_list resumed>) = 0 [pid 6800] <... futex resumed>) = 0 [pid 6802] sendfile(4, 5, NULL, 145139829833722 [ 274.202396][ T27] audit: type=1804 audit(1671454854.949:572): pid=6801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/570/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6800] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6800] exit_group(0) = ? [pid 6802] <... sendfile resumed>) = ? [pid 6802] +++ exited with 0 +++ [pid 6801] <... sendfile resumed>) = ? [pid 6801] +++ exited with 0 +++ [pid 6800] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6800, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./570", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./570/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./570/binderfs") = 0 umount2("./570/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./570/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./570/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./570/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./570/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./570/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./570") = 0 mkdir("./571", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6803 ./strace-static-x86_64: Process 6803 attached [pid 6803] set_robust_list(0x5555556365e0, 24) = 0 [pid 6803] chdir("./571") = 0 [pid 6803] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6803] setpgid(0, 0) = 0 [pid 6803] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6803] write(3, "1000", 4) = 4 [pid 6803] close(3) = 0 [pid 6803] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6803] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6803] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6804], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6804 [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6804 attached [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6804] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6804] memfd_create("syzkaller", 0) = 3 [pid 6804] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6804] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6804] munmap(0x7f5499e77000, 2097152) = 0 [pid 6804] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6804] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6804] close(3) = 0 [pid 6804] mkdir("./bus", 0777) = 0 [pid 6804] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6804] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6804] chdir("./bus") = 0 [pid 6804] ioctl(4, LOOP_CLR_FD) = 0 [pid 6804] close(4) = 0 [pid 6804] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6803] <... futex resumed>) = 0 [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] <... futex resumed>) = 0 [pid 6804] creat("./bus", 000) = 4 [pid 6804] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6804] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... fcntl resumed>) = 0 [pid 6803] <... futex resumed>) = 0 [pid 6804] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] <... futex resumed>) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6804] ftruncate(4, 2048 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] <... ftruncate resumed>) = 0 [pid 6804] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] lseek(4, 0, SEEK_END [pid 6803] <... futex resumed>) = 0 [pid 6804] <... lseek resumed>) = 2048 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6803] <... futex resumed>) = 0 [pid 6804] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [ 274.530871][ T6804] loop0: detected capacity change from 0 to 4096 [ 274.540453][ T6804] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6803] <... futex resumed>) = 0 [pid 6804] open("./bus", O_RDONLY [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6804] <... open resumed>) = 5 [pid 6804] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6804] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6803] <... futex resumed>) = 0 [pid 6803] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6804] <... futex resumed>) = 0 [pid 6803] <... futex resumed>) = 1 [pid 6804] sendfile(4, 5, NULL, 145139829833722 [pid 6803] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6803] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6803] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6803] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6805], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6805 [pid 6803] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6803] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6805 attached [pid 6805] set_robust_list(0x7f549a0769e0, 24) = 0 [ 274.586920][ T27] audit: type=1804 audit(1671454855.329:573): pid=6804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/571/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6805] sendfile(4, 5, NULL, 145139829833722 [pid 6803] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6803] exit_group(0) = ? [pid 6805] <... sendfile resumed>) = ? [pid 6805] +++ exited with 0 +++ [pid 6804] <... sendfile resumed>) = ? [pid 6804] +++ exited with 0 +++ [pid 6803] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6803, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./571", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./571/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./571/binderfs") = 0 umount2("./571/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./571/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./571/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./571/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./571/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./571/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./571") = 0 mkdir("./572", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6806 ./strace-static-x86_64: Process 6806 attached [pid 6806] set_robust_list(0x5555556365e0, 24) = 0 [pid 6806] chdir("./572") = 0 [pid 6806] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6806] setpgid(0, 0) = 0 [pid 6806] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6806] write(3, "1000", 4) = 4 [pid 6806] close(3) = 0 [pid 6806] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6806] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6806] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6807], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6807 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6807 attached [pid 6807] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6807] memfd_create("syzkaller", 0) = 3 [pid 6807] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6807] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6807] munmap(0x7f5499e77000, 2097152) = 0 [pid 6807] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6807] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6807] close(3) = 0 [pid 6807] mkdir("./bus", 0777) = 0 [pid 6807] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6807] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6807] chdir("./bus") = 0 [pid 6807] ioctl(4, LOOP_CLR_FD) = 0 [pid 6807] close(4) = 0 [pid 6807] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 1 [pid 6807] creat("./bus", 000) = 4 [pid 6807] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 1 [pid 6807] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6807] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 1 [ 274.917909][ T6807] loop0: detected capacity change from 0 to 4096 [ 274.927376][ T6807] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6807] ftruncate(4, 2048) = 0 [pid 6807] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 1 [pid 6807] lseek(4, 0, SEEK_END) = 2048 [pid 6807] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 1 [pid 6807] open("./bus", O_RDONLY) = 5 [pid 6807] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6807] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6806] <... futex resumed>) = 0 [pid 6806] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6806] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6807] <... futex resumed>) = 0 [ 274.968374][ T27] audit: type=1804 audit(1671454855.709:574): pid=6807 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/572/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6807] sendfile(4, 5, NULL, 145139829833722 [pid 6806] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6806] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6806] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6806] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6806] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6808 attached , parent_tid=[6808], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6808 [pid 6808] set_robust_list(0x7f549a0769e0, 24 [pid 6806] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6808] <... set_robust_list resumed>) = 0 [pid 6806] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6808] sendfile(4, 5, NULL, 145139829833722 [pid 6806] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6806] exit_group(0) = ? [pid 6807] <... sendfile resumed>) = ? [pid 6807] +++ exited with 0 +++ [pid 6808] <... sendfile resumed>) = ? [pid 6808] +++ exited with 0 +++ [pid 6806] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6806, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./572", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./572/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./572/binderfs") = 0 umount2("./572/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./572/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./572/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./572/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./572/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./572/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./572") = 0 mkdir("./573", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6809 ./strace-static-x86_64: Process 6809 attached [pid 6809] set_robust_list(0x5555556365e0, 24) = 0 [pid 6809] chdir("./573") = 0 [pid 6809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6809] setpgid(0, 0) = 0 [pid 6809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6809] write(3, "1000", 4) = 4 [pid 6809] close(3) = 0 [pid 6809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6809] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6809] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6810], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6810 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6810 attached [pid 6810] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6810] memfd_create("syzkaller", 0) = 3 [pid 6810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6810] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6810] munmap(0x7f5499e77000, 2097152) = 0 [pid 6810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6810] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6810] close(3) = 0 [pid 6810] mkdir("./bus", 0777) = 0 [pid 6810] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6810] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6810] chdir("./bus") = 0 [pid 6810] ioctl(4, LOOP_CLR_FD) = 0 [pid 6810] close(4) = 0 [pid 6810] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... futex resumed>) = 1 [pid 6810] creat("./bus", 000) = 4 [pid 6810] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... futex resumed>) = 1 [pid 6810] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6810] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... futex resumed>) = 1 [pid 6810] ftruncate(4, 2048) = 0 [pid 6810] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... futex resumed>) = 1 [pid 6810] lseek(4, 0, SEEK_END) = 2048 [pid 6810] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... futex resumed>) = 1 [ 275.307652][ T6810] loop0: detected capacity change from 0 to 4096 [ 275.317099][ T6810] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6810] open("./bus", O_RDONLY) = 5 [pid 6810] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6810] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6809] <... futex resumed>) = 0 [pid 6809] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6809] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... futex resumed>) = 0 [ 275.350473][ T27] audit: type=1804 audit(1671454856.089:575): pid=6810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/573/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6810] sendfile(4, 5, NULL, 145139829833722 [pid 6809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6809] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6809] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6809] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6811], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6811 [pid 6809] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6811 attached [pid 6811] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6811] sendfile(4, 5, NULL, 145139829833722 [pid 6809] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6809] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6809] exit_group(0) = ? [pid 6811] <... sendfile resumed>) = ? [pid 6811] +++ exited with 0 +++ [pid 6810] <... sendfile resumed>) = ? [pid 6810] +++ exited with 0 +++ [pid 6809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6809, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./573", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./573/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./573/binderfs") = 0 umount2("./573/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./573/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./573/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./573/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./573/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./573/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./573") = 0 mkdir("./574", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6812 ./strace-static-x86_64: Process 6812 attached [pid 6812] set_robust_list(0x5555556365e0, 24) = 0 [pid 6812] chdir("./574") = 0 [pid 6812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6812] setpgid(0, 0) = 0 [pid 6812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6812] write(3, "1000", 4) = 4 [pid 6812] close(3) = 0 [pid 6812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6812] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6812] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6813], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6813 [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6813 attached [pid 6813] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6813] memfd_create("syzkaller", 0) = 3 [pid 6813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6813] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6813] munmap(0x7f5499e77000, 2097152) = 0 [pid 6813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6813] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6813] close(3) = 0 [pid 6813] mkdir("./bus", 0777) = 0 [pid 6813] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6813] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6813] chdir("./bus") = 0 [pid 6813] ioctl(4, LOOP_CLR_FD) = 0 [pid 6813] close(4) = 0 [pid 6813] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6812] <... futex resumed>) = 0 [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] creat("./bus", 000) = 4 [pid 6813] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6812] <... futex resumed>) = 0 [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6813] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6812] <... futex resumed>) = 0 [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] ftruncate(4, 2048) = 0 [pid 6813] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6812] <... futex resumed>) = 0 [pid 6813] lseek(4, 0, SEEK_END [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... lseek resumed>) = 2048 [pid 6812] <... futex resumed>) = 0 [pid 6813] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] <... futex resumed>) = 0 [pid 6812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] open("./bus", O_RDONLY [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6813] <... open resumed>) = 5 [pid 6812] <... futex resumed>) = 0 [pid 6813] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6813] <... futex resumed>) = 0 [pid 6812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] sendfile(4, 5, NULL, 145139829833722 [pid 6812] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 275.701102][ T6813] loop0: detected capacity change from 0 to 4096 [ 275.710105][ T6813] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6812] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6812] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6812] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6812] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6814 attached , parent_tid=[6814], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6814 [pid 6814] set_robust_list(0x7f549a0769e0, 24 [pid 6812] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... set_robust_list resumed>) = 0 [pid 6812] <... futex resumed>) = 0 [pid 6812] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 275.758410][ T27] audit: type=1804 audit(1671454856.499:576): pid=6813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/574/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6814] sendfile(4, 5, NULL, 145139829833722 [pid 6812] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6812] exit_group(0) = ? [pid 6814] <... sendfile resumed>) = ? [pid 6813] <... sendfile resumed>) = ? [pid 6813] +++ exited with 0 +++ [pid 6814] +++ exited with 0 +++ [pid 6812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6812, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./574", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./574/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./574/binderfs") = 0 umount2("./574/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./574/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./574/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./574/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./574/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./574/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./574") = 0 mkdir("./575", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6815 ./strace-static-x86_64: Process 6815 attached [pid 6815] set_robust_list(0x5555556365e0, 24) = 0 [pid 6815] chdir("./575") = 0 [pid 6815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6815] setpgid(0, 0) = 0 [pid 6815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6815] write(3, "1000", 4) = 4 [pid 6815] close(3) = 0 [pid 6815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6815] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6815] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6816 attached , parent_tid=[6816], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6816 [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] set_robust_list(0x7f54a22979e0, 24 [pid 6815] <... futex resumed>) = 0 [pid 6816] <... set_robust_list resumed>) = 0 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6816] memfd_create("syzkaller", 0) = 3 [pid 6816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6816] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6816] munmap(0x7f5499e77000, 2097152) = 0 [pid 6816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6816] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6816] close(3) = 0 [pid 6816] mkdir("./bus", 0777) = 0 [pid 6816] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6816] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6816] chdir("./bus") = 0 [pid 6816] ioctl(4, LOOP_CLR_FD) = 0 [pid 6816] close(4) = 0 [pid 6816] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6816] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6815] <... futex resumed>) = 0 [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6816] <... futex resumed>) = 0 [pid 6816] creat("./bus", 000) = 4 [pid 6816] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6816] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6815] <... futex resumed>) = 1 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6816] <... futex resumed>) = 0 [pid 6816] ftruncate(4, 2048) = 0 [pid 6816] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = 0 [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6816] <... futex resumed>) = 1 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6816] lseek(4, 0, SEEK_END) = 2048 [pid 6816] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] <... futex resumed>) = 0 [pid 6816] open("./bus", O_RDONLY [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... open resumed>) = 5 [pid 6815] <... futex resumed>) = 0 [pid 6816] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 276.088866][ T6816] loop0: detected capacity change from 0 to 4096 [ 276.098148][ T6816] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6816] <... futex resumed>) = 0 [pid 6815] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6816] sendfile(4, 5, NULL, 145139829833722 [pid 6815] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6815] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6815] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6815] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6815] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6817 attached , parent_tid=[6817], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6817 [pid 6815] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6815] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] set_robust_list(0x7f549a0769e0, 24) = 0 [ 276.138547][ T27] audit: type=1804 audit(1671454856.879:577): pid=6816 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/575/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6817] sendfile(4, 5, NULL, 145139829833722 [pid 6815] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6815] exit_group(0) = ? [pid 6817] <... sendfile resumed>) = ? [pid 6817] +++ exited with 0 +++ [pid 6816] <... sendfile resumed>) = ? [pid 6816] +++ exited with 0 +++ [pid 6815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6815, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./575", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./575/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./575/binderfs") = 0 umount2("./575/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./575/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./575/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./575/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./575/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./575/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./575") = 0 mkdir("./576", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6818 ./strace-static-x86_64: Process 6818 attached [pid 6818] set_robust_list(0x5555556365e0, 24) = 0 [pid 6818] chdir("./576") = 0 [pid 6818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6818] setpgid(0, 0) = 0 [pid 6818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6818] write(3, "1000", 4) = 4 [pid 6818] close(3) = 0 [pid 6818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6818] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6818] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6819 attached , parent_tid=[6819], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6819 [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6819] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6819] memfd_create("syzkaller", 0) = 3 [pid 6819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6819] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6819] munmap(0x7f5499e77000, 2097152) = 0 [pid 6819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6819] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6819] close(3) = 0 [pid 6819] mkdir("./bus", 0777) = 0 [pid 6819] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6819] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6819] chdir("./bus") = 0 [pid 6819] ioctl(4, LOOP_CLR_FD) = 0 [pid 6819] close(4) = 0 [pid 6819] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] <... futex resumed>) = 0 [pid 6819] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6819] creat("./bus", 000 [pid 6818] <... futex resumed>) = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] <... creat resumed>) = 4 [pid 6819] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] <... futex resumed>) = 0 [pid 6819] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... fcntl resumed>) = 0 [pid 6818] <... futex resumed>) = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] <... futex resumed>) = 0 [pid 6819] ftruncate(4, 2048 [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] <... ftruncate resumed>) = 0 [ 276.466093][ T6819] loop0: detected capacity change from 0 to 4096 [ 276.475334][ T6819] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6819] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] <... futex resumed>) = 0 [pid 6819] lseek(4, 0, SEEK_END [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... lseek resumed>) = 2048 [pid 6818] <... futex resumed>) = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6818] <... futex resumed>) = 0 [pid 6819] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6819] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] open("./bus", O_RDONLY) = 5 [pid 6819] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] <... futex resumed>) = 0 [pid 6818] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6819] <... futex resumed>) = 1 [pid 6819] sendfile(4, 5, NULL, 145139829833722 [pid 6818] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6818] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6818] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6818] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6818] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6820], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6820 ./strace-static-x86_64: Process 6820 attached [pid 6818] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6818] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] set_robust_list(0x7f549a0769e0, 24) = 0 [ 276.531531][ T27] audit: type=1804 audit(1671454857.279:578): pid=6819 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/576/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6820] sendfile(4, 5, NULL, 145139829833722 [pid 6818] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6818] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6818] exit_group(0) = ? [pid 6820] <... sendfile resumed>) = ? [pid 6819] <... sendfile resumed>) = ? [pid 6819] +++ exited with 0 +++ [pid 6820] +++ exited with 0 +++ [pid 6818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6818, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./576", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./576/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./576/binderfs") = 0 umount2("./576/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./576/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./576/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./576/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./576/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./576/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./576") = 0 mkdir("./577", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6821 ./strace-static-x86_64: Process 6821 attached [pid 6821] set_robust_list(0x5555556365e0, 24) = 0 [pid 6821] chdir("./577") = 0 [pid 6821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6821] setpgid(0, 0) = 0 [pid 6821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6821] write(3, "1000", 4) = 4 [pid 6821] close(3) = 0 [pid 6821] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6821] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6822 attached , parent_tid=[6822], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6822 [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6822] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6822] memfd_create("syzkaller", 0) = 3 [pid 6822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6822] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6822] munmap(0x7f5499e77000, 2097152) = 0 [pid 6822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6822] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6822] close(3) = 0 [pid 6822] mkdir("./bus", 0777) = 0 [pid 6822] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6822] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6822] chdir("./bus") = 0 [pid 6822] ioctl(4, LOOP_CLR_FD) = 0 [pid 6822] close(4) = 0 [pid 6822] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6821] <... futex resumed>) = 0 [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] creat("./bus", 000) = 4 [pid 6822] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6821] <... futex resumed>) = 0 [pid 6822] <... fcntl resumed>) = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] ftruncate(4, 2048 [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... ftruncate resumed>) = 0 [pid 6822] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] lseek(4, 0, SEEK_END [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] <... lseek resumed>) = 2048 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] open("./bus", O_RDONLY [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6822] <... open resumed>) = 5 [ 276.866433][ T6822] loop0: detected capacity change from 0 to 4096 [ 276.875741][ T6822] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6822] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6821] <... futex resumed>) = 0 [pid 6822] sendfile(4, 5, NULL, 145139829833722 [pid 6821] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6821] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6821] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6821] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6823], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6823 [pid 6821] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 276.921776][ T27] audit: type=1804 audit(1671454857.669:579): pid=6822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/577/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6821] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6823 attached [pid 6823] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6823] sendfile(4, 5, NULL, 145139829833722 [pid 6821] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6821] exit_group(0) = ? [pid 6822] <... sendfile resumed>) = ? [pid 6822] +++ exited with 0 +++ [pid 6823] <... sendfile resumed>) = ? [pid 6823] +++ exited with 0 +++ [pid 6821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6821, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./577", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./577/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./577/binderfs") = 0 umount2("./577/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./577/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./577/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./577/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./577/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./577/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./577") = 0 mkdir("./578", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6824 ./strace-static-x86_64: Process 6824 attached [pid 6824] set_robust_list(0x5555556365e0, 24) = 0 [pid 6824] chdir("./578") = 0 [pid 6824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6824] setpgid(0, 0) = 0 [pid 6824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6824] write(3, "1000", 4) = 4 [pid 6824] close(3) = 0 [pid 