./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2628024881 <...> Warning: Permanently added '10.128.10.54' (ED25519) to the list of known hosts. execve("./syz-executor2628024881", ["./syz-executor2628024881"], 0x7fff7452ffd0 /* 10 vars */) = 0 brk(NULL) = 0x555556ff8000 brk(0x555556ff8d40) = 0x555556ff8d40 arch_prctl(ARCH_SET_FS, 0x555556ff83c0) = 0 set_tid_address(0x555556ff8690) = 5034 set_robust_list(0x555556ff86a0, 24) = 0 rseq(0x555556ff8ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2628024881", 4096) = 28 getrandom("\x69\xc6\xf7\x05\x22\xb0\xbf\x83", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556ff8d40 brk(0x555557019d40) = 0x555557019d40 brk(0x55555701a000) = 0x55555701a000 mprotect(0x7f8f94c0f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.6g7HPX", 0700) = 0 chmod("./syzkaller.6g7HPX", 0777) = 0 chdir("./syzkaller.6g7HPX") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5035 ./strace-static-x86_64: Process 5035 attached [pid 5035] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5035] chdir("./0") = 0 [pid 5035] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5035] setpgid(0, 0) = 0 [pid 5035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5035] write(3, "1000", 4) = 4 [pid 5035] close(3) = 0 [pid 5035] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5035] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5035] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5036 attached => {parent_tid=[5036]}, 88) = 5036 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5035] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5035] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5036] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5036] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5036] memfd_create("syzkaller", 0) = 3 [pid 5036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5036] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [ 71.601524][ T5036] syz-executor262[5036]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5036] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5036] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5036] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5036] close(3) = 0 [pid 5036] mkdir("./file2", 0777) = 0 [pid 5036] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5036] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5036] chdir("./file2") = 0 [pid 5036] ioctl(4, LOOP_CLR_FD) = 0 [pid 5036] close(4) = 0 [pid 5036] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5036] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5035] <... futex resumed>) = 1 [ 71.670271][ T5036] loop0: detected capacity change from 0 to 4096 [pid 5035] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... open resumed>) = 4 [pid 5036] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5036] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... futex resumed>) = 0 [pid 5035] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5035] <... futex resumed>) = 1 [pid 5036] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5035] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... mmap resumed>) = 0x20000000 [pid 5035] <... futex resumed>) = 0 [pid 5035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5036] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5035] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5035] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5038 attached [pid 5038] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5035] <... clone3 resumed> => {parent_tid=[5038]}, 88) = 5038 [pid 5038] <... rseq resumed>) = 0 [pid 5035] rt_sigprocmask(SIG_SETMASK, [], [pid 5038] set_robust_list(0x7f8f94b099a0, 24 [pid 5035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5038] <... set_robust_list resumed>) = 0 [pid 5035] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5038] rt_sigprocmask(SIG_SETMASK, [], [pid 5035] <... futex resumed>) = 0 [pid 5038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5035] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5038] ftruncate(4, 2) = 0 [pid 5038] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5038] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5036] <... futex resumed>) = 0 [pid 5035] <... futex resumed>) = 1 [ 71.741135][ T28] audit: type=1800 audit(1697944364.557:2): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 71.765098][ T28] audit: type=1800 audit(1697944364.577:3): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5036] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5035] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... open resumed>) = 5 [pid 5036] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5036] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5035] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5036] <... futex resumed>) = 0 [pid 5036] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5036] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5035] <... futex resumed>) = 0 [pid 5036] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5035] exit_group(0 [pid 5036] <... futex resumed>) = ? [pid 5035] <... exit_group resumed>) = ? [pid 5036] +++ exited with 0 +++ [pid 5038] <... futex resumed>) = ? [pid 5038] +++ exited with 0 +++ [pid 5035] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5035, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 71.805618][ T28] audit: type=1800 audit(1697944364.627:4): pid=5036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5039 attached , child_tidptr=0x555556ff8690) = 5039 [pid 5039] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5039] chdir("./1") = 0 [pid 5039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5039] setpgid(0, 0) = 0 [pid 5039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5039] write(3, "1000", 4) = 4 [pid 5039] close(3) = 0 [pid 5039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5039] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5039] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5040]}, 88) = 5040 [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5040 attached [pid 5039] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5040] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5040] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5040] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5040] memfd_create("syzkaller", 0) = 3 [pid 5040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5040] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5040] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5040] close(3) = 0 [pid 5040] mkdir("./file2", 0777) = 0 [pid 5040] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5040] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5040] chdir("./file2") = 0 [pid 5040] ioctl(4, LOOP_CLR_FD) = 0 [pid 5040] close(4) = 0 [pid 5040] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5040] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5039] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5040] <... futex