6824] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6824] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6824] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6825 attached , parent_tid=[6825], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6825 [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6825] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6825] memfd_create("syzkaller", 0) = 3 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6825] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6825] munmap(0x7f5499e77000, 2097152) = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6825] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6825] close(3) = 0 [pid 6825] mkdir("./bus", 0777) = 0 [pid 6825] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6825] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6825] chdir("./bus") = 0 [pid 6825] ioctl(4, LOOP_CLR_FD) = 0 [pid 6825] close(4) = 0 [pid 6825] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6825] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... futex resumed>) = 0 [pid 6825] creat("./bus", 000) = 4 [pid 6825] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... futex resumed>) = 1 [pid 6825] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6825] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... futex resumed>) = 1 [pid 6825] ftruncate(4, 2048) = 0 [pid 6825] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6825] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] lseek(4, 0, SEEK_END) = 2048 [pid 6825] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... futex resumed>) = 1 [pid 6825] open("./bus", O_RDONLY) = 5 [pid 6825] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6824] <... futex resumed>) = 0 [pid 6825] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6824] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6824] <... futex resumed>) = 0 [pid 6825] sendfile(4, 5, NULL, 145139829833722 [ 277.250321][ T6825] loop0: detected capacity change from 0 to 4096 [ 277.259998][ T6825] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6824] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6824] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6824] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6824] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6826], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6826 ./strace-static-x86_64: Process 6826 attached [pid 6824] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6826] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6826] sendfile(4, 5, NULL, 145139829833722 [pid 6824] <... futex resumed>) = 0 [pid 6824] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6824] exit_group(0) = ? [pid 6825] <... sendfile resumed>) = ? [pid 6825] +++ exited with 0 +++ [pid 6826] <... sendfile resumed>) = ? [pid 6826] +++ exited with 0 +++ [pid 6824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6824, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./578", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./578/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./578/binderfs") = 0 umount2("./578/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./578/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./578/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./578/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./578/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./578/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./578") = 0 mkdir("./579", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6827 ./strace-static-x86_64: Process 6827 attached [pid 6827] set_robust_list(0x5555556365e0, 24) = 0 [pid 6827] chdir("./579") = 0 [pid 6827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6827] setpgid(0, 0) = 0 [pid 6827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6827] write(3, "1000", 4) = 4 [pid 6827] close(3) = 0 [pid 6827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6827] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6827] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6828 attached , parent_tid=[6828], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6828 [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6828] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6828] memfd_create("syzkaller", 0) = 3 [pid 6828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6828] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6828] munmap(0x7f5499e77000, 2097152) = 0 [pid 6828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6828] close(3) = 0 [pid 6828] mkdir("./bus", 0777) = 0 [pid 6828] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6828] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6828] chdir("./bus") = 0 [pid 6828] ioctl(4, LOOP_CLR_FD) = 0 [pid 6828] close(4) = 0 [pid 6828] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6828] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6827] <... futex resumed>) = 0 [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] <... futex resumed>) = 0 [pid 6828] creat("./bus", 000) = 4 [pid 6828] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] <... fcntl resumed>) = 0 [pid 6828] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6828] <... futex resumed>) = 0 [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] ftruncate(4, 2048 [pid 6827] <... futex resumed>) = 0 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] <... ftruncate resumed>) = 0 [pid 6828] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6828] lseek(4, 0, SEEK_END [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6828] <... lseek resumed>) = 2048 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6828] open("./bus", O_RDONLY) = 5 [pid 6828] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6827] <... futex resumed>) = 0 [pid 6827] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 277.637953][ T6828] loop0: detected capacity change from 0 to 4096 [ 277.648384][ T6828] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6828] sendfile(4, 5, NULL, 145139829833722 [pid 6827] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6827] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6827] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6827] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6829], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6829 [pid 6827] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6827] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6829 attached [pid 6829] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6829] sendfile(4, 5, NULL, 145139829833722 [pid 6827] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6827] exit_group(0) = ? [pid 6828] <... sendfile resumed>) = ? [pid 6828] +++ exited with 0 +++ [pid 6829] <... sendfile resumed>) = ? [pid 6829] +++ exited with 0 +++ [pid 6827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6827, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./579", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./579/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./579/binderfs") = 0 umount2("./579/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./579/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./579/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./579/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./579/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./579/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./579") = 0 mkdir("./580", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6830 ./strace-static-x86_64: Process 6830 attached [pid 6830] set_robust_list(0x5555556365e0, 24) = 0 [pid 6830] chdir("./580") = 0 [pid 6830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6830] setpgid(0, 0) = 0 [pid 6830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6830] write(3, "1000", 4) = 4 [pid 6830] close(3) = 0 [pid 6830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6830] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6830] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6831], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6831 [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6831 attached [pid 6831] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6831] memfd_create("syzkaller", 0) = 3 [pid 6831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6831] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6831] munmap(0x7f5499e77000, 2097152) = 0 [pid 6831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6831] close(3) = 0 [pid 6831] mkdir("./bus", 0777) = 0 [pid 6831] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6831] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6831] chdir("./bus") = 0 [pid 6831] ioctl(4, LOOP_CLR_FD) = 0 [pid 6831] close(4) = 0 [pid 6831] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6831] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6830] <... futex resumed>) = 0 [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... futex resumed>) = 0 [pid 6830] <... futex resumed>) = 1 [pid 6831] creat("./bus", 000 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] <... creat resumed>) = 4 [pid 6831] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = 0 [pid 6831] <... futex resumed>) = 1 [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6830] <... futex resumed>) = 0 [pid 6831] <... fcntl resumed>) = 0 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6831] ftruncate(4, 2048 [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] <... ftruncate resumed>) = 0 [pid 6831] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6830] <... futex resumed>) = 0 [pid 6831] lseek(4, 0, SEEK_END [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... lseek resumed>) = 2048 [pid 6830] <... futex resumed>) = 0 [pid 6831] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] <... futex resumed>) = 0 [pid 6830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6831] open("./bus", O_RDONLY [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] <... open resumed>) = 5 [pid 6830] <... futex resumed>) = 0 [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6831] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6831] <... futex resumed>) = 0 [pid 6830] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6831] sendfile(4, 5, NULL, 145139829833722 [pid 6830] <... futex resumed>) = 0 [ 278.022171][ T6831] loop0: detected capacity change from 0 to 4096 [ 278.032562][ T6831] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6830] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6830] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6830] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6830] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6832], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6832 [pid 6830] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6830] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6832 attached [pid 6832] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6832] sendfile(4, 5, NULL, 145139829833722 [pid 6830] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6830] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6830] exit_group(0) = ? [pid 6832] <... sendfile resumed>) = ? [pid 6832] +++ exited with 0 +++ [pid 6831] <... sendfile resumed>) = ? [pid 6831] +++ exited with 0 +++ [pid 6830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6830, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./580", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./580/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./580/binderfs") = 0 umount2("./580/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./580/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./580/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./580/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./580/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./580/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./580") = 0 mkdir("./581", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6833 ./strace-static-x86_64: Process 6833 attached [pid 6833] set_robust_list(0x5555556365e0, 24) = 0 [pid 6833] chdir("./581") = 0 [pid 6833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6833] setpgid(0, 0) = 0 [pid 6833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6833] write(3, "1000", 4) = 4 [pid 6833] close(3) = 0 [pid 6833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6833] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6833] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6834], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6834 [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6834 attached [pid 6834] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6834] memfd_create("syzkaller", 0) = 3 [pid 6834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6834] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6834] munmap(0x7f5499e77000, 2097152) = 0 [pid 6834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6834] close(3) = 0 [pid 6834] mkdir("./bus", 0777) = 0 [pid 6834] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6834] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6834] chdir("./bus") = 0 [pid 6834] ioctl(4, LOOP_CLR_FD) = 0 [pid 6834] close(4) = 0 [pid 6834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6833] <... futex resumed>) = 0 [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] creat("./bus", 000) = 4 [pid 6834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... futex resumed>) = 0 [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... futex resumed>) = 1 [pid 6834] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... futex resumed>) = 0 [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... futex resumed>) = 1 [pid 6834] ftruncate(4, 2048) = 0 [pid 6834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... futex resumed>) = 0 [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = 1 [pid 6833] <... futex resumed>) = 0 [pid 6834] lseek(4, 0, SEEK_END [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... lseek resumed>) = 2048 [pid 6834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6833] <... futex resumed>) = 0 [ 278.401615][ T6834] loop0: detected capacity change from 0 to 4096 [ 278.410646][ T6834] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6834] open("./bus", O_RDONLY [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... open resumed>) = 5 [pid 6833] <... futex resumed>) = 0 [pid 6834] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6834] <... futex resumed>) = 0 [pid 6833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6834] sendfile(4, 5, NULL, 145139829833722 [pid 6833] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6833] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6833] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6833] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6835], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6835 [pid 6833] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6833] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6835 attached [pid 6835] set_robust_list(0x7f549a0769e0, 24) = 0 [ 278.462566][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 278.462581][ T27] audit: type=1804 audit(1671454859.209:583): pid=6834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/581/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6835] sendfile(4, 5, NULL, 145139829833722 [pid 6833] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6833] exit_group(0) = ? [pid 6835] <... sendfile resumed>) = ? [pid 6835] +++ exited with 0 +++ [pid 6834] <... sendfile resumed>) = ? [pid 6834] +++ exited with 0 +++ [pid 6833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6833, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./581", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./581/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./581/binderfs") = 0 umount2("./581/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./581/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./581/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./581/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./581/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./581/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./581") = 0 mkdir("./582", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6836 ./strace-static-x86_64: Process 6836 attached [pid 6836] set_robust_list(0x5555556365e0, 24) = 0 [pid 6836] chdir("./582") = 0 [pid 6836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6836] setpgid(0, 0) = 0 [pid 6836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6836] write(3, "1000", 4) = 4 [pid 6836] close(3) = 0 [pid 6836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6836] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6836] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6837], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6837 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6837 attached [pid 6837] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6837] memfd_create("syzkaller", 0) = 3 [pid 6837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6837] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6837] munmap(0x7f5499e77000, 2097152) = 0 [pid 6837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6837] close(3) = 0 [pid 6837] mkdir("./bus", 0777) = 0 [pid 6837] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6837] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6837] chdir("./bus") = 0 [pid 6837] ioctl(4, LOOP_CLR_FD) = 0 [pid 6837] close(4) = 0 [pid 6837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... futex resumed>) = 1 [pid 6837] creat("./bus", 000) = 4 [pid 6837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... futex resumed>) = 1 [pid 6837] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... futex resumed>) = 1 [pid 6837] ftruncate(4, 2048) = 0 [pid 6837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... futex resumed>) = 1 [pid 6837] lseek(4, 0, SEEK_END) = 2048 [pid 6837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] <... futex resumed>) = 0 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... futex resumed>) = 1 [ 278.781790][ T6837] loop0: detected capacity change from 0 to 4096 [ 278.791496][ T6837] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6837] open("./bus", O_RDONLY) = 5 [pid 6837] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6837] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6836] <... futex resumed>) = 0 [pid 6836] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6836] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6837] <... futex resumed>) = 0 [ 278.829080][ T27] audit: type=1804 audit(1671454859.569:584): pid=6837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/582/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6837] sendfile(4, 5, NULL, 145139829833722 [pid 6836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6836] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6836] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6836] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6838 attached , parent_tid=[6838], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6838 [pid 6836] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6836] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6838] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6838] sendfile(4, 5, NULL, 145139829833722 [pid 6836] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6836] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6836] exit_group(0) = ? [pid 6837] <... sendfile resumed>) = ? [pid 6837] +++ exited with 0 +++ [pid 6838] <... sendfile resumed>) = ? [pid 6838] +++ exited with 0 +++ [pid 6836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6836, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- umount2("./582", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./582/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./582/binderfs") = 0 umount2("./582/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./582/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./582/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./582/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./582/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./582/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./582") = 0 mkdir("./583", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6839 ./strace-static-x86_64: Process 6839 attached [pid 6839] set_robust_list(0x5555556365e0, 24) = 0 [pid 6839] chdir("./583") = 0 [pid 6839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6839] setpgid(0, 0) = 0 [pid 6839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6839] write(3, "1000", 4) = 4 [pid 6839] close(3) = 0 [pid 6839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6839] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6839] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6840 attached , parent_tid=[6840], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6840 [pid 6840] set_robust_list(0x7f54a22979e0, 24 [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6840] <... set_robust_list resumed>) = 0 [pid 6840] memfd_create("syzkaller", 0) = 3 [pid 6840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6840] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6840] munmap(0x7f5499e77000, 2097152) = 0 [pid 6840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6840] close(3) = 0 [pid 6840] mkdir("./bus", 0777) = 0 [pid 6840] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6840] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6840] chdir("./bus") = 0 [pid 6840] ioctl(4, LOOP_CLR_FD) = 0 [pid 6840] close(4) = 0 [pid 6840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6840] creat("./bus", 000) = 4 [pid 6840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6840] ftruncate(4, 2048) = 0 [pid 6840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6840] lseek(4, 0, SEEK_END) = 2048 [pid 6840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 279.161992][ T6840] loop0: detected capacity change from 0 to 4096 [ 279.171310][ T6840] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6840] open("./bus", O_RDONLY) = 5 [pid 6840] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6840] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6839] <... futex resumed>) = 0 [pid 6839] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6839] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6840] <... futex resumed>) = 0 [pid 6840] sendfile(4, 5, NULL, 145139829833722 [pid 6839] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6839] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6839] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6839] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6841 attached , parent_tid=[6841], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6841 [pid 6839] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 279.216422][ T27] audit: type=1804 audit(1671454859.959:585): pid=6840 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/583/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6839] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6841] sendfile(4, 5, NULL, 145139829833722 [pid 6839] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6839] exit_group(0) = ? [pid 6841] <... sendfile resumed>) = ? [pid 6841] +++ exited with 0 +++ [pid 6840] <... sendfile resumed>) = ? [pid 6840] +++ exited with 0 +++ [pid 6839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6839, si_uid=0, si_status=0, si_utime=0, si_stime=15 /* 0.15 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./583", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./583/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./583/binderfs") = 0 umount2("./583/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./583/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./583/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./583/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./583/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./583/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./583") = 0 mkdir("./584", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6842 ./strace-static-x86_64: Process 6842 attached [pid 6842] set_robust_list(0x5555556365e0, 24) = 0 [pid 6842] chdir("./584") = 0 [pid 6842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6842] setpgid(0, 0) = 0 [pid 6842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6842] write(3, "1000", 4) = 4 [pid 6842] close(3) = 0 [pid 6842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6842] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6842] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6843], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6843 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6843 attached [pid 6843] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6843] memfd_create("syzkaller", 0) = 3 [pid 6843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6843] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6843] munmap(0x7f5499e77000, 2097152) = 0 [pid 6843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6843] close(3) = 0 [pid 6843] mkdir("./bus", 0777) = 0 [pid 6843] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6843] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6843] chdir("./bus") = 0 [pid 6843] ioctl(4, LOOP_CLR_FD) = 0 [pid 6843] close(4) = 0 [pid 6843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6843] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... futex resumed>) = 0 [pid 6843] creat("./bus", 000) = 4 [pid 6843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... futex resumed>) = 1 [pid 6843] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... futex resumed>) = 1 [pid 6843] ftruncate(4, 2048) = 0 [pid 6843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... futex resumed>) = 1 [pid 6843] lseek(4, 0, SEEK_END) = 2048 [pid 6843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... futex resumed>) = 1 [ 279.531957][ T6843] loop0: detected capacity change from 0 to 4096 [ 279.541806][ T6843] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6843] open("./bus", O_RDONLY) = 5 [pid 6843] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] <... futex resumed>) = 0 [pid 6842] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6843] <... futex resumed>) = 1 [pid 6843] sendfile(4, 5, NULL, 145139829833722 [pid 6842] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6842] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6842] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6842] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6842] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6844], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6844 [pid 6842] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6842] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6844 attached [pid 6844] set_robust_list(0x7f549a0769e0, 24) = 0 [ 279.581109][ T27] audit: type=1804 audit(1671454860.329:586): pid=6843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/584/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6844] sendfile(4, 5, NULL, 145139829833722 [pid 6842] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6842] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6842] exit_group(0) = ? [pid 6844] <... sendfile resumed>) = ? [pid 6844] +++ exited with 0 +++ [pid 6843] <... sendfile resumed>) = ? [pid 6843] +++ exited with 0 +++ [pid 6842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6842, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./584", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./584/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./584/binderfs") = 0 umount2("./584/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./584/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./584/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./584/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./584/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./584/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./584") = 0 mkdir("./585", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6845 ./strace-static-x86_64: Process 6845 attached [pid 6845] set_robust_list(0x5555556365e0, 24) = 0 [pid 6845] chdir("./585") = 0 [pid 6845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6845] setpgid(0, 0) = 0 [pid 6845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6845] write(3, "1000", 4) = 4 [pid 6845] close(3) = 0 [pid 6845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6845] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6845] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6846 attached , parent_tid=[6846], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6846 [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6846] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6846] memfd_create("syzkaller", 0) = 3 [pid 6846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6846] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6846] munmap(0x7f5499e77000, 2097152) = 0 [pid 6846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6846] close(3) = 0 [pid 6846] mkdir("./bus", 0777) = 0 [pid 6846] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6846] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6846] chdir("./bus") = 0 [pid 6846] ioctl(4, LOOP_CLR_FD) = 0 [pid 6846] close(4) = 0 [pid 6846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = 0 [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] <... futex resumed>) = 1 [pid 6846] creat("./bus", 000) = 4 [pid 6846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = 0 [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] <... futex resumed>) = 1 [pid 6846] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = 0 [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] <... futex resumed>) = 1 [pid 6846] ftruncate(4, 2048) = 0 [pid 6846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] <... futex resumed>) = 0 [pid 6846] <... futex resumed>) = 1 [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] lseek(4, 0, SEEK_END [pid 6845] <... futex resumed>) = 0 [pid 6846] <... lseek resumed>) = 2048 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6845] <... futex resumed>) = 0 [pid 6846] open("./bus", O_RDONLY [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6846] <... open resumed>) = 5 [pid 6845] <... futex resumed>) = 0 [pid 6846] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 279.912786][ T6846] loop0: detected capacity change from 0 to 4096 [ 279.922484][ T6846] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6846] <... futex resumed>) = 0 [pid 6845] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6846] sendfile(4, 5, NULL, 145139829833722 [pid 6845] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6845] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6845] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6845] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6847 attached , parent_tid=[6847], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6847 [pid 6845] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 279.967191][ T27] audit: type=1804 audit(1671454860.709:587): pid=6846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/585/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6845] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6847] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6847] sendfile(4, 5, NULL, 145139829833722 [pid 6845] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6845] exit_group(0) = ? [pid 6847] <... sendfile resumed>) = ? [pid 6847] +++ exited with 0 +++ [pid 6846] <... sendfile resumed>) = ? [pid 6846] +++ exited with 0 +++ [pid 6845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6845, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./585", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./585/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./585/binderfs") = 0 umount2("./585/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./585/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./585/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./585/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./585/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./585/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./585") = 0 mkdir("./586", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6848 ./strace-static-x86_64: Process 6848 attached [pid 6848] set_robust_list(0x5555556365e0, 24) = 0 [pid 6848] chdir("./586") = 0 [pid 6848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6848] setpgid(0, 0) = 0 [pid 6848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6848] write(3, "1000", 4) = 4 [pid 6848] close(3) = 0 [pid 6848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6848] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6848] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6849], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6849 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6849 attached ) = 0 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6849] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6849] memfd_create("syzkaller", 0) = 3 [pid 6849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6849] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6849] munmap(0x7f5499e77000, 2097152) = 0 [pid 6849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6849] close(3) = 0 [pid 6849] mkdir("./bus", 0777) = 0 [pid 6849] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6849] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6849] chdir("./bus") = 0 [pid 6849] ioctl(4, LOOP_CLR_FD) = 0 [pid 6849] close(4) = 0 [pid 6849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6849] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] <... futex resumed>) = 0 [pid 6849] creat("./bus", 000) = 4 [pid 6849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6848] <... futex resumed>) = 0 [pid 6849] <... fcntl resumed>) = 0 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6849] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] ftruncate(4, 2048 [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] <... ftruncate resumed>) = 0 [pid 6849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] lseek(4, 0, SEEK_END) = 2048 [pid 6849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] open("./bus", O_RDONLY) = 5 [pid 6849] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 280.294861][ T6849] loop0: detected capacity change from 0 to 4096 [ 280.303848][ T6849] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6849] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6848] <... futex resumed>) = 0 [pid 6848] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6848] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6849] <... futex resumed>) = 0 [pid 6849] sendfile(4, 5, NULL, 145139829833722 [pid 6848] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6848] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6848] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6848] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6850 attached , parent_tid=[6850], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6850 [pid 6850] set_robust_list(0x7f549a0769e0, 24 [pid 6848] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... set_robust_list resumed>) = 0 [pid 6848] <... futex resumed>) = 0 [pid 6850] sendfile(4, 5, NULL, 145139829833722 [ 280.352251][ T27] audit: type=1804 audit(1671454861.099:588): pid=6849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/586/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6848] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6848] exit_group(0) = ? [pid 6850] <... sendfile resumed>) = ? [pid 6850] +++ exited with 0 +++ [pid 6849] <... sendfile resumed>) = ? [pid 6849] +++ exited with 0 +++ [pid 6848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6848, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./586", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./586/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./586/binderfs") = 0 umount2("./586/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./586/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./586/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./586/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./586/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./586/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./586") = 0 mkdir("./587", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6851 ./strace-static-x86_64: Process 6851 attached [pid 6851] set_robust_list(0x5555556365e0, 24) = 0 [pid 6851] chdir("./587") = 0 [pid 6851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6851] setpgid(0, 0) = 0 [pid 6851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6851] write(3, "1000", 4) = 4 [pid 6851] close(3) = 0 [pid 6851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6851] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6851] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6852 attached , parent_tid=[6852], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6852 [pid 6852] set_robust_list(0x7f54a22979e0, 24 [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6852] <... set_robust_list resumed>) = 0 [pid 6852] memfd_create("syzkaller", 0) = 3 [pid 6852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6852] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6852] munmap(0x7f5499e77000, 2097152) = 0 [pid 6852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6852] close(3) = 0 [pid 6852] mkdir("./bus", 0777) = 0 [pid 6852] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6852] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6852] chdir("./bus") = 0 [pid 6852] ioctl(4, LOOP_CLR_FD) = 0 [pid 6852] close(4) = 0 [pid 6852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6851] <... futex resumed>) = 0 [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... futex resumed>) = 1 [pid 6852] creat("./bus", 000) = 4 [pid 6852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6851] <... futex resumed>) = 0 [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... futex resumed>) = 1 [pid 6852] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6851] <... futex resumed>) = 0 [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... futex resumed>) = 1 [pid 6852] ftruncate(4, 2048) = 0 [pid 6852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6851] <... futex resumed>) = 0 [pid 6852] lseek(4, 0, SEEK_END [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... lseek resumed>) = 2048 [pid 6851] <... futex resumed>) = 0 [pid 6852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [ 280.671795][ T6852] loop0: detected capacity change from 0 to 4096 [ 280.681338][ T6852] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] <... futex resumed>) = 0 [pid 6851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6852] open("./bus", O_RDONLY [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] <... open resumed>) = 5 [pid 6852] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6852] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6851] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... futex resumed>) = 0 [pid 6851] <... futex resumed>) = 1 [pid 6852] sendfile(4, 5, NULL, 145139829833722 [pid 6851] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 280.734225][ T27] audit: type=1804 audit(1671454861.479:589): pid=6852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/587/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6851] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6851] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6851] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6853], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6853 [pid 6851] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6853 attached [pid 6853] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6853] sendfile(4, 5, NULL, 145139829833722 [pid 6851] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6851] exit_group(0) = ? [pid 6852] <... sendfile resumed>) = ? [pid 6852] +++ exited with 0 +++ [pid 6853] <... sendfile resumed>) = ? [pid 6853] +++ exited with 0 +++ [pid 6851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6851, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./587", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./587/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./587/binderfs") = 0 umount2("./587/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./587/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./587/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./587/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./587/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./587/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./587") = 0 mkdir("./588", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6854 ./strace-static-x86_64: Process 6854 attached [pid 6854] set_robust_list(0x5555556365e0, 24) = 0 [pid 6854] chdir("./588") = 0 [pid 6854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6854] setpgid(0, 0) = 0 [pid 6854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6854] write(3, "1000", 4) = 4 [pid 6854] close(3) = 0 [pid 6854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6854] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6854] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6855], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6855 [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6855 attached [pid 6855] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6855] memfd_create("syzkaller", 0) = 3 [pid 6855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6855] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6855] munmap(0x7f5499e77000, 2097152) = 0 [pid 6855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6855] close(3) = 0 [pid 6855] mkdir("./bus", 0777) = 0 [pid 6855] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6855] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6855] chdir("./bus") = 0 [pid 6855] ioctl(4, LOOP_CLR_FD) = 0 [pid 6855] close(4) = 0 [pid 6855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] creat("./bus", 000) = 4 [pid 6855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] ftruncate(4, 2048) = 0 [pid 6855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6854] <... futex resumed>) = 0 [pid 6855] lseek(4, 0, SEEK_END [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] <... lseek resumed>) = 2048 [pid 6855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] <... futex resumed>) = 1 [pid 6854] <... futex resumed>) = 0 [ 281.072405][ T6855] loop0: detected capacity change from 0 to 4096 [ 281.082024][ T6855] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6855] open("./bus", O_RDONLY [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] <... open resumed>) = 5 [pid 6855] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... futex resumed>) = 0 [pid 6854] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6855] <... futex resumed>) = 1 [pid 6854] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6855] sendfile(4, 5, NULL, 145139829833722 [pid 6854] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6854] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6854] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6854] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6856], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6856 [pid 6854] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6854] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6856 attached [pid 6856] set_robust_list(0x7f549a0769e0, 24) = 0 [ 281.133017][ T27] audit: type=1804 audit(1671454861.879:590): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/588/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6856] sendfile(4, 5, NULL, 145139829833722 [pid 6854] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6854] exit_group(0 [pid 6855] <... sendfile resumed>) = ? [pid 6854] <... exit_group resumed>) = ? [pid 6855] +++ exited with 0 +++ [pid 6856] <... sendfile resumed>) = ? [pid 6856] +++ exited with 0 +++ [pid 6854] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6854, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- umount2("./588", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./588/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./588/binderfs") = 0 umount2("./588/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./588/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./588/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./588/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./588/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./588/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./588") = 0 mkdir("./589", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6857 ./strace-static-x86_64: Process 6857 attached [pid 6857] set_robust_list(0x5555556365e0, 24) = 0 [pid 6857] chdir("./589") = 0 [pid 6857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6857] setpgid(0, 0) = 0 [pid 6857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6857] write(3, "1000", 4) = 4 [pid 6857] close(3) = 0 [pid 6857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6857] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6857] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6858 attached , parent_tid=[6858], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6858 [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] set_robust_list(0x7f54a22979e0, 24 [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6858] <... set_robust_list resumed>) = 0 [pid 6858] memfd_create("syzkaller", 0) = 3 [pid 6858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6858] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6858] munmap(0x7f5499e77000, 2097152) = 0 [pid 6858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6858] close(3) = 0 [pid 6858] mkdir("./bus", 0777) = 0 [pid 6858] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6858] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6858] chdir("./bus") = 0 [pid 6858] ioctl(4, LOOP_CLR_FD) = 0 [pid 6858] close(4) = 0 [pid 6858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] <... futex resumed>) = 0 [pid 6858] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6857] <... futex resumed>) = 0 [pid 6858] creat("./bus", 000 [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6858] <... creat resumed>) = 4 [pid 6858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] <... futex resumed>) = 0 [pid 6858] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... fcntl resumed>) = 0 [pid 6857] <... futex resumed>) = 0 [pid 6858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6858] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = 0 [pid 6857] <... futex resumed>) = 1 [pid 6858] ftruncate(4, 2048 [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6858] <... ftruncate resumed>) = 0 [pid 6858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] <... futex resumed>) = 0 [pid 6858] lseek(4, 0, SEEK_END [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... lseek resumed>) = 2048 [pid 6857] <... futex resumed>) = 0 [pid 6858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6858] <... futex resumed>) = 0 [pid 6857] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6858] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6857] <... futex resumed>) = 0 [pid 6858] open("./bus", O_RDONLY [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6858] <... open resumed>) = 5 [ 281.456198][ T6858] loop0: detected capacity change from 0 to 4096 [ 281.465729][ T6858] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6858] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6857] <... futex resumed>) = 0 [pid 6858] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6857] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6857] <... futex resumed>) = 0 [pid 6858] sendfile(4, 5, NULL, 145139829833722 [pid 6857] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6857] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6857] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6857] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6859 attached , parent_tid=[6859], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6859 [pid 6857] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6859] set_robust_list(0x7f549a0769e0, 24 [pid 6857] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] <... set_robust_list resumed>) = 0 [ 281.509047][ T27] audit: type=1804 audit(1671454862.249:591): pid=6858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/589/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6859] sendfile(4, 5, NULL, 145139829833722 [pid 6857] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6857] exit_group(0) = ? [pid 6859] <... sendfile resumed>) = ? [pid 6859] +++ exited with 0 +++ [pid 6858] <... sendfile resumed>) = ? [pid 6858] +++ exited with 0 +++ [pid 6857] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6857, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./589", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./589/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./589/binderfs") = 0 umount2("./589/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./589/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./589/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./589/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./589/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./589/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./589") = 0 mkdir("./590", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6860 ./strace-static-x86_64: Process 6860 attached [pid 6860] set_robust_list(0x5555556365e0, 24) = 0 [pid 6860] chdir("./590") = 0 [pid 6860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6860] setpgid(0, 0) = 0 [pid 6860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6860] write(3, "1000", 4) = 4 [pid 6860] close(3) = 0 [pid 6860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6860] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6860] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6861 attached , parent_tid=[6861], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6861 [pid 6861] set_robust_list(0x7f54a22979e0, 24 [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... set_robust_list resumed>) = 0 [pid 6860] <... futex resumed>) = 0 [pid 6861] memfd_create("syzkaller", 0 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6861] <... memfd_create resumed>) = 3 [pid 6861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6861] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6861] munmap(0x7f5499e77000, 2097152) = 0 [pid 6861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6861] close(3) = 0 [pid 6861] mkdir("./bus", 0777) = 0 [pid 6861] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6861] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6861] chdir("./bus") = 0 [pid 6861] ioctl(4, LOOP_CLR_FD) = 0 [pid 6861] close(4) = 0 [pid 6861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] <... futex resumed>) = 0 [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] <... futex resumed>) = 0 [pid 6861] creat("./bus", 000) = 4 [pid 6861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] <... futex resumed>) = 1 [ 281.833425][ T6861] loop0: detected capacity change from 0 to 4096 [ 281.842665][ T6861] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6861] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] <... futex resumed>) = 1 [pid 6861] ftruncate(4, 2048) = 0 [pid 6861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6861] <... futex resumed>) = 1 [pid 6861] lseek(4, 0, SEEK_END) = 2048 [pid 6861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6860] <... futex resumed>) = 0 [pid 6861] open("./bus", O_RDONLY [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] <... open resumed>) = 5 [pid 6861] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6860] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... futex resumed>) = 0 [pid 6860] <... futex resumed>) = 1 [pid 6861] sendfile(4, 5, NULL, 145139829833722 [pid 6860] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 281.888116][ T27] audit: type=1804 audit(1671454862.629:592): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/590/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6860] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6860] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6860] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6862 attached , parent_tid=[6862], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6862 [pid 6862] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6862] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6862] <... futex resumed>) = 0 [pid 6860] <... futex resumed>) = 1 [pid 6862] sendfile(4, 5, NULL, 145139829833722 [pid 6860] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6860] exit_group(0 [pid 6862] <... sendfile resumed>) = ? [pid 6860] <... exit_group resumed>) = ? [pid 6862] +++ exited with 0 +++ [pid 6861] <... sendfile resumed>) = ? [pid 6861] +++ exited with 0 +++ [pid 6860] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6860, si_uid=0, si_status=0, si_utime=0, si_stime=30 /* 0.30 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./590", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./590/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./590/binderfs") = 0 umount2("./590/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./590/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./590/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./590/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./590/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./590/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./590") = 0 mkdir("./591", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6863 ./strace-static-x86_64: Process 6863 attached [pid 6863] set_robust_list(0x5555556365e0, 24) = 0 [pid 6863] chdir("./591") = 0 [pid 6863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6863] setpgid(0, 0) = 0 [pid 6863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6863] write(3, "1000", 4) = 4 [pid 6863] close(3) = 0 [pid 6863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6863] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6863] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6864 attached , parent_tid=[6864], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6864 [pid 6864] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6864] memfd_create("syzkaller", 0) = 3 [pid 6864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6864] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6864] munmap(0x7f5499e77000, 2097152) = 0 [pid 6864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6864] close(3) = 0 [pid 6864] mkdir("./bus", 0777) = 0 [pid 6864] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6864] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6864] chdir("./bus") = 0 [pid 6864] ioctl(4, LOOP_CLR_FD) = 0 [pid 6864] close(4) = 0 [pid 6864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = 0 [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6864] <... futex resumed>) = 1 [pid 6864] creat("./bus", 000) = 4 [pid 6864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = 0 [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6864] <... futex resumed>) = 1 [pid 6864] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = 0 [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6864] <... futex resumed>) = 1 [pid 6864] ftruncate(4, 2048) = 0 [pid 6864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6863] <... futex resumed>) = 0 [pid 6864] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6863] <... futex resumed>) = 0 [pid 6864] lseek(4, 0, SEEK_END [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6864] <... lseek resumed>) = 2048 [pid 6864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6863] <... futex resumed>) = 0 [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6864] open("./bus", O_RDONLY) = 5 [pid 6864] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = 0 [pid 6863] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6864] <... futex resumed>) = 1 [ 282.203142][ T6864] loop0: detected capacity change from 0 to 4096 [ 282.212896][ T6864] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6864] sendfile(4, 5, NULL, 145139829833722 [pid 6863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6863] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6863] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6863] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6863] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6865 attached , parent_tid=[6865], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6865 [pid 6865] set_robust_list(0x7f549a0769e0, 24 [pid 6863] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... set_robust_list resumed>) = 0 [pid 6863] <... futex resumed>) = 0 [pid 6863] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6865] sendfile(4, 5, NULL, 145139829833722 [pid 6863] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6863] exit_group(0) = ? [pid 6865] <... sendfile resumed>) = ? [pid 6865] +++ exited with 0 +++ [pid 6864] <... sendfile resumed>) = ? [pid 6864] +++ exited with 0 +++ [pid 6863] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6863, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=27 /* 0.27 s */} --- umount2("./591", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./591/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./591/binderfs") = 0 umount2("./591/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./591/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./591/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./591/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./591/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./591/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./591") = 0 mkdir("./592", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6866 ./strace-static-x86_64: Process 6866 attached [pid 6866] set_robust_list(0x5555556365e0, 24) = 0 [pid 6866] chdir("./592") = 0 [pid 6866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6866] setpgid(0, 0) = 0 [pid 6866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6866] write(3, "1000", 4) = 4 [pid 6866] close(3) = 0 [pid 6866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6866] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6866] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6867 attached [pid 6867] set_robust_list(0x7f54a22979e0, 24 [pid 6866] <... clone resumed>, parent_tid=[6867], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6867 [pid 6867] <... set_robust_list resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6867] memfd_create("syzkaller", 0) = 3 [pid 6867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6867] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6867] munmap(0x7f5499e77000, 2097152) = 0 [pid 6867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6867] close(3) = 0 [pid 6867] mkdir("./bus", 0777) = 0 [pid 6867] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6867] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6867] chdir("./bus") = 0 [pid 6867] ioctl(4, LOOP_CLR_FD) = 0 [pid 6867] close(4) = 0 [pid 6867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... futex resumed>) = 0 [pid 6867] creat("./bus", 000) = 4 [pid 6867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... futex resumed>) = 1 [pid 6867] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... futex resumed>) = 1 [pid 6867] ftruncate(4, 2048) = 0 [pid 6867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... futex resumed>) = 1 [pid 6867] lseek(4, 0, SEEK_END) = 2048 [pid 6867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6867] <... futex resumed>) = 1 [pid 6867] open("./bus", O_RDONLY) = 5 [pid 6867] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6866] <... futex resumed>) = 0 [pid 6866] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 282.597870][ T6867] loop0: detected capacity change from 0 to 4096 [ 282.607905][ T6867] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6867] <... futex resumed>) = 1 [pid 6867] sendfile(4, 5, NULL, 145139829833722 [pid 6866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6866] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6866] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6866] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6866] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6868], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6868 [pid 6866] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6866] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6868 attached [pid 6868] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6868] sendfile(4, 5, NULL, 145139829833722 [pid 6866] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6866] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6866] exit_group(0) = ? [pid 6867] <... sendfile resumed>) = ? [pid 6868] <... sendfile resumed>) = ? [pid 6868] +++ exited with 0 +++ [pid 6867] +++ exited with 0 +++ [pid 6866] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6866, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./592", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./592/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./592/binderfs") = 0 umount2("./592/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./592/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./592/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./592/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./592/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./592/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./592") = 0 mkdir("./593", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6869 ./strace-static-x86_64: Process 6869 attached [pid 6869] set_robust_list(0x5555556365e0, 24) = 0 [pid 6869] chdir("./593") = 0 [pid 6869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6869] setpgid(0, 0) = 0 [pid 6869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6869] write(3, "1000", 4) = 4 [pid 6869] close(3) = 0 [pid 6869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6869] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6869] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6870 attached , parent_tid=[6870], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6870 [pid 6870] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6870] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6870] memfd_create("syzkaller", 0) = 3 [pid 6870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6870] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6870] munmap(0x7f5499e77000, 2097152) = 0 [pid 6870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6870] close(3) = 0 [pid 6870] mkdir("./bus", 0777) = 0 [pid 6870] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6870] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6870] chdir("./bus") = 0 [pid 6870] ioctl(4, LOOP_CLR_FD) = 0 [pid 6870] close(4) = 0 [pid 6870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6870] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] <... futex resumed>) = 0 [pid 6870] creat("./bus", 000) = 4 [pid 6870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] <... futex