resumed>) = 0 [pid 5039] <... futex resumed>) = 1 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 71.955131][ T5040] loop0: detected capacity change from 0 to 4096 [pid 5039] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... open resumed>) = 4 [pid 5040] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5039] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5040] <... futex resumed>) = 1 [pid 5040] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5039] <... clone3 resumed> => {parent_tid=[5041]}, 88) = 5041 ./strace-static-x86_64: Process 5041 attached [pid 5039] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5039] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... mmap resumed>) = 0x20000000 [pid 5040] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5040] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5041] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5041] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5041] ftruncate(4, 2) = 0 [pid 5041] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5040] <... futex resumed>) = 0 [pid 5040] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5041] <... futex resumed>) = 1 [pid 5040] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5039] <... futex resumed>) = 0 [pid 5039] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5039] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5041] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5040] <... futex resumed>) = 1 [pid 5040] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5040] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5039] <... futex resumed>) = 0 [pid 5039] exit_group(0 [pid 5041] <... futex resumed>) = ? [pid 5039] <... exit_group resumed>) = ? [pid 5041] +++ exited with 0 +++ [pid 5040] +++ exited with 0 +++ [pid 5039] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5039, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 72.011717][ T28] audit: type=1800 audit(1697944364.827:5): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 72.032463][ T28] audit: type=1800 audit(1697944364.847:6): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5042 attached , child_tidptr=0x555556ff8690) = 5042 [pid 5042] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5042] chdir("./2") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 72.052351][ T28] audit: type=1800 audit(1697944364.857:7): pid=5040 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5042] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5043 attached => {parent_tid=[5043]}, 88) = 5043 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5043] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] memfd_create("syzkaller", 0) = 3 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5043] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5043] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5043] close(3) = 0 [pid 5043] mkdir("./file2", 0777) = 0 [pid 5043] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5043] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5043] chdir("./file2") = 0 [pid 5043] ioctl(4, LOOP_CLR_FD) = 0 [pid 5043] close(4) = 0 [pid 5043] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5043] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5043] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 72.170632][ T5043] loop0: detected capacity change from 0 to 4096 [pid 5042] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... open resumed>) = 4 [pid 5043] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5043] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5042] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... mmap resumed>) = 0x20000000 [pid 5042] <... futex resumed>) = 0 [pid 5043] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5043] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5042] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5044 attached => {parent_tid=[5044]}, 88) = 5044 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], [pid 5044] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5042] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5044] <... rseq resumed>) = 0 [pid 5044] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5044] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5044] ftruncate(4, 2) = 0 [pid 5044] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5044] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 0 [pid 5042] <... futex resumed>) = 1 [pid 5043] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5042] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... open resumed>) = 5 [pid 5043] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5043] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5042] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5043] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... futex resumed>) = 0 [pid 5042] exit_group(0 [pid 5044] <... futex resumed>) = ? [pid 5044] +++ exited with 0 +++ [pid 5043] <... futex resumed>) = ? [pid 5042] <... exit_group resumed>) = ? [pid 5043] +++ exited with 0 +++ [pid 5042] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5042, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.218059][ T28] audit: type=1800 audit(1697944365.037:8): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 72.246226][ T28] audit: type=1800 audit(1697944365.067:9): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 72.287550][ T28] audit: type=1800 audit(1697944365.107:10): pid=5043 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5045 attached , child_tidptr=0x555556ff8690) = 5045 [pid 5045] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5045] chdir("./3") = 0 [pid 5045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5045] setpgid(0, 0) = 0 [pid 5045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5045] write(3, "1000", 4) = 4 [pid 5045] close(3) = 0 [pid 5045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5045] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5045] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5046 attached => {parent_tid=[5046]}, 88) = 5046 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5046] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5046] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5046] memfd_create("syzkaller", 0) = 3 [pid 5046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5046] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5046] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5046] close(3) = 0 [pid 5046] mkdir("./file2", 0777) = 0 [pid 5046] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5046] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5046] chdir("./file2") = 0 [pid 5046] ioctl(4, LOOP_CLR_FD) = 0 [pid 5046] close(4) = 0 [pid 5046] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] <... open resumed>) = 4 [pid 