resumed>) = 1 [pid 6870] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] <... futex resumed>) = 1 [pid 6870] ftruncate(4, 2048) = 0 [pid 6870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] lseek(4, 0, SEEK_END) = 2048 [pid 6870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] <... futex resumed>) = 1 [pid 6870] open("./bus", O_RDONLY) = 5 [pid 6870] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6869] <... futex resumed>) = 0 [pid 6869] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] <... futex resumed>) = 1 [ 282.985210][ T6870] loop0: detected capacity change from 0 to 4096 [ 282.994737][ T6870] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6870] sendfile(4, 5, NULL, 145139829833722 [pid 6869] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6869] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6869] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6869] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6871 attached , parent_tid=[6871], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6871 [pid 6871] set_robust_list(0x7f549a0769e0, 24 [pid 6869] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6871] <... set_robust_list resumed>) = 0 [pid 6869] <... futex resumed>) = 0 [pid 6871] sendfile(4, 5, NULL, 145139829833722 [pid 6869] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6869] exit_group(0) = ? [pid 6870] <... sendfile resumed>) = ? [pid 6870] +++ exited with 0 +++ [pid 6871] <... sendfile resumed>) = ? [pid 6871] +++ exited with 0 +++ [pid 6869] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6869, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./593", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./593/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./593/binderfs") = 0 umount2("./593/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./593/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./593/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./593/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./593/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./593/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./593") = 0 mkdir("./594", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6872 ./strace-static-x86_64: Process 6872 attached [pid 6872] set_robust_list(0x5555556365e0, 24) = 0 [pid 6872] chdir("./594") = 0 [pid 6872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6872] setpgid(0, 0) = 0 [pid 6872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6872] write(3, "1000", 4) = 4 [pid 6872] close(3) = 0 [pid 6872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6872] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6872] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6873], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6873 [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6873 attached [pid 6873] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6873] memfd_create("syzkaller", 0) = 3 [pid 6873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6873] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6873] munmap(0x7f5499e77000, 2097152) = 0 [pid 6873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6873] close(3) = 0 [pid 6873] mkdir("./bus", 0777) = 0 [pid 6873] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6873] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6873] chdir("./bus") = 0 [pid 6873] ioctl(4, LOOP_CLR_FD) = 0 [pid 6873] close(4) = 0 [pid 6873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6873] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] <... futex resumed>) = 0 [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6873] <... futex resumed>) = 0 [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] creat("./bus", 000) = 4 [pid 6873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] <... futex resumed>) = 0 [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... futex resumed>) = 1 [pid 6873] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6873] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6872] <... futex resumed>) = 0 [pid 6873] ftruncate(4, 2048 [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... ftruncate resumed>) = 0 [pid 6873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6873] lseek(4, 0, SEEK_END [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] <... lseek resumed>) = 2048 [pid 6872] <... futex resumed>) = 0 [pid 6873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] <... futex resumed>) = 0 [pid 6872] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6873] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6873] open("./bus", O_RDONLY) = 5 [pid 6873] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6873] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6872] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 283.362318][ T6873] loop0: detected capacity change from 0 to 4096 [ 283.372714][ T6873] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6873] sendfile(4, 5, NULL, 145139829833722 [pid 6872] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6872] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6872] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6872] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6874 attached , parent_tid=[6874], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6874 [pid 6874] set_robust_list(0x7f549a0769e0, 24 [pid 6872] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... set_robust_list resumed>) = 0 [pid 6872] <... futex resumed>) = 0 [pid 6874] sendfile(4, 5, NULL, 145139829833722 [pid 6872] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6872] exit_group(0) = ? [pid 6874] <... sendfile resumed>) = ? [pid 6874] +++ exited with 0 +++ [pid 6873] <... sendfile resumed>) = ? [pid 6873] +++ exited with 0 +++ [pid 6872] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6872, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- umount2("./594", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./594/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./594/binderfs") = 0 umount2("./594/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./594/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./594/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./594/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./594/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./594/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./594") = 0 mkdir("./595", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6875 ./strace-static-x86_64: Process 6875 attached [pid 6875] set_robust_list(0x5555556365e0, 24) = 0 [pid 6875] chdir("./595") = 0 [pid 6875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6875] setpgid(0, 0) = 0 [pid 6875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6875] write(3, "1000", 4) = 4 [pid 6875] close(3) = 0 [pid 6875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6875] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6875] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6876], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6876 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6876 attached [pid 6876] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6876] memfd_create("syzkaller", 0) = 3 [pid 6876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6876] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6876] munmap(0x7f5499e77000, 2097152) = 0 [pid 6876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6876] close(3) = 0 [pid 6876] mkdir("./bus", 0777) = 0 [pid 6876] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6876] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6876] chdir("./bus") = 0 [pid 6876] ioctl(4, LOOP_CLR_FD) = 0 [pid 6876] close(4) = 0 [pid 6876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6875] <... futex resumed>) = 0 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6876] creat("./bus", 000) = 4 [pid 6876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6876] <... futex resumed>) = 1 [pid 6876] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6876] <... futex resumed>) = 1 [pid 6876] ftruncate(4, 2048) = 0 [pid 6876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6876] <... futex resumed>) = 1 [pid 6876] lseek(4, 0, SEEK_END) = 2048 [pid 6876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6875] <... futex resumed>) = 0 [pid 6876] <... futex resumed>) = 1 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 283.732551][ T6876] loop0: detected capacity change from 0 to 4096 [ 283.751968][ T6876] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6876] open("./bus", O_RDONLY) = 5 [pid 6876] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6876] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6875] <... futex resumed>) = 0 [pid 6875] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6876] <... futex resumed>) = 0 [pid 6876] sendfile(4, 5, NULL, 145139829833722 [pid 6875] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6875] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6875] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6875] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6875] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6877 attached , parent_tid=[6877], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6877 [pid 6875] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6875] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] set_robust_list(0x7f549a0769e0, 24) = 0 [ 283.799306][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 283.799321][ T27] audit: type=1804 audit(1671454864.539:597): pid=6876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/595/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6877] sendfile(4, 5, NULL, 145139829833722 [pid 6875] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6875] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6875] exit_group(0) = ? [pid 6876] <... sendfile resumed>) = ? [pid 6876] +++ exited with 0 +++ [pid 6877] <... sendfile resumed>) = ? [pid 6877] +++ exited with 0 +++ [pid 6875] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6875, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./595", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./595/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./595/binderfs") = 0 umount2("./595/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./595/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./595/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./595/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./595/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./595/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./595") = 0 mkdir("./596", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6878 ./strace-static-x86_64: Process 6878 attached [pid 6878] set_robust_list(0x5555556365e0, 24) = 0 [pid 6878] chdir("./596") = 0 [pid 6878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6878] setpgid(0, 0) = 0 [pid 6878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6878] write(3, "1000", 4) = 4 [pid 6878] close(3) = 0 [pid 6878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6878] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6878] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6879 attached , parent_tid=[6879], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6879 [pid 6879] set_robust_list(0x7f54a22979e0, 24 [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6879] <... set_robust_list resumed>) = 0 [pid 6879] memfd_create("syzkaller", 0) = 3 [pid 6879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6879] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6879] munmap(0x7f5499e77000, 2097152) = 0 [pid 6879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6879] close(3) = 0 [pid 6879] mkdir("./bus", 0777) = 0 [pid 6879] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6879] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6879] chdir("./bus") = 0 [pid 6879] ioctl(4, LOOP_CLR_FD) = 0 [pid 6879] close(4) = 0 [pid 6879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... futex resumed>) = 1 [pid 6879] creat("./bus", 000) = 4 [pid 6879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... futex resumed>) = 1 [pid 6879] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... futex resumed>) = 1 [pid 6879] ftruncate(4, 2048) = 0 [pid 6879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6878] <... futex resumed>) = 0 [pid 6879] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6878] <... futex resumed>) = 1 [pid 6879] lseek(4, 0, SEEK_END [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... lseek resumed>) = 2048 [ 284.127754][ T6879] loop0: detected capacity change from 0 to 4096 [ 284.137583][ T6879] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6878] <... futex resumed>) = 1 [pid 6879] open("./bus", O_RDONLY [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... open resumed>) = 5 [pid 6879] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6879] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] <... futex resumed>) = 0 [pid 6878] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] <... futex resumed>) = 0 [pid 6878] <... futex resumed>) = 1 [pid 6879] sendfile(4, 5, NULL, 145139829833722 [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6878] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6878] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6878] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6878] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6880], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6880 ./strace-static-x86_64: Process 6880 attached [pid 6880] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6880] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6880] sendfile(4, 5, NULL, 145139829833722 [ 284.189943][ T27] audit: type=1804 audit(1671454864.929:598): pid=6879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/596/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6878] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6878] exit_group(0) = ? [pid 6879] <... sendfile resumed>) = ? [pid 6879] +++ exited with 0 +++ [pid 6880] <... sendfile resumed>) = ? [pid 6880] +++ exited with 0 +++ [pid 6878] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6878, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./596", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./596/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./596/binderfs") = 0 umount2("./596/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./596/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./596/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./596/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./596/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./596/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./596") = 0 mkdir("./597", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6881 ./strace-static-x86_64: Process 6881 attached [pid 6881] set_robust_list(0x5555556365e0, 24) = 0 [pid 6881] chdir("./597") = 0 [pid 6881] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6881] setpgid(0, 0) = 0 [pid 6881] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6881] write(3, "1000", 4) = 4 [pid 6881] close(3) = 0 [pid 6881] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6881] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6881] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6882 attached [pid 6882] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6882] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6881] <... clone resumed>, parent_tid=[6882], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6882 [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6882] <... futex resumed>) = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6882] memfd_create("syzkaller", 0) = 3 [pid 6882] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6882] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6882] munmap(0x7f5499e77000, 2097152) = 0 [pid 6882] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6882] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6882] close(3) = 0 [pid 6882] mkdir("./bus", 0777) = 0 [pid 6882] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6882] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6882] chdir("./bus") = 0 [pid 6882] ioctl(4, LOOP_CLR_FD) = 0 [pid 6882] close(4) = 0 [pid 6882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6882] creat("./bus", 000 [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... creat resumed>) = 4 [pid 6882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6882] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] <... fcntl resumed>) = 0 [pid 6881] <... futex resumed>) = 0 [pid 6882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6882] ftruncate(4, 2048) = 0 [pid 6882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6882] lseek(4, 0, SEEK_END [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... lseek resumed>) = 2048 [pid 6882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6882] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6882] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6881] <... futex resumed>) = 0 [pid 6882] open("./bus", O_RDONLY [ 284.505692][ T6882] loop0: detected capacity change from 0 to 4096 [ 284.515286][ T6882] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6882] <... open resumed>) = 5 [pid 6882] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6881] <... futex resumed>) = 0 [pid 6882] sendfile(4, 5, NULL, 145139829833722 [pid 6881] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6881] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6881] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 284.565829][ T27] audit: type=1804 audit(1671454865.309:599): pid=6882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/597/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6881] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6881] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6881] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6883], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6883 ./strace-static-x86_64: Process 6883 attached [pid 6881] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6883] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6883] sendfile(4, 5, NULL, 145139829833722 [pid 6881] <... futex resumed>) = 0 [pid 6881] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6881] exit_group(0) = ? [pid 6882] <... sendfile resumed>) = ? [pid 6883] <... sendfile resumed>) = ? [pid 6883] +++ exited with 0 +++ [pid 6882] +++ exited with 0 +++ [pid 6881] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6881, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./597", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./597/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./597/binderfs") = 0 umount2("./597/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./597/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./597/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./597/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./597/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./597/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./597") = 0 mkdir("./598", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6884 ./strace-static-x86_64: Process 6884 attached [pid 6884] set_robust_list(0x5555556365e0, 24) = 0 [pid 6884] chdir("./598") = 0 [pid 6884] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6884] setpgid(0, 0) = 0 [pid 6884] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6884] write(3, "1000", 4) = 4 [pid 6884] close(3) = 0 [pid 6884] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6884] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6884] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6885 attached , parent_tid=[6885], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6885 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6885] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6885] memfd_create("syzkaller", 0) = 3 [pid 6885] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6885] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6885] munmap(0x7f5499e77000, 2097152) = 0 [pid 6885] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6885] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6885] close(3) = 0 [pid 6885] mkdir("./bus", 0777) = 0 [pid 6885] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6885] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6885] chdir("./bus") = 0 [pid 6885] ioctl(4, LOOP_CLR_FD) = 0 [pid 6885] close(4) = 0 [pid 6885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] <... futex resumed>) = 1 [pid 6885] creat("./bus", 000) = 4 [pid 6885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] <... futex resumed>) = 1 [pid 6885] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] <... futex resumed>) = 1 [pid 6885] ftruncate(4, 2048) = 0 [pid 6885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] lseek(4, 0, SEEK_END) = 2048 [pid 6885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 284.900512][ T6885] loop0: detected capacity change from 0 to 4096 [ 284.910690][ T6885] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] open("./bus", O_RDONLY) = 5 [pid 6885] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6884] <... futex resumed>) = 0 [pid 6884] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] <... futex resumed>) = 1 [pid 6885] sendfile(4, 5, NULL, 145139829833722 [pid 6884] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6884] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [ 284.956791][ T27] audit: type=1804 audit(1671454865.699:600): pid=6885 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/598/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6884] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6884] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6886 attached , parent_tid=[6886], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6886 [pid 6886] set_robust_list(0x7f549a0769e0, 24 [pid 6884] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6884] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] <... set_robust_list resumed>) = 0 [pid 6886] sendfile(4, 5, NULL, 145139829833722 [pid 6884] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6884] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6884] exit_group(0) = ? [pid 6885] <... sendfile resumed>) = ? [pid 6886] <... sendfile resumed>) = ? [pid 6886] +++ exited with 0 +++ [pid 6885] +++ exited with 0 +++ [pid 6884] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6884, si_uid=0, si_status=0, si_utime=0, si_stime=20 /* 0.20 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./598", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./598/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./598/binderfs") = 0 umount2("./598/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./598/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./598/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./598/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./598/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./598/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./598") = 0 mkdir("./599", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6887 ./strace-static-x86_64: Process 6887 attached [pid 6887] set_robust_list(0x5555556365e0, 24) = 0 [pid 6887] chdir("./599") = 0 [pid 6887] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6887] setpgid(0, 0) = 0 [pid 6887] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6887] write(3, "1000", 4) = 4 [pid 6887] close(3) = 0 [pid 6887] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6887] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6887] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6888 attached , parent_tid=[6888], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6888 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6888] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6888] memfd_create("syzkaller", 0) = 3 [pid 6888] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6888] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6888] munmap(0x7f5499e77000, 2097152) = 0 [pid 6888] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6888] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6888] close(3) = 0 [pid 6888] mkdir("./bus", 0777) = 0 [pid 6888] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6888] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6888] chdir("./bus") = 0 [pid 6888] ioctl(4, LOOP_CLR_FD) = 0 [pid 6888] close(4) = 0 [pid 6888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] <... futex resumed>) = 1 [pid 6888] creat("./bus", 000) = 4 [pid 6888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] <... futex resumed>) = 1 [pid 6888] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] <... futex resumed>) = 1 [pid 6888] ftruncate(4, 2048) = 0 [pid 6888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] <... futex resumed>) = 1 [pid 6888] lseek(4, 0, SEEK_END) = 2048 [pid 6888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... futex resumed>) = 0 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6888] <... futex resumed>) = 1 [ 285.282330][ T6888] loop0: detected capacity change from 0 to 4096 [ 285.291862][ T6888] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6888] open("./bus", O_RDONLY) = 5 [pid 6888] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6887] <... futex resumed>) = 0 [pid 6888] sendfile(4, 5, NULL, 145139829833722 [pid 6887] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 285.328672][ T27] audit: type=1804 audit(1671454866.069:601): pid=6888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/599/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6887] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6887] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6887] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6887] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6887] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6889 attached , parent_tid=[6889], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6889 [pid 6889] set_robust_list(0x7f549a0769e0, 24 [pid 6887] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... set_robust_list resumed>) = 0 [pid 6887] <... futex resumed>) = 0 [pid 6889] sendfile(4, 5, NULL, 145139829833722 [pid 6887] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6887] exit_group(0) = ? [pid 6889] <... sendfile resumed>) = ? [pid 6889] +++ exited with 0 +++ [pid 6888] <... sendfile resumed>) = ? [pid 6888] +++ exited with 0 +++ [pid 6887] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6887, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./599", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./599/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./599/binderfs") = 0 umount2("./599/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./599/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./599/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./599/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./599/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./599/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./599") = 0 mkdir("./600", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6890 ./strace-static-x86_64: Process 6890 attached [pid 6890] set_robust_list(0x5555556365e0, 24) = 0 [pid 6890] chdir("./600") = 0 [pid 6890] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6890] setpgid(0, 0) = 0 [pid 6890] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6890] write(3, "1000", 4) = 4 [pid 6890] close(3) = 0 [pid 6890] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6890] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6890] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6891 attached , parent_tid=[6891], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6891 [pid 6891] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6891] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6891] <... futex resumed>) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6891] memfd_create("syzkaller", 0) = 3 [pid 6891] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6891] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6891] munmap(0x7f5499e77000, 2097152) = 0 [pid 6891] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6891] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6891] close(3) = 0 [pid 6891] mkdir("./bus", 0777) = 0 [pid 6891] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6891] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6891] chdir("./bus") = 0 [pid 6891] ioctl(4, LOOP_CLR_FD) = 0 [pid 6891] close(4) = 0 [pid 6891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] creat("./bus", 000) = 4 [pid 6891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 285.664866][ T6891] loop0: detected capacity change from 0 to 4096 [ 285.674684][ T6891] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6891] ftruncate(4, 2048) = 0 [pid 6891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] <... futex resumed>) = 0 [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] <... futex resumed>) = 1 [pid 6891] lseek(4, 0, SEEK_END) = 2048 [pid 6891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6891] open("./bus", O_RDONLY [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6891] <... open resumed>) = 5 [pid 6890] <... futex resumed>) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6891] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6890] <... futex resumed>) = 0 [pid 6891] sendfile(4, 5, NULL, 145139829833722 [pid 6890] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6890] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6890] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6890] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6892 attached , parent_tid=[6892], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6892 [pid 6890] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6890] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6892] set_robust_list(0x7f549a0769e0, 24) = 0 [ 285.716240][ T27] audit: type=1804 audit(1671454866.459:602): pid=6891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/600/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6892] sendfile(4, 5, NULL, 145139829833722 [pid 6890] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6890] exit_group(0) = ? [pid 6892] <... sendfile resumed>) = ? [pid 6892] +++ exited with 0 +++ [pid 6891] <... sendfile resumed>) = ? [pid 6891] +++ exited with 0 +++ [pid 6890] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6890, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./600", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./600/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./600/binderfs") = 0 umount2("./600/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./600/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./600/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./600/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./600/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./600/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./600") = 0 mkdir("./601", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6893 ./strace-static-x86_64: Process 6893 attached [pid 6893] set_robust_list(0x5555556365e0, 24) = 0 [pid 6893] chdir("./601") = 0 [pid 6893] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6893] setpgid(0, 0) = 0 [pid 6893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6893] write(3, "1000", 4) = 4 [pid 6893] close(3) = 0 [pid 6893] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6893] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6893] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6894 attached [pid 6894] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6894] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6893] <... clone resumed>, parent_tid=[6894], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6894 [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] <... futex resumed>) = 0 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6894] memfd_create("syzkaller", 0) = 3 [pid 6894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6894] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6894] munmap(0x7f5499e77000, 2097152) = 0 [pid 6894] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6894] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6894] close(3) = 0 [pid 6894] mkdir("./bus", 0777) = 0 [pid 6894] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6894] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6894] chdir("./bus") = 0 [pid 6894] ioctl(4, LOOP_CLR_FD) = 0 [pid 6894] close(4) = 0 [pid 6894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6894] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6893] <... futex resumed>) = 0 [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = 0 [pid 6893] <... futex resumed>) = 1 [pid 6894] creat("./bus", 000 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6894] <... creat resumed>) = 4 [pid 6894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] <... futex resumed>) = 0 [pid 6894] <... futex resumed>) = 1 [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6893] <... futex resumed>) = 0 [pid 6894] <... fcntl resumed>) = 0 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6893] <... futex resumed>) = 0 [pid 6894] ftruncate(4, 2048 [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... ftruncate resumed>) = 0 [pid 6893] <... futex resumed>) = 0 [pid 6894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6894] <... futex resumed>) = 0 [pid 6893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6894] lseek(4, 0, SEEK_END [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... lseek resumed>) = 2048 [pid 6893] <... futex resumed>) = 0 [pid 6894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6894] <... futex resumed>) = 0 [pid 6893] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 286.050015][ T6894] loop0: detected capacity change from 0 to 4096 [ 286.059647][ T6894] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6894] open("./bus", O_RDONLY [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] <... open resumed>) = 5 [pid 6894] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6894] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6893] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] <... futex resumed>) = 0 [pid 6893] <... futex resumed>) = 1 [pid 6894] sendfile(4, 5, NULL, 145139829833722 [ 286.095762][ T27] audit: type=1804 audit(1671454866.839:603): pid=6894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/601/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6893] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6893] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6893] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6893] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6895 attached , parent_tid=[6895], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6895 [pid 6893] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] set_robust_list(0x7f549a0769e0, 24 [pid 6893] <... futex resumed>) = 0 [pid 6895] <... set_robust_list resumed>) = 0 [pid 6893] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6895] sendfile(4, 5, NULL, 145139829833722 [pid 6893] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6893] exit_group(0 [pid 6894] <... sendfile resumed>) = ? [pid 6893] <... exit_group resumed>) = ? [pid 6894] +++ exited with 0 +++ [pid 6895] <... sendfile resumed>) = ? [pid 6895] +++ exited with 0 +++ [pid 6893] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6893, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./601", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./601/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./601/binderfs") = 0 umount2("./601/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./601/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./601/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./601/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./601/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./601/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./601") = 0 mkdir("./602", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6896 ./strace-static-x86_64: Process 6896 attached [pid 6896] set_robust_list(0x5555556365e0, 24) = 0 [pid 6896] chdir("./602") = 0 [pid 6896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6896] setpgid(0, 0) = 0 [pid 6896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6896] write(3, "1000", 4) = 4 [pid 6896] close(3) = 0 [pid 6896] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6896] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6896] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6897], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6897 [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6897 attached ) = 0 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6897] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6897] memfd_create("syzkaller", 0) = 3 [pid 6897] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6897] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6897] munmap(0x7f5499e77000, 2097152) = 0 [pid 6897] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6897] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6897] close(3) = 0 [pid 6897] mkdir("./bus", 0777) = 0 [pid 6897] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6897] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6897] chdir("./bus") = 0 [pid 6897] ioctl(4, LOOP_CLR_FD) = 0 [pid 6897] close(4) = 0 [pid 6897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6897] creat("./bus", 000 [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... creat resumed>) = 4 [pid 6897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] <... futex resumed>) = 0 [pid 6897] <... futex resumed>) = 1 [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6896] <... futex resumed>) = 0 [pid 6897] <... fcntl resumed>) = 0 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] <... futex resumed>) = 0 [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] ftruncate(4, 2048 [pid 6896] <... futex resumed>) = 0 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... ftruncate resumed>) = 0 [pid 6897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6897] lseek(4, 0, SEEK_END [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... lseek resumed>) = 2048 [pid 6896] <... futex resumed>) = 0 [ 286.448086][ T6897] loop0: detected capacity change from 0 to 4096 [ 286.457663][ T6897] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... futex resumed>) = 0 [pid 6896] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] open("./bus", O_RDONLY [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... open resumed>) = 5 [pid 6896] <... futex resumed>) = 0 [pid 6897] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6897] <... futex resumed>) = 0 [pid 6896] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6897] sendfile(4, 5, NULL, 145139829833722 [pid 6896] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6896] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6896] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6896] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6898], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6898 [pid 6896] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6898 attached [pid 6898] set_robust_list(0x7f549a0769e0, 24) = 0 [ 286.497361][ T27] audit: type=1804 audit(1671454867.239:604): pid=6897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/602/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6898] sendfile(4, 5, NULL, 145139829833722 [pid 6896] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6896] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6896] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6896] exit_group(0) = ? [pid 6898] <... sendfile resumed>) = ? [pid 6898] +++ exited with 0 +++ [pid 6897] <... sendfile resumed>) = ? [pid 6897] +++ exited with 0 +++ [pid 6896] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6896, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=21 /* 0.21 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./602", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./602/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./602/binderfs") = 0 umount2("./602/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./602/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./602/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./602/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./602/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./602/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./602") = 0 mkdir("./603", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6899 ./strace-static-x86_64: Process 6899 attached [pid 6899] set_robust_list(0x5555556365e0, 24) = 0 [pid 6899] chdir("./603") = 0 [pid 6899] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6899] setpgid(0, 0) = 0 [pid 6899] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6899] write(3, "1000", 4) = 4 [pid 6899] close(3) = 0 [pid 6899] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6899] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6899] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6900], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6900 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6900 attached [pid 6900] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6900] memfd_create("syzkaller", 0) = 3 [pid 6900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6900] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6900] munmap(0x7f5499e77000, 2097152) = 0 [pid 6900] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6900] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6900] close(3) = 0 [pid 6900] mkdir("./bus", 0777) = 0 [pid 6900] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6900] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6900] chdir("./bus") = 0 [pid 6900] ioctl(4, LOOP_CLR_FD) = 0 [pid 6900] close(4) = 0 [pid 6900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] <... futex resumed>) = 1 [pid 6900] creat("./bus", 000) = 4 [ 286.818050][ T6900] loop0: detected capacity change from 0 to 4096 [ 286.828151][ T6900] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] <... futex resumed>) = 1 [pid 6900] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] <... futex resumed>) = 1 [pid 6900] ftruncate(4, 2048) = 0 [pid 6900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] <... futex resumed>) = 1 [pid 6900] lseek(4, 0, SEEK_END) = 2048 [pid 6900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] <... futex resumed>) = 1 [pid 6900] open("./bus", O_RDONLY) = 5 [pid 6900] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6900] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6899] <... futex resumed>) = 0 [pid 6899] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6899] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] <... futex resumed>) = 0 [ 286.858509][ T27] audit: type=1804 audit(1671454867.599:605): pid=6900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/603/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6900] sendfile(4, 5, NULL, 145139829833722 [pid 6899] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6899] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6899] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6899] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6899] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6901 attached [pid 6901] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6899] <... clone resumed>, parent_tid=[6901], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6901 [pid 6901] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6899] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6899] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6901] <... futex resumed>) = 0 [pid 6901] sendfile(4, 5, NULL, 145139829833722 [pid 6899] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6899] exit_group(0 [pid 6901] <... sendfile resumed>) = ? [pid 6899] <... exit_group resumed>) = ? [pid 6901] +++ exited with 0 +++ [pid 6900] <... sendfile resumed>) = ? [pid 6900] +++ exited with 0 +++ [pid 6899] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6899, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./603", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./603/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./603/binderfs") = 0 umount2("./603/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./603/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./603/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./603/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./603/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./603/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./603") = 0 mkdir("./604", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6902 ./strace-static-x86_64: Process 6902 attached [pid 6902] set_robust_list(0x5555556365e0, 24) = 0 [pid 6902] chdir("./604") = 0 [pid 6902] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6902] setpgid(0, 0) = 0 [pid 6902] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6902] write(3, "1000", 4) = 4 [pid 6902] close(3) = 0 [pid 6902] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6902] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6902] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6903], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6903 [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6903 attached [pid 6903] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6903] memfd_create("syzkaller", 0) = 3 [pid 6903] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6903] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6903] munmap(0x7f5499e77000, 2097152) = 0 [pid 6903] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6903] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6903] close(3) = 0 [pid 6903] mkdir("./bus", 0777) = 0 [pid 6903] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6903] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6903] chdir("./bus") = 0 [pid 6903] ioctl(4, LOOP_CLR_FD) = 0 [pid 6903] close(4) = 0 [pid 6903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6902] <... futex resumed>) = 0 [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] <... futex resumed>) = 0 [pid 6903] creat("./bus", 000) = 4 [pid 6903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] <... futex resumed>) = 0 [pid 6903] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] <... fcntl resumed>) = 0 [pid 6902] <... futex resumed>) = 0 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] <... futex resumed>) = 0 [pid 6903] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6903] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6902] <... futex resumed>) = 0 [pid 6903] ftruncate(4, 2048 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] <... ftruncate resumed>) = 0 [pid 6903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] <... futex resumed>) = 0 [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] lseek(4, 0, SEEK_END) = 2048 [pid 6903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] <... futex resumed>) = 0 [pid 6903] open("./bus", O_RDONLY [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 287.188990][ T6903] loop0: detected capacity change from 0 to 4096 [ 287.198215][ T6903] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] <... open resumed>) = 5 [pid 6903] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6903] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6902] <... futex resumed>) = 0 [pid 6902] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] <... futex resumed>) = 0 [pid 6903] sendfile(4, 5, NULL, 145139829833722 [pid 6902] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 287.245543][ T27] audit: type=1804 audit(1671454867.989:606): pid=6903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/604/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6902] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6902] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6902] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6902] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6902] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6904 attached [pid 6904] set_robust_list(0x7f549a0769e0, 24 [pid 6902] <... clone resumed>, parent_tid=[6904], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6904 [pid 6904] <... set_robust_list resumed>) = 0 [pid 6902] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6904] sendfile(4, 5, NULL, 145139829833722 [pid 6902] <... futex resumed>) = 0 [pid 6902] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6902] exit_group(0 [pid 6904] <... sendfile resumed>) = ? [pid 6902] <... exit_group resumed>) = ? [pid 6904] +++ exited with 0 +++ [pid 6903] <... sendfile resumed>) = ? [pid 6903] +++ exited with 0 +++ [pid 6902] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6902, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./604", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./604/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./604/binderfs") = 0 umount2("./604/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./604/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./604/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./604/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./604/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./604/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./604") = 0 mkdir("./605", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6905 attached , child_tidptr=0x5555556365d0) = 6905 [pid 6905] set_robust_list(0x5555556365e0, 24) = 0 [pid 6905] chdir("./605") = 0 [pid 6905] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6905] setpgid(0, 0) = 0 [pid 6905] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6905] write(3, "1000", 4) = 4 [pid 6905] close(3) = 0 [pid 6905] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6905] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6905] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6906], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6906 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6906 attached [pid 6906] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6906] memfd_create("syzkaller", 0) = 3 [pid 6906] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6906] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6906] munmap(0x7f5499e77000, 2097152) = 0 [pid 6906] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6906] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6906] close(3) = 0 [pid 6906] mkdir("./bus", 0777) = 0 [pid 6906] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6906] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6906] chdir("./bus") = 0 [pid 6906] ioctl(4, LOOP_CLR_FD) = 0 [pid 6906] close(4) = 0 [pid 6906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 1 [pid 6906] creat("./bus", 000) = 4 [pid 6906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 1 [pid 6906] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 1 [pid 6906] ftruncate(4, 2048) = 0 [pid 6906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 1 [pid 6906] lseek(4, 0, SEEK_END) = 2048 [pid 6906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 1 [pid 6906] open("./bus", O_RDONLY) = 5 [pid 6906] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6905] <... futex resumed>) = 0 [pid 6905] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6906] <... futex resumed>) = 1 [ 287.584359][ T6906] loop0: detected capacity change from 0 to 4096 [ 287.593846][ T6906] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6906] sendfile(4, 5, NULL, 145139829833722 [pid 6905] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6905] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6905] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6905] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6905] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6907 attached , parent_tid=[6907], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6907 [pid 6905] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] set_robust_list(0x7f549a0769e0, 24 [pid 6905] <... futex resumed>) = 0 [pid 6907] <... set_robust_list resumed>) = 0 [pid 6905] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6907] sendfile(4, 5, NULL, 145139829833722 [pid 6905] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6905] exit_group(0) = ? [pid 6906] <... sendfile resumed>) = ? [pid 6906] +++ exited with 0 +++ [pid 6907] <... sendfile resumed>) = ? [pid 6907] +++ exited with 0 +++ [pid 6905] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6905, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./605", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./605/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./605/binderfs") = 0 umount2("./605/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./605/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./605/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./605/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./605/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./605/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./605") = 0 mkdir("./606", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6908 ./strace-static-x86_64: Process 6908 attached [pid 6908] set_robust_list(0x5555556365e0, 24) = 0 [pid 6908] chdir("./606") = 0 [pid 6908] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6908] setpgid(0, 0) = 0 [pid 6908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6908] write(3, "1000", 4) = 4 [pid 6908] close(3) = 0 [pid 6908] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6908] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6908] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6909 attached , parent_tid=[6909], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6909 [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6909] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6909] memfd_create("syzkaller", 0) = 3 [pid 6909] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6909] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6909] munmap(0x7f5499e77000, 2097152) = 0 [pid 6909] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6909] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6909] close(3) = 0 [pid 6909] mkdir("./bus", 0777) = 0 [pid 6909] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6909] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6909] chdir("./bus") = 0 [pid 6909] ioctl(4, LOOP_CLR_FD) = 0 [pid 6909] close(4) = 0 [pid 6909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6909] creat("./bus", 000) = 4 [pid 6909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6909] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6908] <... futex resumed>) = 0 [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6909] <... futex resumed>) = 0 [pid 6909] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6909] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6909] ftruncate(4, 2048) = 0 [pid 6909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6908] <... futex resumed>) = 0 [pid 6909] <... futex resumed>) = 1 [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6909] lseek(4, 0, SEEK_END) = 2048 [pid 6909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6909] open("./bus", O_RDONLY [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6909] <... open resumed>) = 5 [pid 6909] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6909] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6908] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6909] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6908] <... futex resumed>) = 0 [pid 6909] sendfile(4, 5, NULL, 145139829833722 [ 287.958853][ T6909] loop0: detected capacity change from 0 to 4096 [ 287.968216][ T6909] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6908] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6908] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6908] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6908] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6910 attached , parent_tid=[6910], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6910 [pid 6908] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6908] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6910] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6910] sendfile(4, 5, NULL, 145139829833722 [pid 6908] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6908] exit_group(0) = ? [pid 6910] <... sendfile resumed>) = ? [pid 6909] <... sendfile resumed>) = ? [pid 6909] +++ exited with 0 +++ [pid 6910] +++ exited with 0 +++ [pid 6908] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6908, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./606", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./606/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./606/binderfs") = 0 umount2("./606/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./606/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./606/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./606/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./606/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./606/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./606") = 0 mkdir("./607", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6911 ./strace-static-x86_64: Process 6911 attached [pid 6911] set_robust_list(0x5555556365e0, 24) = 0 [pid 6911] chdir("./607") = 0 [pid 6911] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6911] setpgid(0, 0) = 0 [pid 6911] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6911] write(3, "1000", 4) = 4 [pid 6911] close(3) = 0 [pid 6911] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6911] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6911] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6912], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6912 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6912 attached [pid 6912] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6912] memfd_create("syzkaller", 0) = 3 [pid 6912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6912] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6912] munmap(0x7f5499e77000, 2097152) = 0 [pid 6912] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6912] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6912] close(3) = 0 [pid 6912] mkdir("./bus", 0777) = 0 [pid 6912] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6912] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6912] chdir("./bus") = 0 [pid 6912] ioctl(4, LOOP_CLR_FD) = 0 [pid 6912] close(4) = 0 [pid 6912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [pid 6912] creat("./bus", 000) = 4 [pid 6912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [pid 6912] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [pid 6912] ftruncate(4, 2048) = 0 [pid 6912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [pid 6912] lseek(4, 0, SEEK_END) = 2048 [pid 6912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [pid 6912] open("./bus", O_RDONLY) = 5 [pid 6912] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6911] <... futex resumed>) = 0 [pid 6911] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] <... futex resumed>) = 1 [ 288.338258][ T6912] loop0: detected capacity change from 0 to 4096 [ 288.347401][ T6912] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6912] sendfile(4, 5, NULL, 145139829833722 [pid 6911] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6911] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6911] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6911] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6913 attached , parent_tid=[6913], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6913 [pid 6913] set_robust_list(0x7f549a0769e0, 24 [pid 6911] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... set_robust_list resumed>) = 0 [pid 6911] <... futex resumed>) = 0 [pid 6913] sendfile(4, 5, NULL, 145139829833722 [pid 6911] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6911] exit_group(0) = ? [pid 6913] <... sendfile resumed>) = ? [pid 6912] <... sendfile resumed>) = ? [pid 6913] +++ exited with 0 +++ [pid 6912] +++ exited with 0 +++ [pid 6911] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6911, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- umount2("./607", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./607/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./607/binderfs") = 0 umount2("./607/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./607/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./607/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./607/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./607/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./607/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./607") = 0 mkdir("./608", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6914 ./strace-static-x86_64: Process 6914 attached [pid 6914] set_robust_list(0x5555556365e0, 24) = 0 [pid 6914] chdir("./608") = 0 [pid 6914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6914] setpgid(0, 0) = 0 [pid 6914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6914] write(3, "1000", 4) = 4 [pid 6914] close(3) = 0 [pid 6914] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6914] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6914] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6915 attached , parent_tid=[6915], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6915 [pid 6915] set_robust_list(0x7f54a22979e0, 24 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6915] <... set_robust_list resumed>) = 0 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6915] memfd_create("syzkaller", 0) = 3 [pid 6915] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6915] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6915] munmap(0x7f5499e77000, 2097152) = 0 [pid 6915] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6915] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6915] close(3) = 0 [pid 6915] mkdir("./bus", 0777) = 0 [pid 6915] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6915] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6915] chdir("./bus") = 0 [pid 6915] ioctl(4, LOOP_CLR_FD) = 0 [pid 6915] close(4) = 0 [pid 6915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [pid 6915] creat("./bus", 000) = 4 [pid 6915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [pid 6915] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [pid 6915] ftruncate(4, 2048) = 0 [pid 6915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [pid 6915] lseek(4, 0, SEEK_END) = 2048 [pid 6915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [pid 6915] open("./bus", O_RDONLY) = 5 [pid 6915] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6914] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6915] <... futex resumed>) = 1 [ 288.699204][ T6915] loop0: detected capacity change from 0 to 4096 [ 288.709385][ T6915] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6915] sendfile(4, 5, NULL, 145139829833722 [pid 6914] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6914] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6914] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6914] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6916], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6916 [pid 6914] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6916 attached [pid 6916] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6916] sendfile(4, 5, NULL, 145139829833722 [pid 6914] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6914] exit_group(0) = ? [pid 6916] <... sendfile resumed>) = ? [pid 6916] +++ exited with 0 +++ [pid 6915] <... sendfile resumed>) = ? [pid 6915] +++ exited with 0 +++ [pid 6914] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6914, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./608", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./608/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./608/binderfs") = 0 umount2("./608/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./608/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./608/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./608/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./608/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./608/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./608") = 0 mkdir("./609", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6917 ./strace-static-x86_64: Process 6917 attached [pid 6917] set_robust_list(0x5555556365e0, 24) = 0 [pid 6917] chdir("./609") = 0 [pid 6917] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6917] setpgid(0, 0) = 0 [pid 6917] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6917] write(3, "1000", 4) = 4 [pid 6917] close(3) = 0 [pid 6917] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6917] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6917] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6918 attached , parent_tid=[6918], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6918 [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6918] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6918] memfd_create("syzkaller", 0) = 3 [pid 6918] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6918] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6918] munmap(0x7f5499e77000, 2097152) = 0 [pid 6918] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6918] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6918] close(3) = 0 [pid 6918] mkdir("./bus", 0777) = 0 [pid 6918] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6918] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6918] chdir("./bus") = 0 [pid 6918] ioctl(4, LOOP_CLR_FD) = 0 [pid 6918] close(4) = 0 [pid 6918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6918] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6917] <... futex resumed>) = 0 [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6918] <... futex resumed>) = 0 [pid 6918] creat("./bus", 000) = 4 [pid 6918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6918] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6918] <... fcntl resumed>) = 0 [pid 6917] <... futex resumed>) = 0 [pid 6918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6918] <... futex resumed>) = 0 [pid 6917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6918] ftruncate(4, 2048 [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6918] <... ftruncate resumed>) = 0 [pid 6918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6918] lseek(4, 0, SEEK_END [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6918] <... lseek resumed>) = 2048 [pid 6918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6918] open("./bus", O_RDONLY) = 5 [ 289.083035][ T6918] loop0: detected capacity change from 0 to 4096 [ 289.092593][ T6918] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6918] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6917] <... futex resumed>) = 0 [pid 6918] sendfile(4, 5, NULL, 145139829833722 [pid 6917] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6917] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6917] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6917] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6919 attached , parent_tid=[6919], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6919 [pid 6919] set_robust_list(0x7f549a0769e0, 24 [pid 6917] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6917] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6919] <... set_robust_list resumed>) = 0 [ 289.141238][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 289.141252][ T27] audit: type=1804 audit(1671454869.889:611): pid=6918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/609/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6919] sendfile(4, 5, NULL, 145139829833722 [pid 6917] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6917] exit_group(0 [pid 6918] <... sendfile resumed>) = ? [pid 6917] <... exit_group resumed>) = ? [pid 6918] +++ exited with 0 +++ [pid 6919] <... sendfile resumed>) = ? [pid 6919] +++ exited with 0 +++ [pid 6917] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6917, si_uid=0, si_status=0, si_utime=0, si_stime=26 /* 0.26 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./609", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./609/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./609/binderfs") = 0 umount2("./609/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./609/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./609/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./609/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./609/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./609/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./609") = 0 mkdir("./610", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6920 ./strace-static-x86_64: Process 6920 attached [pid 6920] set_robust_list(0x5555556365e0, 24) = 0 [pid 6920] chdir("./610") = 0 [pid 6920] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6920] setpgid(0, 0) = 0 [pid 6920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6920] write(3, "1000", 4) = 4 [pid 6920] close(3) = 0 [pid 6920] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6920] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6920] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6921 attached , parent_tid=[6921], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6921 [pid 6921] set_robust_list(0x7f54a22979e0, 24 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6921] <... set_robust_list resumed>) = 0 [pid 6921] memfd_create("syzkaller", 0) = 3 [pid 6921] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6921] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6921] munmap(0x7f5499e77000, 2097152) = 0 [pid 6921] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6921] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6921] close(3) = 0 [pid 6921] mkdir("./bus", 0777) = 0 [pid 6921] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6921] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6921] chdir("./bus") = 0 [pid 6921] ioctl(4, LOOP_CLR_FD) = 0 [pid 6921] close(4) = 0 [pid 6921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6920] <... futex resumed>) = 0 [pid 6921] creat("./bus", 000 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] <... creat resumed>) = 4 [pid 6921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] <... futex resumed>) = 1 [pid 6921] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] <... futex resumed>) = 1 [pid 6921] ftruncate(4, 2048) = 0 [pid 6921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] <... futex resumed>) = 1 [pid 6921] lseek(4, 0, SEEK_END) = 2048 [pid 6921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6921] <... futex resumed>) = 1 [ 289.467528][ T6921] loop0: detected capacity change from 0 to 4096 [ 289.476621][ T6921] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6921] open("./bus", O_RDONLY) = 5 [pid 6921] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6921] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] <... futex resumed>) = 0 [pid 6920] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6921] <... futex resumed>) = 0 [pid 6920] <... futex resumed>) = 1 [pid 6921] sendfile(4, 5, NULL, 145139829833722 [ 289.519669][ T27] audit: type=1804 audit(1671454870.259:612): pid=6921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/610/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6920] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6920] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6920] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6920] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6922], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6922 [pid 6920] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6922 attached ) = 0 [pid 6920] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6922] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6922] sendfile(4, 5, NULL, 145139829833722 [pid 6920] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6920] exit_group(0) = ? [pid 6921] <... sendfile resumed>) = ? [pid 6921] +++ exited with 0 +++ [pid 6922] <... sendfile resumed>) = ? [pid 6922] +++ exited with 0 +++ [pid 6920] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6920, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- umount2("./610", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./610/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./610/binderfs") = 0 umount2("./610/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./610/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./610/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./610/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./610/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./610/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./610") = 0 mkdir("./611", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6923 ./strace-static-x86_64: Process 6923 attached [pid 6923] set_robust_list(0x5555556365e0, 24) = 0 [pid 6923] chdir("./611") = 0 [pid 6923] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6923] setpgid(0, 0) = 0 [pid 6923] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6923] write(3, "1000", 4) = 4 [pid 6923] close(3) = 0 [pid 6923] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6923] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6923] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6924], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6924 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6924 attached [pid 6924] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6924] memfd_create("syzkaller", 0) = 3 [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6924] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6924] munmap(0x7f5499e77000, 2097152) = 0 [pid 6924] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6924] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6924] close(3) = 0 [pid 6924] mkdir("./bus", 0777) = 0 [pid 6924] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6924] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6924] chdir("./bus") = 0 [pid 6924] ioctl(4, LOOP_CLR_FD) = 0 [pid 6924] close(4) = 0 [pid 6924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] <... futex resumed>) = 1 [pid 6924] creat("./bus", 000) = 4 [pid 6924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] ftruncate(4, 2048) = 0 [pid 6924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6924] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] lseek(4, 0, SEEK_END) = 2048 [pid 6924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] open("./bus", O_RDONLY) = 5 [pid 6924] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 289.862757][ T6924] loop0: detected capacity change from 0 to 4096 [ 289.871872][ T6924] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6924] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6923] <... futex resumed>) = 0 [pid 6923] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6924] <... futex resumed>) = 0 [pid 6924] sendfile(4, 5, NULL, 145139829833722 [pid 6923] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6923] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6923] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6923] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6923] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6925], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6925 [pid 6923] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6923] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6925 attached [pid 6925] set_robust_list(0x7f549a0769e0, 24) = 0 [ 289.919179][ T27] audit: type=1804 audit(1671454870.659:613): pid=6924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/611/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6925] sendfile(4, 5, NULL, 145139829833722 [pid 6923] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6923] exit_group(0) = ? [pid 6925] <... sendfile resumed>) = ? [pid 6925] +++ exited with 0 +++ [pid 6924] <... sendfile resumed>) = ? [pid 6924] +++ exited with 0 +++ [pid 6923] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6923, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./611", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./611/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./611/binderfs") = 0 umount2("./611/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./611/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./611/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./611/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./611/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./611/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./611") = 0 mkdir("./612", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6926 ./strace-static-x86_64: Process 6926 attached [pid 6926] set_robust_list(0x5555556365e0, 24) = 0 [pid 6926] chdir("./612") = 0 [pid 6926] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6926] setpgid(0, 0) = 0 [pid 6926] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6926] write(3, "1000", 4) = 4 [pid 6926] close(3) = 0 [pid 6926] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6926] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6926] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6927 attached , parent_tid=[6927], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6927 [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6927] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6927] memfd_create("syzkaller", 0) = 3 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6927] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6927] munmap(0x7f5499e77000, 2097152) = 0 [pid 6927] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6927] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6927] close(3) = 0 [pid 6927] mkdir("./bus", 0777) = 0 [pid 6927] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6927] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6927] chdir("./bus") = 0 [pid 6927] ioctl(4, LOOP_CLR_FD) = 0 [pid 6927] close(4) = 0 [pid 6927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6927] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] <... futex resumed>) = 0 [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = 1 [pid 6927] creat("./bus", 000 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... creat resumed>) = 4 [pid 6927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [pid 6927] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... fcntl resumed>) = 0 [pid 6926] <... futex resumed>) = 0 [pid 6927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6927] ftruncate(4, 2048 [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6927] <... ftruncate resumed>) = 0 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [pid 6927] lseek(4, 0, SEEK_END [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... lseek resumed>) = 2048 [pid 6926] <... futex resumed>) = 0 [pid 6927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... futex resumed>) = 0 [pid 6926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6927] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6926] <... futex resumed>) = 0 [ 290.232569][ T6927] loop0: detected capacity change from 0 to 4096 [ 290.251917][ T6927] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6927] open("./bus", O_RDONLY [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6927] <... open resumed>) = 5 [pid 6927] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6926] <... futex resumed>) = 0 [pid 6927] sendfile(4, 5, NULL, 145139829833722 [pid 6926] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6926] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6926] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6926] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6926] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6928 attached [pid 6928] set_robust_list(0x7f549a0769e0, 24 [pid 6926] <... clone resumed>, parent_tid=[6928], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6928 [pid 6928] <... set_robust_list resumed>) = 0 [ 290.301323][ T27] audit: type=1804 audit(1671454871.049:614): pid=6927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/612/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6926] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6928] sendfile(4, 5, NULL, 145139829833722 [pid 6926] <... futex resumed>) = 0 [pid 6926] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6926] exit_group(0) = ? [pid 6928] <... sendfile resumed>) = ? [pid 6928] +++ exited with 0 +++ [pid 6927] <... sendfile resumed>) = ? [pid 6927] +++ exited with 0 +++ [pid 6926] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6926, si_uid=0, si_status=0, si_utime=0, si_stime=19 /* 0.19 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./612", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./612/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./612/binderfs") = 0 umount2("./612/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./612/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./612/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./612/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./612/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./612/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./612") = 0 mkdir("./613", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6929 ./strace-static-x86_64: Process 6929 attached [pid 6929] set_robust_list(0x5555556365e0, 24) = 0 [pid 6929] chdir("./613") = 0 [pid 6929] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6929] setpgid(0, 0) = 0 [pid 6929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6929] write(3, "1000", 4) = 4 [pid 6929] close(3) = 0 [pid 6929] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6929] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6930 attached , parent_tid=[6930], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6930 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6930] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6930] memfd_create("syzkaller", 0) = 3 [pid 6930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6930] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6930] munmap(0x7f5499e77000, 2097152) = 0 [pid 6930] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6930] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6930] close(3) = 0 [pid 6930] mkdir("./bus", 0777) = 0 [pid 6930] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6930] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6930] chdir("./bus") = 0 [pid 6930] ioctl(4, LOOP_CLR_FD) = 0 [pid 6930] close(4) = 0 [pid 6930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [pid 6930] creat("./bus", 000) = 4 [pid 6930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [pid 6930] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [pid 6930] ftruncate(4, 2048) = 0 [pid 6930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [pid 6930] lseek(4, 0, SEEK_END) = 2048 [pid 6930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [pid 6930] open("./bus", O_RDONLY) = 5 [pid 6930] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... futex resumed>) = 0 [pid 6929] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6930] <... futex resumed>) = 1 [ 290.637209][ T6930] loop0: detected capacity change from 0 to 4096 [ 290.646869][ T6930] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6930] sendfile(4, 5, NULL, 145139829833722 [pid 6929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6929] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6929] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6929] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6929] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6931], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6931 [pid 6929] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6931 attached [pid 6931] set_robust_list(0x7f549a0769e0, 24) = 0 [ 290.693245][ T27] audit: type=1804 audit(1671454871.439:615): pid=6930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/613/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6931] sendfile(4, 5, NULL, 145139829833722 [pid 6929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6929] exit_group(0) = ? [pid 6930] <... sendfile resumed>) = ? [pid 6930] +++ exited with 0 +++ [pid 6931] <... sendfile resumed>) = ? [pid 6931] +++ exited with 0 +++ [pid 6929] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6929, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./613", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./613/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./613/binderfs") = 0 umount2("./613/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./613/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./613/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./613/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./613/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./613/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./613") = 0 mkdir("./614", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6932 ./strace-static-x86_64: Process 6932 attached [pid 6932] set_robust_list(0x5555556365e0, 24) = 0 [pid 6932] chdir("./614") = 0 [pid 6932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6932] setpgid(0, 0) = 0 [pid 6932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6932] write(3, "1000", 4) = 4 [pid 6932] close(3) = 0 [pid 6932] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6932] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6932] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6933 attached , parent_tid=[6933], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6933 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6933] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6933] memfd_create("syzkaller", 0) = 3 [pid 6933] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6933] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6933] munmap(0x7f5499e77000, 2097152) = 0 [pid 6933] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6933] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6933] close(3) = 0 [pid 6933] mkdir("./bus", 0777) = 0 [pid 6933] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6933] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6933] chdir("./bus") = 0 [pid 6933] ioctl(4, LOOP_CLR_FD) = 0 [pid 6933] close(4) = 0 [pid 6933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] creat("./bus", 000) = 4 [ 291.017259][ T6933] loop0: detected capacity change from 0 to 4096 [ 291.026650][ T6933] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] <... futex resumed>) = 1 [pid 6933] ftruncate(4, 2048) = 0 [pid 6933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] lseek(4, 0, SEEK_END) = 2048 [pid 6933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] <... futex resumed>) = 1 [pid 6933] open("./bus", O_RDONLY) = 5 [pid 6933] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6933] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6932] <... futex resumed>) = 0 [pid 6932] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6933] <... futex resumed>) = 0 [pid 6933] sendfile(4, 5, NULL, 145139829833722 [pid 6932] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6932] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6932] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6932] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6932] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6934 attached , parent_tid=[6934], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6934 [pid 6932] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6932] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6934] set_robust_list(0x7f549a0769e0, 24) = 0 [ 291.088699][ T27] audit: type=1804 audit(1671454871.829:616): pid=6933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/614/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6934] sendfile(4, 5, NULL, 145139829833722 [pid 6932] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6932] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6932] exit_group(0) = ? [pid 6933] <... sendfile resumed>) = ? [pid 6934] <... sendfile resumed>) = ? [pid 6934] +++ exited with 0 +++ [pid 6933] +++ exited with 0 +++ [pid 6932] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6932, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- umount2("./614", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./614/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./614/binderfs") = 0 umount2("./614/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./614/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./614/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./614/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./614/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./614/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./614") = 0 mkdir("./615", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6935 ./strace-static-x86_64: Process 6935 attached [pid 6935] set_robust_list(0x5555556365e0, 24) = 0 [pid 6935] chdir("./615") = 0 [pid 6935] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6935] setpgid(0, 0) = 0 [pid 6935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6935] write(3, "1000", 4) = 4 [pid 6935] close(3) = 0 [pid 6935] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6935] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6935] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6936 attached , parent_tid=[6936], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6936 [pid 6936] set_robust_list(0x7f54a22979e0, 24 [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6936] <... set_robust_list resumed>) = 0 [pid 6936] memfd_create("syzkaller", 0) = 3 [pid 6936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6936] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6936] munmap(0x7f5499e77000, 2097152) = 0 [pid 6936] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6936] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6936] close(3) = 0 [pid 6936] mkdir("./bus", 0777) = 0 [pid 6936] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6936] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6936] chdir("./bus") = 0 [pid 6936] ioctl(4, LOOP_CLR_FD) = 0 [pid 6936] close(4) = 0 [pid 6936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] creat("./bus", 000 [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... creat resumed>) = 4 [pid 6936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6936] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] <... futex resumed>) = 0 [pid 6936] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... fcntl resumed>) = 0 [pid 6936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6936] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] ftruncate(4, 2048 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... ftruncate resumed>) = 0 [pid 6936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6936] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] <... futex resumed>) = 0 [pid 6936] lseek(4, 0, SEEK_END) = 2048 [ 291.419613][ T6936] loop0: detected capacity change from 0 to 4096 [ 291.429393][ T6936] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6936] open("./bus", O_RDONLY) = 5 [pid 6936] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... futex resumed>) = 0 [pid 6936] <... futex resumed>) = 1 [pid 6935] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6936] sendfile(4, 5, NULL, 145139829833722 [ 291.473607][ T27] audit: type=1804 audit(1671454872.219:617): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/615/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6935] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6935] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6937], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6937 [pid 6935] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6935] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6937 attached [pid 6937] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6937] sendfile(4, 5, NULL, 145139829833722 [pid 6935] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6935] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6935] exit_group(0) = ? [pid 6937] <... sendfile resumed>) = ? [pid 6937] +++ exited with 0 +++ [pid 6936] <... sendfile resumed>) = ? [pid 6936] +++ exited with 0 +++ [pid 6935] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6935, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=23 /* 0.23 s */} --- umount2("./615", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./615/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./615/binderfs") = 0 umount2("./615/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./615/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./615/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./615/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./615/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./615/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./615") = 0 mkdir("./616", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6938 ./strace-static-x86_64: Process 6938 attached [pid 6938] set_robust_list(0x5555556365e0, 24) = 0 [pid 6938] chdir("./616") = 0 [pid 6938] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6938] setpgid(0, 0) = 0 [pid 6938] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6938] write(3, "1000", 4) = 4 [pid 6938] close(3) = 0 [pid 6938] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6938] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6938] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6939 attached , parent_tid=[6939], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6939 [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6939] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6939] memfd_create("syzkaller", 0) = 3 [pid 6939] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6939] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6939] munmap(0x7f5499e77000, 2097152) = 0 [pid 6939] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6939] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6939] close(3) = 0 [pid 6939] mkdir("./bus", 0777) = 0 [pid 6939] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6939] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6939] chdir("./bus") = 0 [pid 6939] ioctl(4, LOOP_CLR_FD) = 0 [pid 6939] close(4) = 0 [pid 6939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6939] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] <... futex resumed>) = 0 [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = 0 [pid 6938] <... futex resumed>) = 1 [pid 