5046] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5045] <... futex resumed>) = 0 [pid 5046] <... futex resumed>) = 1 [ 72.411768][ T5046] loop0: detected capacity change from 0 to 4096 [pid 5045] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5045] <... futex resumed>) = 0 [pid 5046] <... mmap resumed>) = 0x20000000 [pid 5045] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5045] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5046] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... clone3 resumed> => {parent_tid=[5047]}, 88) = 5047 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5047 attached [pid 5047] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5047] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5047] ftruncate(4, 2) = 0 [pid 5047] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5047] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5045] <... futex resumed>) = 1 [pid 5045] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5046] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5045] <... futex resumed>) = 0 [pid 5045] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5045] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5046] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5046] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5045] <... futex resumed>) = 0 [pid 5045] exit_group(0 [pid 5047] <... futex resumed>) = ? [pid 5045] <... exit_group resumed>) = ? [pid 5046] <... futex resumed>) = ? [pid 5047] +++ exited with 0 +++ [pid 5046] +++ exited with 0 +++ [pid 5045] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5045, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.454528][ T28] audit: type=1800 audit(1697944365.267:11): pid=5046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 openat(AT_FDCWD, "./3/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5048 ./strace-static-x86_64: Process 5048 attached [pid 5048] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5048] chdir("./4") = 0 [pid 5048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5048] setpgid(0, 0) = 0 [pid 5048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5048] write(3, "1000", 4) = 4 [pid 5048] close(3) = 0 [pid 5048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5048] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5048] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5049 attached [pid 5049] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5048] <... clone3 resumed> => {parent_tid=[5049]}, 88) = 5049 [pid 5049] <... rseq resumed>) = 0 [pid 5049] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... set_robust_list resumed>) = 0 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], [pid 5048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5049] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] memfd_create("syzkaller", 0 [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5049] <... memfd_create resumed>) = 3 [pid 5049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5049] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5049] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5049] close(3) = 0 [pid 5049] mkdir("./file2", 0777) = 0 [pid 5049] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5049] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5049] chdir("./file2") = 0 [pid 5049] ioctl(4, LOOP_CLR_FD) = 0 [pid 5049] close(4) = 0 [pid 5049] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5049] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5048] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... open resumed>) = 4 [pid 5049] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [ 72.608192][ T5049] loop0: detected capacity change from 0 to 4096 [pid 5049] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5048] <... futex resumed>) = 0 [pid 5049] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5048] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... mmap resumed>) = 0x20000000 [pid 5048] <... futex resumed>) = 0 [pid 5049] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5049] <... futex resumed>) = 0 [pid 5048] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5049] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5050]}, 88) = 5050 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5048] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5050 attached [pid 5050] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5050] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] ftruncate(4, 2) = 0 [pid 5050] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5050] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5048] <... futex resumed>) = 1 [pid 5049] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5048] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... open resumed>) = 5 [pid 5049] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5048] <... futex resumed>) = 0 [pid 5048] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5049] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5048] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5049] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5049] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5048] <... futex resumed>) = 0 [pid 5049] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5048] exit_group(0 [pid 5050] <... futex resumed>) = ? [pid 5049] <... futex resumed>) = ? [pid 5048] <... exit_group resumed>) = ? [pid 5050] +++ exited with 0 +++ [pid 5049] +++ exited with 0 +++ [pid 5048] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5048, si_uid=0, si_status=0, si_utime=0, si_stime=10 /* 0.10 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5051 attached , child_tidptr=0x555556ff8690) = 5051 [pid 5051] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5051] chdir("./5") = 0 [pid 5051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5051] setpgid(0, 0) = 0 [pid 5051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5051] write(3, "1000", 4) = 4 [pid 5051] close(3) = 0 [pid 5051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5051] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5051] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5052 attached => {parent_tid=[5052]}, 88) = 5052 [pid 5052] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] <... rseq resumed>) = 0 [pid 5052] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] <... set_robust_list resumed>) = 0 [pid 5051] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5051] <... futex resumed>) = 0 [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5052] memfd_create("syzkaller", 0) = 3 [pid 5052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5052] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5052] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5052] close(3) = 0 [pid 5052] mkdir("./file2", 0777) = 0 [pid 5052] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5052] chdir("./file2") = 0 [pid 