6939] creat("./bus", 000 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] <... creat resumed>) = 4 [pid 6939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... futex resumed>) = 0 [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] <... futex resumed>) = 1 [pid 6939] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6939] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6938] <... futex resumed>) = 0 [pid 6939] ftruncate(4, 2048 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] <... ftruncate resumed>) = 0 [pid 6939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6939] lseek(4, 0, SEEK_END [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... lseek resumed>) = 2048 [pid 6938] <... futex resumed>) = 0 [pid 6939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] <... futex resumed>) = 0 [pid 6938] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6939] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6938] <... futex resumed>) = 0 [pid 6939] open("./bus", O_RDONLY [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6939] <... open resumed>) = 5 [ 291.820116][ T6939] loop0: detected capacity change from 0 to 4096 [ 291.829471][ T6939] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6939] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6938] <... futex resumed>) = 0 [pid 6939] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6939] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6938] <... futex resumed>) = 0 [pid 6939] sendfile(4, 5, NULL, 145139829833722 [pid 6938] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6938] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6938] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6938] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6938] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6940 attached , parent_tid=[6940], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6940 [pid 6940] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6940] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6938] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6940] <... futex resumed>) = 0 [pid 6940] sendfile(4, 5, NULL, 145139829833722 [ 291.874202][ T27] audit: type=1804 audit(1671454872.619:618): pid=6939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/616/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6938] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6938] exit_group(0) = ? [pid 6939] <... sendfile resumed>) = ? [pid 6939] +++ exited with 0 +++ [pid 6940] <... sendfile resumed>) = ? [pid 6940] +++ exited with 0 +++ [pid 6938] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6938, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./616", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./616/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./616/binderfs") = 0 umount2("./616/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./616/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./616/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./616/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./616/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./616/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./616") = 0 mkdir("./617", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6941 ./strace-static-x86_64: Process 6941 attached [pid 6941] set_robust_list(0x5555556365e0, 24) = 0 [pid 6941] chdir("./617") = 0 [pid 6941] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6941] setpgid(0, 0) = 0 [pid 6941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6941] write(3, "1000", 4) = 4 [pid 6941] close(3) = 0 [pid 6941] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6941] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6941] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6942 attached , parent_tid=[6942], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6942 [pid 6942] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6942] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6942] <... futex resumed>) = 0 [pid 6942] memfd_create("syzkaller", 0) = 3 [pid 6942] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6942] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6942] munmap(0x7f5499e77000, 2097152) = 0 [pid 6942] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6942] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6942] close(3) = 0 [pid 6942] mkdir("./bus", 0777) = 0 [pid 6942] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6942] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6942] chdir("./bus") = 0 [pid 6942] ioctl(4, LOOP_CLR_FD) = 0 [pid 6942] close(4) = 0 [pid 6942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] <... futex resumed>) = 0 [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] <... futex resumed>) = 1 [pid 6942] creat("./bus", 000) = 4 [pid 6942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6942] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6942] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6942] ftruncate(4, 2048 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] <... ftruncate resumed>) = 0 [pid 6942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] lseek(4, 0, SEEK_END) = 2048 [pid 6942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6941] <... futex resumed>) = 0 [pid 6942] open("./bus", O_RDONLY [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 292.194562][ T6942] loop0: detected capacity change from 0 to 4096 [ 292.204243][ T6942] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] <... open resumed>) = 5 [pid 6942] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] <... futex resumed>) = 0 [pid 6941] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6942] <... futex resumed>) = 1 [pid 6942] sendfile(4, 5, NULL, 145139829833722 [pid 6941] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6941] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6941] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6941] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6941] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6943 attached [pid 6943] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6943] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] <... clone resumed>, parent_tid=[6943], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6943 [pid 6941] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6943] <... futex resumed>) = 0 [pid 6943] sendfile(4, 5, NULL, 145139829833722 [ 292.253363][ T27] audit: type=1804 audit(1671454872.999:619): pid=6942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/617/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6941] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6941] exit_group(0) = ? [pid 6942] <... sendfile resumed>) = ? [pid 6943] <... sendfile resumed>) = ? [pid 6943] +++ exited with 0 +++ [pid 6942] +++ exited with 0 +++ [pid 6941] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6941, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./617", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./617/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./617/binderfs") = 0 umount2("./617/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./617/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./617/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./617/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./617/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./617/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./617") = 0 mkdir("./618", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6944 ./strace-static-x86_64: Process 6944 attached [pid 6944] set_robust_list(0x5555556365e0, 24) = 0 [pid 6944] chdir("./618") = 0 [pid 6944] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6944] setpgid(0, 0) = 0 [pid 6944] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6944] write(3, "1000", 4) = 4 [pid 6944] close(3) = 0 [pid 6944] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6944] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6944] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6945], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6945 [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6945 attached [pid 6945] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6945] memfd_create("syzkaller", 0) = 3 [pid 6945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6945] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6945] munmap(0x7f5499e77000, 2097152) = 0 [pid 6945] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6945] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6945] close(3) = 0 [pid 6945] mkdir("./bus", 0777) = 0 [pid 6945] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6945] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6945] chdir("./bus") = 0 [pid 6945] ioctl(4, LOOP_CLR_FD) = 0 [pid 6945] close(4) = 0 [pid 6945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6945] creat("./bus", 000 [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... creat resumed>) = 4 [pid 6945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... futex resumed>) = 1 [pid 6945] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... futex resumed>) = 1 [pid 6945] ftruncate(4, 2048) = 0 [pid 6945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] lseek(4, 0, SEEK_END [pid 6944] <... futex resumed>) = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... lseek resumed>) = 2048 [pid 6945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6944] <... futex resumed>) = 0 [pid 6945] open("./bus", O_RDONLY [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... open resumed>) = 5 [pid 6945] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 292.566936][ T6945] loop0: detected capacity change from 0 to 4096 [ 292.576274][ T6945] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6945] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6944] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] <... futex resumed>) = 0 [pid 6944] <... futex resumed>) = 1 [pid 6945] sendfile(4, 5, NULL, 145139829833722 [pid 6944] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6944] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6944] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6944] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6944] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6946 attached [pid 6946] set_robust_list(0x7f549a0769e0, 24 [pid 6944] <... clone resumed>, parent_tid=[6946], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6946 [pid 6946] <... set_robust_list resumed>) = 0 [pid 6946] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6944] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... futex resumed>) = 0 [pid 6944] <... futex resumed>) = 1 [pid 6946] sendfile(4, 5, NULL, 145139829833722 [ 292.623410][ T27] audit: type=1804 audit(1671454873.369:620): pid=6945 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/618/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6944] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6944] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6944] exit_group(0 [pid 6945] <... sendfile resumed>) = ? [pid 6944] <... exit_group resumed>) = ? [pid 6945] +++ exited with 0 +++ [pid 6946] <... sendfile resumed>) = ? [pid 6946] +++ exited with 0 +++ [pid 6944] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6944, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./618", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./618/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./618/binderfs") = 0 umount2("./618/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./618/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./618/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./618/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./618/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./618/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./618") = 0 mkdir("./619", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6947 ./strace-static-x86_64: Process 6947 attached [pid 6947] set_robust_list(0x5555556365e0, 24) = 0 [pid 6947] chdir("./619") = 0 [pid 6947] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6947] setpgid(0, 0) = 0 [pid 6947] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6947] write(3, "1000", 4) = 4 [pid 6947] close(3) = 0 [pid 6947] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6947] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6947] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6948 attached , parent_tid=[6948], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6948 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6948] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6948] memfd_create("syzkaller", 0) = 3 [pid 6948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6948] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6948] munmap(0x7f5499e77000, 2097152) = 0 [pid 6948] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6948] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6948] close(3) = 0 [pid 6948] mkdir("./bus", 0777) = 0 [pid 6948] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6948] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6948] chdir("./bus") = 0 [pid 6948] ioctl(4, LOOP_CLR_FD) = 0 [pid 6948] close(4) = 0 [pid 6948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... futex resumed>) = 0 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... futex resumed>) = 1 [pid 6948] creat("./bus", 000) = 4 [pid 6948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6947] <... futex resumed>) = 0 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6947] <... futex resumed>) = 0 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] ftruncate(4, 2048) = 0 [pid 6948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... futex resumed>) = 0 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... futex resumed>) = 1 [pid 6948] lseek(4, 0, SEEK_END) = 2048 [pid 6948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... futex resumed>) = 0 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... futex resumed>) = 1 [pid 6948] open("./bus", O_RDONLY) = 5 [pid 6948] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... futex resumed>) = 0 [pid 6947] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... futex resumed>) = 1 [ 292.949522][ T6948] loop0: detected capacity change from 0 to 4096 [ 292.958811][ T6948] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6948] sendfile(4, 5, NULL, 145139829833722 [pid 6947] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6947] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6947] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6947] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6947] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6949], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6949 [pid 6947] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6947] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6949 attached [pid 6949] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6949] sendfile(4, 5, NULL, 145139829833722 [pid 6947] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6947] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6947] exit_group(0) = ? [pid 6949] <... sendfile resumed>) = ? [pid 6949] +++ exited with 0 +++ [pid 6948] <... sendfile resumed>) = ? [pid 6948] +++ exited with 0 +++ [pid 6947] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6947, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./619", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./619/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./619/binderfs") = 0 umount2("./619/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./619/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./619/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./619/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./619/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./619/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./619") = 0 mkdir("./620", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6950 ./strace-static-x86_64: Process 6950 attached [pid 6950] set_robust_list(0x5555556365e0, 24) = 0 [pid 6950] chdir("./620") = 0 [pid 6950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6950] setpgid(0, 0) = 0 [pid 6950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6950] write(3, "1000", 4) = 4 [pid 6950] close(3) = 0 [pid 6950] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6950] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6950] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6951], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6951 [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6951 attached [pid 6951] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6951] memfd_create("syzkaller", 0) = 3 [pid 6951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6951] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6951] munmap(0x7f5499e77000, 2097152) = 0 [pid 6951] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6951] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6951] close(3) = 0 [pid 6951] mkdir("./bus", 0777) = 0 [pid 6951] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6951] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6951] chdir("./bus") = 0 [pid 6951] ioctl(4, LOOP_CLR_FD) = 0 [pid 6951] close(4) = 0 [pid 6951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6951] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = 0 [pid 6951] creat("./bus", 000) = 4 [pid 6951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = 1 [pid 6951] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = 1 [pid 6951] ftruncate(4, 2048) = 0 [pid 6951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] <... futex resumed>) = 0 [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... futex resumed>) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6951] lseek(4, 0, SEEK_END [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... lseek resumed>) = 2048 [pid 6951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6950] <... futex resumed>) = 0 [pid 6951] open("./bus", O_RDONLY [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] <... open resumed>) = 5 [pid 6950] <... futex resumed>) = 0 [pid 6951] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6951] <... futex resumed>) = 0 [pid 6950] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6951] sendfile(4, 5, NULL, 145139829833722 [pid 6950] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 293.316077][ T6951] loop0: detected capacity change from 0 to 4096 [ 293.325728][ T6951] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6950] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6950] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6950] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6950] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6952], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6952 ./strace-static-x86_64: Process 6952 attached [pid 6950] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6950] <... futex resumed>) = 0 [pid 6952] sendfile(4, 5, NULL, 145139829833722 [pid 6950] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6950] exit_group(0) = ? [pid 6952] <... sendfile resumed>) = ? [pid 6952] +++ exited with 0 +++ [pid 6951] <... sendfile resumed>) = ? [pid 6951] +++ exited with 0 +++ [pid 6950] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6950, si_uid=0, si_status=0, si_utime=0, si_stime=29 /* 0.29 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./620", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./620/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./620/binderfs") = 0 umount2("./620/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./620/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./620/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./620/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./620/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./620/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./620") = 0 mkdir("./621", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6953 ./strace-static-x86_64: Process 6953 attached [pid 6953] set_robust_list(0x5555556365e0, 24) = 0 [pid 6953] chdir("./621") = 0 [pid 6953] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6953] setpgid(0, 0) = 0 [pid 6953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6953] write(3, "1000", 4) = 4 [pid 6953] close(3) = 0 [pid 6953] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6953] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6953] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6954 attached [pid 6954] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6953] <... clone resumed>, parent_tid=[6954], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6954 [pid 6954] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6954] <... futex resumed>) = 0 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6954] memfd_create("syzkaller", 0) = 3 [pid 6954] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6954] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6954] munmap(0x7f5499e77000, 2097152) = 0 [pid 6954] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6954] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6954] close(3) = 0 [pid 6954] mkdir("./bus", 0777) = 0 [pid 6954] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6954] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6954] chdir("./bus") = 0 [pid 6954] ioctl(4, LOOP_CLR_FD) = 0 [pid 6954] close(4) = 0 [pid 6954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] <... futex resumed>) = 1 [pid 6954] creat("./bus", 000) = 4 [pid 6954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] <... futex resumed>) = 1 [pid 6954] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] <... futex resumed>) = 0 [pid 6954] ftruncate(4, 2048) = 0 [pid 6954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] <... futex resumed>) = 0 [pid 6954] <... futex resumed>) = 1 [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] lseek(4, 0, SEEK_END [pid 6953] <... futex resumed>) = 0 [pid 6954] <... lseek resumed>) = 2048 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [pid 6954] open("./bus", O_RDONLY [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6954] <... open resumed>) = 5 [pid 6953] <... futex resumed>) = 0 [pid 6954] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6954] <... futex resumed>) = 0 [pid 6953] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] sendfile(4, 5, NULL, 145139829833722 [pid 6953] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 293.699593][ T6954] loop0: detected capacity change from 0 to 4096 [ 293.709525][ T6954] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6953] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6953] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6953] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6953] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6955], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6955 [pid 6953] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6955 attached [pid 6955] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6955] sendfile(4, 5, NULL, 145139829833722 [pid 6953] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6953] exit_group(0) = ? [pid 6955] <... sendfile resumed>) = ? [pid 6955] +++ exited with 0 +++ [pid 6954] <... sendfile resumed>) = ? [pid 6954] +++ exited with 0 +++ [pid 6953] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6953, si_uid=0, si_status=0, si_utime=0, si_stime=27 /* 0.27 s */} --- umount2("./621", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./621/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./621/binderfs") = 0 umount2("./621/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./621/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./621/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./621/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./621/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./621/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./621") = 0 mkdir("./622", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6956 ./strace-static-x86_64: Process 6956 attached [pid 6956] set_robust_list(0x5555556365e0, 24) = 0 [pid 6956] chdir("./622") = 0 [pid 6956] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6956] setpgid(0, 0) = 0 [pid 6956] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6956] write(3, "1000", 4) = 4 [pid 6956] close(3) = 0 [pid 6956] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6956] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6956] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6957 attached [pid 6957] set_robust_list(0x7f54a22979e0, 24 [pid 6956] <... clone resumed>, parent_tid=[6957], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6957 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6957] <... set_robust_list resumed>) = 0 [pid 6957] memfd_create("syzkaller", 0) = 3 [pid 6957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6957] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6957] munmap(0x7f5499e77000, 2097152) = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6957] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6957] close(3) = 0 [pid 6957] mkdir("./bus", 0777) = 0 [pid 6957] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6957] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6957] chdir("./bus") = 0 [pid 6957] ioctl(4, LOOP_CLR_FD) = 0 [pid 6957] close(4) = 0 [pid 6957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = 1 [pid 6957] creat("./bus", 000) = 4 [pid 6957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = 1 [pid 6957] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] <... futex resumed>) = 1 [pid 6957] ftruncate(4, 2048) = 0 [pid 6957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] lseek(4, 0, SEEK_END) = 2048 [pid 6957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6957] open("./bus", O_RDONLY) = 5 [pid 6957] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6956] <... futex resumed>) = 0 [pid 6956] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 294.074876][ T6957] loop0: detected capacity change from 0 to 4096 [ 294.084181][ T6957] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6957] sendfile(4, 5, NULL, 145139829833722 [pid 6956] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6956] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6956] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6956] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6958], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6958 [pid 6956] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6956] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6958 attached [pid 6958] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6958] sendfile(4, 5, NULL, 145139829833722 [pid 6956] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6956] exit_group(0 [pid 6958] <... sendfile resumed>) = ? [pid 6956] <... exit_group resumed>) = ? [pid 6958] +++ exited with 0 +++ [pid 6957] <... sendfile resumed>) = ? [pid 6957] +++ exited with 0 +++ [pid 6956] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6956, si_uid=0, si_status=0, si_utime=0, si_stime=21 /* 0.21 s */} --- umount2("./622", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./622/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./622/binderfs") = 0 umount2("./622/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./622/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./622/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./622/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./622/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./622/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./622") = 0 mkdir("./623", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6959 ./strace-static-x86_64: Process 6959 attached [pid 6959] set_robust_list(0x5555556365e0, 24) = 0 [pid 6959] chdir("./623") = 0 [pid 6959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6959] setpgid(0, 0) = 0 [pid 6959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6959] write(3, "1000", 4) = 4 [pid 6959] close(3) = 0 [pid 6959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6959] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6959] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6960 attached , parent_tid=[6960], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6960 [pid 6960] set_robust_list(0x7f54a22979e0, 24 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6960] <... set_robust_list resumed>) = 0 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6960] memfd_create("syzkaller", 0) = 3 [pid 6960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6960] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6960] munmap(0x7f5499e77000, 2097152) = 0 [pid 6960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6960] close(3) = 0 [pid 6960] mkdir("./bus", 0777) = 0 [pid 6960] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6960] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6960] chdir("./bus") = 0 [pid 6960] ioctl(4, LOOP_CLR_FD) = 0 [pid 6960] close(4) = 0 [pid 6960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6960] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6960] <... futex resumed>) = 0 [pid 6960] creat("./bus", 000) = 4 [pid 6960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6960] <... futex resumed>) = 1 [pid 6960] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6960] <... futex resumed>) = 1 [pid 6960] ftruncate(4, 2048 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6960] <... ftruncate resumed>) = 0 [pid 6960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6960] <... futex resumed>) = 1 [pid 6960] lseek(4, 0, SEEK_END) = 2048 [pid 6960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6960] <... futex resumed>) = 1 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6960] open("./bus", O_RDONLY [ 294.467475][ T6960] loop0: detected capacity change from 0 to 4096 [ 294.476526][ T6960] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6960] <... open resumed>) = 5 [pid 6960] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6959] <... futex resumed>) = 0 [pid 6959] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6960] <... futex resumed>) = 1 [pid 6960] sendfile(4, 5, NULL, 145139829833722 [pid 6959] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6959] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6959] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6959] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6961 attached , parent_tid=[6961], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6961 [pid 6961] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6961] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6959] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6961] <... futex resumed>) = 0 [pid 6961] sendfile(4, 5, NULL, 145139829833722 [ 294.527405][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 294.527415][ T27] audit: type=1804 audit(1671454875.269:625): pid=6960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/623/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6959] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6959] exit_group(0) = ? [pid 6961] <... sendfile resumed>) = ? [pid 6961] +++ exited with 0 +++ [pid 6960] <... sendfile resumed>) = ? [pid 6960] +++ exited with 0 +++ [pid 6959] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6959, si_uid=0, si_status=0, si_utime=0, si_stime=23 /* 0.23 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./623", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./623/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./623/binderfs") = 