5052] ioctl(4, LOOP_CLR_FD) = 0 [pid 5052] close(4) = 0 [pid 5052] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5051] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... futex resumed>) = 1 [ 72.808248][ T5052] loop0: detected capacity change from 0 to 4096 [pid 5052] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5052] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... futex resumed>) = 0 [pid 5051] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5052] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5051] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] <... futex resumed>) = 0 [pid 5051] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5052] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5053]}, 88) = 5053 ./strace-static-x86_64: Process 5053 attached [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] <... rseq resumed>) = 0 [pid 5051] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] set_robust_list(0x7f8f94b099a0, 24 [pid 5051] <... futex resumed>) = 0 [pid 5053] <... set_robust_list resumed>) = 0 [pid 5051] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5053] ftruncate(4, 2) = 0 [pid 5053] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5053] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5051] <... futex resumed>) = 1 [pid 5051] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5052] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5052] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5051] <... futex resumed>) = 0 [pid 5052] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5051] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5052] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5052] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5051] <... futex resumed>) = 0 [pid 5052] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] exit_group(0 [pid 5053] <... futex resumed>) = ? [pid 5052] <... futex resumed>) = ? [pid 5051] <... exit_group resumed>) = ? [pid 5053] +++ exited with 0 +++ [pid 5052] +++ exited with 0 +++ [pid 5051] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5051, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5054 attached [pid 5054] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5054] chdir("./6") = 0 [pid 5054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5054] setpgid(0, 0) = 0 [pid 5054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5054] write(3, "1000", 4) = 4 [pid 5054] close(3) = 0 [pid 5054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5054] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5054] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5054] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5054 [pid 5054] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5055 attached => {parent_tid=[5055]}, 88) = 5055 [pid 5055] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] <... rseq resumed>) = 0 [pid 5055] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5054] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... set_robust_list resumed>) = 0 [pid 5054] <... futex resumed>) = 0 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5054] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] memfd_create("syzkaller", 0) = 3 [pid 5055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5055] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5055] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5055] close(3) = 0 [pid 5055] mkdir("./file2", 0777) = 0 [pid 5055] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5055] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5055] chdir("./file2") = 0 [pid 5055] ioctl(4, LOOP_CLR_FD) = 0 [pid 5055] close(4) = 0 [pid 5055] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5054] <... futex resumed>) = 0 [pid 5054] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5055] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5054] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5054] <... futex resumed>) = 0 [pid 5055] <... mmap resumed>) = 0x20000000 [pid 5054] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] <... futex resumed>) = 0 [pid 5054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5055] <... futex resumed>) = 0 [pid 5054] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5056 attached => {parent_tid=[5056]}, 88) = 5056 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5054] <... futex resumed>) = 0 [pid 5056] <... rseq resumed>) = 0 [pid 5056] set_robust_list(0x7f8f94b099a0, 24 [pid 5054] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... set_robust_list resumed>) = 0 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5056] ftruncate(4, 2) = 0 [pid 5056] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5056] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 72.986121][ T5055] loop0: detected capacity change from 0 to 4096 [pid 5054] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = 1 [pid 5055] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5054] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... open resumed>) = 5 [pid 5055] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5054] <... futex resumed>) = 0 [pid 5055] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5054] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5054] <... futex resumed>) = 0 [pid 5055] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5054] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5055] <... futex resumed>) = 0 [pid 5054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5054] exit_group(0 [pid 5056] <... futex resumed>) = ? [pid 5054] <... exit_group resumed>) = ? [pid 5055] <... futex resumed>) = ? [pid 5056] +++ exited with 0 +++ [pid 5055] +++ exited with 0 +++ [pid 5054] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5054, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5057 ./strace-static-x86_64: Process 5057 attached [pid 5057] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5057] chdir("./7") = 0 [pid 5057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5057] setpgid(0, 0) = 0 [pid 5057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5057] write(3, "1000", 4) = 4 [pid 5057] close(3) = 0 [pid 5057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5057] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5057] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5058 attached [pid 5058] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5057] <... clone3 resumed> => {parent_tid=[5058]}, 88) = 5058 [pid 5058] <... rseq resumed>) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5058] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] memfd_create("syzkaller", 0 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5058] <... memfd_create resumed>) = 3 [pid 5058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5058] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5058] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5058] close(3) = 0 [pid 5058] mkdir("./file2", 0777) = 0 [pid 5058] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5058] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5058] chdir("./file2") = 0 [pid 5058] ioctl(4, LOOP_CLR_FD) = 0 [pid 5058] close(4) = 0 [pid 5058] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5058] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5058] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5057] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... open resumed>) = 4 [pid 5058] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5058] <... mmap resumed>) = 0x20000000 [pid 5057] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5057] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5058] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... mprotect resumed>) = 0 [pid 5057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5059 attached [pid 5059] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5057] <... clone3 resumed> => {parent_tid=[5059]}, 88) = 5059 [pid 5059] <... rseq resumed>) = 0 [ 73.163043][ T5058] loop0: detected capacity change from 0 to 4096 [pid 5059] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], [pid 5059] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5057] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] <... futex resumed>) = 0 [pid 5059] ftruncate(4, 2) = 0 [pid 5057] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5059] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5057] <... futex resumed>) = 1 [pid 5058] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5057] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] <... open resumed>) = 5 [pid 5058] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5058] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5057] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5057] <... futex resumed>) = 0 [pid 5057] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5058] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5058] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5057] <... futex resumed>) = 0 [pid 5057] exit_group(0) = ? [pid 5059] <... futex resumed>) = ? [pid 5059] +++ exited with 0 +++ [pid 5058] +++ exited with 0 +++ [pid 5057] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5057, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5060 attached [pid 5060] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5060] chdir("./8") = 0 [pid 5060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5060] setpgid(0, 0) = 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5060 [pid 5060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5060] write(3, "1000", 4) = 4 [pid 5060] close(3) = 0 [pid 5060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5060] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5060] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5061 attached => {parent_tid=[5061]}, 88) = 5061 [pid 5061] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5061] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], [pid 5061] rt_sigprocmask(SIG_SETMASK, [], [pid 5060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5061] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5060] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5061] memfd_create("syzkaller", 0) = 3 [pid 5061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5061] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5061] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5061] close(3) = 0 [pid 5061] mkdir("./file2", 0777) = 0 [pid 5061] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5061] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5061] chdir("./file2") = 0 [pid 5061] ioctl(4, LOOP_CLR_FD) = 0 [pid 5061] close(4) = 0 [pid 5061] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5061] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5060] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5061] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5061] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5060] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] <... mmap resumed>) = 0x20000000 [pid 5060] <... futex resumed>) = 0 [pid 5060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5060] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5062 attached [pid 5062] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5062] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... clone3 resumed> => {parent_tid=[5062]}, 88) = 5062 [pid 5062] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5062] ftruncate(4, 2 [pid 5060] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... ftruncate resumed>) = 0 [pid 5062] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5060] <... futex resumed>) = 0 [pid 5062] <... futex resumed>) = 1 [pid 5060] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5061] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5060] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5061] <... open resumed>) = 5 [pid 5061] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5060] <... futex resumed>) = 0 [pid 5060] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5061] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5061] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5060] <... futex resumed>) = 1 [pid 5061] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5060] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [ 73.382463][ T5061] loop0: detected capacity change from 0 to 4096 [pid 5060] exit_group(0 [pid 5062] <... futex resumed>) = ? [pid 5061] <... futex resumed>) = ? [pid 5060] <... exit_group resumed>) = ? [pid 5062] +++ exited with 0 +++ [pid 5061] +++ exited with 0 +++ [pid 5060] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5060, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5063 attached , child_tidptr=0x555556ff8690) = 5063 [pid 5063] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5063] chdir("./9") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5063] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5064]}, 88) = 5064 ./strace-static-x86_64: Process 5064 attached [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] <... rseq resumed>) = 0 [pid 5064] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5064] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5064] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file2", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5064] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file2") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5063] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... open resumed>) = 4 [pid 5064] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... futex resumed>) = 0 [pid 5064] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5063] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... mmap resumed>) = 