0 umount2("./623/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./623/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./623/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./623/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./623/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./623/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./623") = 0 mkdir("./624", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6962 ./strace-static-x86_64: Process 6962 attached [pid 6962] set_robust_list(0x5555556365e0, 24) = 0 [pid 6962] chdir("./624") = 0 [pid 6962] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6962] setpgid(0, 0) = 0 [pid 6962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6962] write(3, "1000", 4) = 4 [pid 6962] close(3) = 0 [pid 6962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6962] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6962] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6963 attached , parent_tid=[6963], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6963 [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] set_robust_list(0x7f54a22979e0, 24 [pid 6962] <... futex resumed>) = 0 [pid 6963] <... set_robust_list resumed>) = 0 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6963] memfd_create("syzkaller", 0) = 3 [pid 6963] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6963] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6963] munmap(0x7f5499e77000, 2097152) = 0 [pid 6963] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6963] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6963] close(3) = 0 [pid 6963] mkdir("./bus", 0777) = 0 [pid 6963] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6963] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6963] chdir("./bus") = 0 [pid 6963] ioctl(4, LOOP_CLR_FD) = 0 [ 294.859756][ T6963] loop0: detected capacity change from 0 to 4096 [ 294.869387][ T6963] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6963] close(4) = 0 [pid 6963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6962] <... futex resumed>) = 0 [pid 6963] creat("./bus", 000 [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] <... creat resumed>) = 4 [pid 6963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] <... futex resumed>) = 0 [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6963] <... futex resumed>) = 1 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6962] <... futex resumed>) = 0 [pid 6963] ftruncate(4, 2048 [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... ftruncate resumed>) = 0 [pid 6962] <... futex resumed>) = 0 [pid 6963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] <... futex resumed>) = 0 [pid 6962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] lseek(4, 0, SEEK_END [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... lseek resumed>) = 2048 [pid 6962] <... futex resumed>) = 0 [pid 6963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] <... futex resumed>) = 0 [pid 6962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] open("./bus", O_RDONLY [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] <... open resumed>) = 5 [pid 6962] <... futex resumed>) = 0 [pid 6963] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6963] <... futex resumed>) = 0 [pid 6962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6963] sendfile(4, 5, NULL, 145139829833722 [pid 6962] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6962] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6962] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6962] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6962] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6964 attached , parent_tid=[6964], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6964 [pid 6964] set_robust_list(0x7f549a0769e0, 24 [pid 6962] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] <... set_robust_list resumed>) = 0 [pid 6962] <... futex resumed>) = 0 [pid 6964] sendfile(4, 5, NULL, 145139829833722 [ 294.896939][ T27] audit: type=1804 audit(1671454875.639:626): pid=6963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/624/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6962] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6962] exit_group(0) = ? [pid 6963] <... sendfile resumed>) = ? [pid 6963] +++ exited with 0 +++ [pid 6964] <... sendfile resumed>) = ? [pid 6964] +++ exited with 0 +++ [pid 6962] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6962, si_uid=0, si_status=0, si_utime=0, si_stime=25 /* 0.25 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./624", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./624/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./624/binderfs") = 0 umount2("./624/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./624/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./624/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./624/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./624/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./624/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./624") = 0 mkdir("./625", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6965 ./strace-static-x86_64: Process 6965 attached [pid 6965] set_robust_list(0x5555556365e0, 24) = 0 [pid 6965] chdir("./625") = 0 [pid 6965] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6965] setpgid(0, 0) = 0 [pid 6965] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6965] write(3, "1000", 4) = 4 [pid 6965] close(3) = 0 [pid 6965] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6965] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6965] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6966 attached , parent_tid=[6966], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6966 [pid 6966] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6966] memfd_create("syzkaller", 0) = 3 [pid 6966] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6966] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6966] munmap(0x7f5499e77000, 2097152) = 0 [pid 6966] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6966] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6966] close(3) = 0 [pid 6966] mkdir("./bus", 0777) = 0 [pid 6966] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6966] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6966] chdir("./bus") = 0 [pid 6966] ioctl(4, LOOP_CLR_FD) = 0 [pid 6966] close(4) = 0 [pid 6966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] <... futex resumed>) = 1 [pid 6966] creat("./bus", 000) = 4 [pid 6966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6966] <... futex resumed>) = 1 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] <... futex resumed>) = 1 [pid 6966] ftruncate(4, 2048) = 0 [pid 6966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] <... futex resumed>) = 1 [pid 6966] lseek(4, 0, SEEK_END) = 2048 [pid 6966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] <... futex resumed>) = 1 [ 295.235683][ T6966] loop0: detected capacity change from 0 to 4096 [ 295.245586][ T6966] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6966] open("./bus", O_RDONLY) = 5 [pid 6966] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... futex resumed>) = 0 [pid 6965] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6966] <... futex resumed>) = 1 [pid 6966] sendfile(4, 5, NULL, 145139829833722 [pid 6965] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6965] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6965] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6965] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6965] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6967 attached [pid 6967] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6967] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6965] <... clone resumed>, parent_tid=[6967], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6967 [pid 6965] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6965] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6967] <... futex resumed>) = 0 [ 295.293805][ T27] audit: type=1804 audit(1671454876.039:627): pid=6966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/625/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6967] sendfile(4, 5, NULL, 145139829833722 [pid 6965] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6965] exit_group(0) = ? [pid 6966] <... sendfile resumed>) = ? [pid 6966] +++ exited with 0 +++ [pid 6967] <... sendfile resumed>) = ? [pid 6967] +++ exited with 0 +++ [pid 6965] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6965, si_uid=0, si_status=0, si_utime=0, si_stime=17 /* 0.17 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./625", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./625/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./625/binderfs") = 0 umount2("./625/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./625/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./625/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./625/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./625/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./625/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./625") = 0 mkdir("./626", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6968 ./strace-static-x86_64: Process 6968 attached [pid 6968] set_robust_list(0x5555556365e0, 24) = 0 [pid 6968] chdir("./626") = 0 [pid 6968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6968] setpgid(0, 0) = 0 [pid 6968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6968] write(3, "1000", 4) = 4 [pid 6968] close(3) = 0 [pid 6968] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6968] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6968] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6969 attached , parent_tid=[6969], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6969 [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6969] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6969] memfd_create("syzkaller", 0) = 3 [pid 6969] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6969] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6969] munmap(0x7f5499e77000, 2097152) = 0 [pid 6969] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6969] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6969] close(3) = 0 [pid 6969] mkdir("./bus", 0777) = 0 [pid 6969] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6969] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6969] chdir("./bus") = 0 [pid 6969] ioctl(4, LOOP_CLR_FD) = 0 [pid 6969] close(4) = 0 [pid 6969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] creat("./bus", 000) = 4 [pid 6969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6969] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6968] <... futex resumed>) = 0 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6969] ftruncate(4, 2048 [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... ftruncate resumed>) = 0 [pid 6969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6968] <... futex resumed>) = 0 [pid 6969] lseek(4, 0, SEEK_END [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... lseek resumed>) = 2048 [pid 6968] <... futex resumed>) = 0 [ 295.625822][ T6969] loop0: detected capacity change from 0 to 4096 [ 295.635036][ T6969] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... futex resumed>) = 0 [pid 6968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] open("./bus", O_RDONLY [pid 6968] <... futex resumed>) = 0 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6969] <... open resumed>) = 5 [pid 6969] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6969] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6968] <... futex resumed>) = 0 [pid 6968] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] <... futex resumed>) = 0 [pid 6968] <... futex resumed>) = 1 [pid 6969] sendfile(4, 5, NULL, 145139829833722 [pid 6968] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6968] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6968] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6968] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6968] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6970], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6970 ./strace-static-x86_64: Process 6970 attached [pid 6968] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6970] set_robust_list(0x7f549a0769e0, 24 [pid 6968] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6970] <... set_robust_list resumed>) = 0 [ 295.689531][ T27] audit: type=1804 audit(1671454876.429:628): pid=6969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/626/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6970] sendfile(4, 5, NULL, 145139829833722 [pid 6968] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6968] exit_group(0) = ? [pid 6970] <... sendfile resumed>) = ? [pid 6970] +++ exited with 0 +++ [pid 6969] <... sendfile resumed>) = ? [pid 6969] +++ exited with 0 +++ [pid 6968] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6968, si_uid=0, si_status=0, si_utime=0, si_stime=22 /* 0.22 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./626", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./626/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./626/binderfs") = 0 umount2("./626/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./626/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./626/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./626/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./626/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./626/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./626") = 0 mkdir("./627", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6971 ./strace-static-x86_64: Process 6971 attached [pid 6971] set_robust_list(0x5555556365e0, 24) = 0 [pid 6971] chdir("./627") = 0 [pid 6971] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6971] setpgid(0, 0) = 0 [pid 6971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6971] write(3, "1000", 4) = 4 [pid 6971] close(3) = 0 [pid 6971] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6971] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6971] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6972], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6972 [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6972 attached [pid 6972] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6972] memfd_create("syzkaller", 0) = 3 [pid 6972] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6972] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6972] munmap(0x7f5499e77000, 2097152) = 0 [pid 6972] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6972] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6972] close(3) = 0 [pid 6972] mkdir("./bus", 0777) = 0 [pid 6972] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6972] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6972] chdir("./bus") = 0 [pid 6972] ioctl(4, LOOP_CLR_FD) = 0 [pid 6972] close(4) = 0 [pid 6972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6971] <... futex resumed>) = 0 [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] <... futex resumed>) = 0 [pid 6972] creat("./bus", 000) = 4 [pid 6972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = 0 [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] <... futex resumed>) = 1 [pid 6972] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = 0 [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] <... futex resumed>) = 1 [pid 6972] ftruncate(4, 2048) = 0 [pid 6972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] <... futex resumed>) = 0 [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] <... futex resumed>) = 1 [pid 6972] lseek(4, 0, SEEK_END) = 2048 [pid 6972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6971] <... futex resumed>) = 0 [ 296.007400][ T6972] loop0: detected capacity change from 0 to 4096 [ 296.016882][ T6972] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6972] open("./bus", O_RDONLY [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6972] <... open resumed>) = 5 [pid 6971] <... futex resumed>) = 0 [pid 6972] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6972] <... futex resumed>) = 0 [pid 6971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6972] sendfile(4, 5, NULL, 145139829833722 [pid 6971] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6971] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6971] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6971] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6973 attached [pid 6973] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6973] futex(0x7f54a238f7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6971] <... clone resumed>, parent_tid=[6973], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6973 [pid 6971] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 0 [pid 6971] <... futex resumed>) = 1 [pid 6973] sendfile(4, 5, NULL, 145139829833722 [ 296.069330][ T27] audit: type=1804 audit(1671454876.809:629): pid=6972 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/627/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6971] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6971] exit_group(0) = ? [pid 6972] <... sendfile resumed>) = ? [pid 6972] +++ exited with 0 +++ [pid 6973] <... sendfile resumed>) = ? [pid 6973] +++ exited with 0 +++ [pid 6971] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6971, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./627", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./627/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./627/binderfs") = 0 umount2("./627/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./627/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./627/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./627/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./627/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./627/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./627") = 0 mkdir("./628", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6974 ./strace-static-x86_64: Process 6974 attached [pid 6974] set_robust_list(0x5555556365e0, 24) = 0 [pid 6974] chdir("./628") = 0 [pid 6974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6974] setpgid(0, 0) = 0 [pid 6974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6974] write(3, "1000", 4) = 4 [pid 6974] close(3) = 0 [pid 6974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6974] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6974] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6975], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6975 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6975 attached [pid 6975] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6975] memfd_create("syzkaller", 0) = 3 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6975] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6975] munmap(0x7f5499e77000, 2097152) = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6975] close(3) = 0 [pid 6975] mkdir("./bus", 0777) = 0 [pid 6975] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6975] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6975] chdir("./bus") = 0 [pid 6975] ioctl(4, LOOP_CLR_FD) = 0 [pid 6975] close(4) = 0 [pid 6975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... futex resumed>) = 1 [pid 6975] creat("./bus", 000) = 4 [pid 6975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] <... futex resumed>) = 1 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] ftruncate(4, 2048 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... ftruncate resumed>) = 0 [pid 6975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6975] futex(0x7f54a238f7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... futex resumed>) = 0 [pid 6975] lseek(4, 0, SEEK_END) = 2048 [pid 6975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... futex resumed>) = 1 [ 296.390331][ T6975] loop0: detected capacity change from 0 to 4096 [ 296.399954][ T6975] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6975] open("./bus", O_RDONLY) = 5 [pid 6975] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] <... futex resumed>) = 0 [pid 6974] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... futex resumed>) = 1 [pid 6975] sendfile(4, 5, NULL, 145139829833722 [pid 6974] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6974] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6974] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6974] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6974] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6976], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6976 [ 296.448016][ T27] audit: type=1804 audit(1671454877.189:630): pid=6975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/628/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6974] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6974] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6976 attached [pid 6976] set_robust_list(0x7f549a0769e0, 24) = 0 [pid 6976] sendfile(4, 5, NULL, 145139829833722 [pid 6974] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6974] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6974] exit_group(0) = ? [pid 6975] <... sendfile resumed>) = ? [pid 6975] +++ exited with 0 +++ [pid 6976] <... sendfile resumed>) = ? [pid 6976] +++ exited with 0 +++ [pid 6974] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6974, si_uid=0, si_status=0, si_utime=0, si_stime=24 /* 0.24 s */} --- umount2("./628", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555637620 /* 4 entries */, 32768) = 104 umount2("./628/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./628/binderfs") = 0 umount2("./628/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./628/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./628/bus", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./628/bus", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./628/bus", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x55555563f660 /* 2 entries */, 32768) = 48 getdents64(4, 0x55555563f660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./628/bus") = 0 getdents64(3, 0x555555637620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./628") = 0 mkdir("./629", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556365d0) = 6977 ./strace-static-x86_64: Process 6977 attached [pid 6977] set_robust_list(0x5555556365e0, 24) = 0 [pid 6977] chdir("./629") = 0 [pid 6977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6977] setpgid(0, 0) = 0 [pid 6977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6977] write(3, "1000", 4) = 4 [pid 6977] close(3) = 0 [pid 6977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f54a2277000 [pid 6977] mprotect(0x7f54a2278000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6977] clone(child_stack=0x7f54a22973f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[6978], tls=0x7f54a2297700, child_tidptr=0x7f54a22979d0) = 6978 [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6978 attached [pid 6978] set_robust_list(0x7f54a22979e0, 24) = 0 [pid 6978] memfd_create("syzkaller", 0) = 3 [pid 6978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5499e77000 [pid 6978] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x10\x01\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x01\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x78\x5f\xaa\x3b\xd7\x0e\xce\x68\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 6978] munmap(0x7f5499e77000, 2097152) = 0 [pid 6978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6978] close(3) = 0 [pid 6978] mkdir("./bus", 0777) = 0 [pid 6978] mount("/dev/loop0", "./bus", "ntfs3", MS_NOSUID|MS_SYNCHRONOUS|MS_POSIXACL, "") = 0 [pid 6978] openat(AT_FDCWD, "./bus", O_RDONLY|O_DIRECTORY) = 3 [pid 6978] chdir("./bus") = 0 [pid 6978] ioctl(4, LOOP_CLR_FD) = 0 [pid 6978] close(4) = 0 [pid 6978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6977] <... futex resumed>) = 0 [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] creat("./bus", 000) = 4 [pid 6978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6977] <... futex resumed>) = 0 [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] fcntl(4, F_SETFL, O_RDONLY|O_NOCTTY|O_NONBLOCK|O_DIRECT|FASYNC) = 0 [pid 6978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6977] <... futex resumed>) = 0 [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] ftruncate(4, 2048 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] <... ftruncate resumed>) = 0 [pid 6978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6977] <... futex resumed>) = 0 [pid 6978] lseek(4, 0, SEEK_END [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] <... lseek resumed>) = 2048 [pid 6977] <... futex resumed>) = 0 [pid 6978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] <... futex resumed>) = 0 [pid 6977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6978] open("./bus", O_RDONLY [pid 6977] <... futex resumed>) = 0 [ 296.769025][ T6978] loop0: detected capacity change from 0 to 4096 [ 296.780061][ T6978] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] <... open resumed>) = 5 [pid 6978] futex(0x7f54a238f7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] <... futex resumed>) = 0 [pid 6977] futex(0x7f54a238f7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] <... futex resumed>) = 1 [pid 6977] futex(0x7f54a238f7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6978] sendfile(4, 5, NULL, 145139829833722 [pid 6977] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6977] futex(0x7f54a238f7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f549a056000 [pid 6977] mprotect(0x7f549a057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6977] clone(child_stack=0x7f549a0763f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 6979 attached , parent_tid=[6979], tls=0x7f549a076700, child_tidptr=0x7f549a0769d0) = 6979 [pid 6977] futex(0x7f54a238f7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6977] futex(0x7f54a238f7bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] set_robust_list(0x7f549a0769e0, 24) = 0 [ 296.828146][ T27] audit: type=1804 audit(1671454877.569:631): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor278" name="/root/syzkaller.Ozn6PW/629/bus/bus" dev="loop0" ino=33 res=1 errno=0 [pid 6979] sendfile(4, 5, NULL, 145139829833722 [pid 6977] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 297.007627][ T6979] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: lock_acquire+0x3b6/0x3c0 [ 297.018746][ T6979] CPU: 0 PID: 6979 Comm: syz-executor278 Not tainted 6.1.0-syzkaller-13139-gf9ff5644bcc0 #0 [ 297.028840][ T6979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 297.038922][ T6979] Call Trace: [ 297.042225][ T6979] [ 297.045177][ T6979] dump_stack_lvl+0x1b1/0x290 [ 297.050003][ T6979] ? nf_tcp_handle_invalid+0x630/0x630 [ 297.055494][ T6979] ? vsnprintf+0x19e/0x1cb0 [ 297.060049][ T6979] ? panic+0x710/0x710 [ 297.064157][ T6979] ? vscnprintf+0x59/0x80 [ 297.068522][ T6979] panic+0x2d6/0x710 [ 297.072438][ T6979] ? lock_acquire+0x3b6/0x3c0 [ 297.077117][ T6979] ? memcpy_page_flushcache+0x100/0x100 [ 297.082671][ T6979] __stack_chk_fail+0x12/0x20 [ 297.087346][ T6979] lock_acquire+0x3b6/0x3c0 [ 297.091849][ T6979] ? read_lock_is_recursive+0x10/0x10 [ 297.097212][ T6979] ? deref_stack_reg+0x17a/0x210 [ 297.102218][ T6979] ? unwind_next_frame+0x1b06/0x24c0 [ 297.107494][ T6979] ? deref_stack_reg+0x17a/0x210 [ 297.112429][ T6979] ? preempt_count_add+0x8d/0x180 [ 297.117495][ T6979] ? unwind_next_frame+0x1b06/0x24c0 [ 297.122773][ T6979] ? stack_trace_save+0x1e0/0x1e0 [ 297.127824][ T6979] rcu_lock_acquire+0x2a/0x30 [ 297.132523][ T6979] ? rcu_lock_acquire+0x5/0x30 [ 297.137284][ T6979] is_bpf_text_address+0x27/0x270 [ 297.142309][ T6979] ? stack_trace_save+0x1e0/0x1e0 [ 297.147332][ T6979] kernel_text_address+0x9e/0xd0 [ 297.152317][ T6979] __kernel_text_address+0x9/0x40 [ 297.157350][ T6979] unwind_get_return_address+0x48/0x80 [ 297.162908][ T6979] arch_stack_walk+0x98/0xe0 [ 297.167538][ T6979] stack_trace_save+0x104/0x1e0 [ 297.172397][ T6979] ? stack_trace_snprint+0xf0/0xf0 [ 297.177514][ T6979] ? rcu_read_lock_sched_held+0x87/0x110 [ 297.183290][ T6979] kasan_set_track+0x3d/0x60 [ 297.187948][ T6979] ? kasan_set_track+0x3d/0x60 [ 297.192705][ T6979] ? __kasan_kmalloc+0x97/0xb0 [ 297.197468][ T6979] ? __kmalloc+0xaf/0x190 [ 297.201826][ T6979] ? iter_file_splice_write+0x245/0xfc0 [ 297.207427][ T6979] ? direct_splice_actor+0xe6/0x1c0 [ 297.212618][ T6979] ? splice_direct_to_actor+0x4e4/0xc00 [ 297.218157][ T6979] ? do_splice_direct+0x279/0x3d0 [ 297.223173][ T6979] ? do_sendfile+0x5fb/0xf80 [ 297.227805][ T6979] ? __se_sys_sendfile64+0x14f/0x1b0 [ 297.233084][ T6979] ? do_syscall_64+0x3d/0xb0 [ 297.237665][ T6979] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 297.243778][ T6979] ? lockdep_hardirqs_on_prepare+0x428/0x790 [ 297.249753][ T6979] ? print_irqtrace_events+0x220/0x220 [ 297.255209][ T6979] ? ___slab_alloc+0xbdf/0xe20 [ 297.259966][ T6979] ? lockdep_hardirqs_on+0x8d/0x130 [ 297.265168][ T6979] ? iter_file_splice_write+0x245/0xfc0 [ 297.270726][ T6979] ? __kmem_cache_alloc_node+0x21a/0x340 [ 297.276356][ T6979] __kasan_kmalloc+0x97/0xb0 [ 297.280945][ T6979] ? iter_file_splice_write+0x245/0xfc0 [ 297.286494][ T6979] __kmalloc+0xaf/0x190 [ 297.290650][ T6979] iter_file_splice_write+0x245/0xfc0 [ 297.296024][ T6979] ? touch_atime+0x215/0x630 [ 297.300627][ T6979] ? generic_file_read_iter+0x8f/0x540 [ 297.306134][ T6979] ? generic_file_splice_read+0x290/0x5d0 [ 297.311852][ T6979] ? splice_from_pipe+0x200/0x200 [ 297.316877][ T6979] ? splice_shrink_spd+0xb0/0xb0 [ 297.321820][ T6979] ? splice_from_pipe+0x200/0x200 [ 297.326842][ T6979] direct_splice_actor+0xe6/0x1c0 [ 297.331869][ T6979] splice_direct_to_actor+0x4e4/0xc00 [ 297.337334][ T6979] ? do_splice_direct+0x3d0/0x3d0 [ 297.342362][ T6979] ? pipe_to_sendpage+0x340/0x340 [ 297.347383][ T6979] ? bpf_lsm_file_permission+0x5/0x10 [ 297.352805][ T6979] ? security_file_permission+0xe0/0x5c0 [ 297.358505][ T6979] do_splice_direct+0x279/0x3d0 [ 297.363363][ T6979] ? splice_direct_to_actor+0xc00/0xc00 [ 297.368927][ T6979] ? rcu_read_lock_any_held+0xb1/0x130 [ 297.374385][ T6979] ? apparmor_file_permission+0x1e0/0x310 [ 297.380158][ T6979] do_sendfile+0x5fb/0xf80 [ 297.384578][ T6979] ? ptrace_stop+0x74d/0x970 [ 297.389201][ T6979] ? do_pwritev+0x350/0x350 [ 297.393704][ T6979] ? _raw_spin_unlock_irq+0x2a/0x40 [ 297.398943][ T6979] ? ptrace_notify+0x245/0x340 [ 297.403705][ T6979] __se_sys_sendfile64+0x14f/0x1b0 [ 297.408817][ T6979] ? __x64_sys_sendfile64+0xa0/0xa0 [ 297.414015][ T6979] ? syscall_enter_from_user_mode+0x2e/0x1d0 [ 297.419999][ T6979] ? syscall_enter_from_user_mode+0x86/0x1d0 [ 297.425985][ T6979] do_syscall_64+0x3d/0xb0 [ 297.430399][ T6979] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 297.436318][ T6979] RIP: 0033:0x7f54a22eb5a9 [ 297.440741][ T6979] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 297.460431][ T6979] RSP: 002b:00007f549a076318 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 297.468858][ T6979] RAX: ffffffffffffffda RBX: 00007f54a238f7b8 RCX: 00007f54a22eb5a9 [ 297.476849][ T6979] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 297.484840][ T6979] RBP: 00007f54a238f7b0 R08: 00007f549a076700 R09: 0000000000000000 [ 297.492804][ T6979] R10: 00008400fffffffa R11: 0000000000000246 R12: 00007f54a235c230 [ 297.500772][ T6979] R13: 00007fff35a87cff R14: 00007f549a076400 R15: 0000000000022000 [ 297.508758][ T6979] [ 297.511829][ T6979] Kernel Offset: disabled [ 297.516249][ T6979] Rebooting in 86400 seconds..