0x20000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5063] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5065 attached => {parent_tid=[5065]}, 88) = 5065 [pid 5064] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], [pid 5065] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5065] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5063] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 1 [pid 5065] ftruncate(4, 2) = 0 [pid 5063] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = 0 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] <... futex resumed>) = 1 [pid 5065] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 73.564333][ T5064] loop0: detected capacity change from 0 to 4096 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5064] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5064] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] exit_group(0 [pid 5064] <... futex resumed>) = ? [pid 5063] <... exit_group resumed>) = ? [pid 5064] +++ exited with 0 +++ [pid 5065] <... futex resumed>) = ? [pid 5065] +++ exited with 0 +++ [pid 5063] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5063, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x555556ff8690) = 5066 [pid 5066] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5066] chdir("./10") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5066] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5067 attached [pid 5067] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5066] <... clone3 resumed> => {parent_tid=[5067]}, 88) = 5067 [pid 5067] <... rseq resumed>) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... futex resumed>) = 0 [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5066] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5067] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5067] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file2", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5067] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file2") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5066] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5067] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] <... futex resumed>) = 0 [pid 5067] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5066] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... mmap resumed>) = 0x20000000 [pid 5066] <... futex resumed>) = 0 [pid 5067] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... mmap resumed>) = 0x7f8f94ae9000 [ 73.758811][ T5067] loop0: detected capacity change from 0 to 4096 [pid 5067] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5068] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5068] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5068] ftruncate(4, 2) = 0 [pid 5066] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5068] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5068] <... futex resumed>) = 0 [pid 5068] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5066] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5067] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5066] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5066] <... futex resumed>) = 0 [pid 5067] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5066] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] exit_group(0) = ? [pid 5068] <... futex resumed>) = ? [pid 5068] +++ exited with 0 +++ [pid 5067] <... futex resumed>) = ? [pid 5067] +++ exited with 0 +++ [pid 5066] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5066, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5069 ./strace-static-x86_64: Process 5069 attached [pid 5069] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5069] chdir("./11") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5069] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5070 attached => {parent_tid=[5070]}, 88) = 5070 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] <... rseq resumed>) = 0 [pid 5070] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5069] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... set_robust_list resumed>) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5070] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5070] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file2", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5070] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file2") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] <... futex resumed>) = 0 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5069] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... open resumed>) = 4 [pid 5070] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5069] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5070] <... futex resumed>) = 1 [pid 5069] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5070] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5070] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5071 attached [pid 5071] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5069] <... clone3 resumed> => {parent_tid=[5071]}, 88) = 5071 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5070] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 73.968365][ T5070] loop0: detected capacity change from 0 to 4096 [pid 5071] <... rseq resumed>) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5069] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] set_robust_list(0x7f8f94b099a0, 24 [pid 5070] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5069] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5071] ftruncate(4, 2) = 0 [pid 5071] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5069] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... futex resumed>) = 1 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5071] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5070] <... open resumed>) = 5 [pid 5070] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 1 [pid 5069] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5069] <... futex resumed>) = 0 [pid 5070] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5069] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5069] <... futex resumed>) = 0 [pid 5070] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] exit_group(0 [pid 5071] <... futex resumed>) = ? [pid 5070] <... futex resumed>) = ? [pid 5069] <... exit_group resumed>) = ? [pid 5071] +++ exited with 0 +++ [pid 5070] +++ exited with 0 +++ [pid 5069] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5069, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5072] chdir("./12") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5072 [pid 5072] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5072] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5072] <... clone3 resumed> => {parent_tid=[5073]}, 88) = 5073 [pid 5073] <... rseq resumed>) = 0 [pid 5073] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5073] <... set_robust_list resumed>) = 0 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] <... futex resumed>) = 0 [pid 5073] memfd_create("syzkaller", 0 [pid 5072] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5073] <... memfd_create resumed>) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5073] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5073] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file2", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file2") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5072] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... open resumed>) = 4 [pid 5073] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5072] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5072] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5073] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5074 attached [pid 5074] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5072] <... clone3 resumed> => {parent_tid=[5074]}, 88) = 5074 [pid 5074] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] ftruncate(4, 2 [pid 5072] <... futex resumed>) = 0 [pid 5074] <... ftruncate resumed>) = 0 [pid 5072] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5074] <... futex resumed>) = 1 [pid 5072] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5073] <... futex resumed>) = 0 [pid 5072] <... futex resumed>) = 1 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5072] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... open resumed>) = 5 [pid 5073] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5072] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5073] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5072] <... futex resumed>) = 0 [pid 5073] <... futex resumed>) = 1 [pid 5072] exit_group(0 [pid 5074] <... futex resumed>) = ? [pid 5074] +++ exited with 0 +++ [pid 5073] +++ exited with 0 +++ [pid 5072] <... exit_group resumed>) = ? [ 74.161979][ T5073] loop0: detected capacity change from 0 to 4096 [pid 5072] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5072, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5075 attached , child_tidptr=0x555556ff8690) = 5075 [pid 5075] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5075] chdir("./13") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5075] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5076 attached [pid 5076] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5075] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [pid 5076] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], [pid 5076] <... set_robust_list resumed>) = 0 [pid 5075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], [pid 5075] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5076] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5076] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file2", 0777) = 0 [pid 5076] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5076] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file2") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = 1 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5076] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5075] <... futex resumed>) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5076] <... mmap resumed>) = 0x20000000 [pid 5075] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5075] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5076] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5077 attached [pid 5077] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5075] <... clone3 resumed> => {parent_tid=[5077]}, 88) = 5077 [pid 5077] set_robust_list(0x7f8f94b099a0, 24 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5077] <... set_robust_list resumed>) = 0 [pid 5075] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] ftruncate(4, 2) = 0 [ 74.310255][ T5076] loop0: detected capacity change from 0 to 4096 [pid 5077] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = 0 [pid 5077] <... futex resumed>) = 1 [pid 5075] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... futex resumed>) = 1 [pid 5076] <... futex resumed>) = 0 [pid 5075] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5076] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5076] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] exit_group(0 [pid 5077] <... futex resumed>) = ? [pid 5076] <... futex resumed>) = ? [pid 5075] <... exit_group resumed>) = ? [pid 5077] +++ exited with 0 +++ [pid 5076] +++ exited with 0 +++ [pid 5075] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5075, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5078 ./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5078] chdir("./14") = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5078] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5079]}, 88) = 5079 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5079 attached [pid 5079] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5079] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5079] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5079] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file2", 0777) = 0 [pid 5079] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5079] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file2") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 74.512463][ T5079] loop0: detected capacity change from 0 to 4096 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5079] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5078] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] <... futex resumed>) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5079] <... futex resumed>) = 0 [pid 5078] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5079] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5080 attached [pid 5080] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5080] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] <... clone3 resumed> => {parent_tid=[5080]}, 88) = 5080 [pid 5080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5080] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5078] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5080] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5080] ftruncate(4, 2 [pid 5078] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5080] <... ftruncate resumed>) = 0 [pid 5080] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5080] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = 1 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5078] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5078] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5079] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5078] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... futex resumed>) = 0 [pid 5078] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] exit_group(0 [pid 5079] <... futex resumed>) = ? [pid 5078] <... exit_group resumed>) = ? [pid 5080] <... futex resumed>) = ? [pid 5079] +++ exited with 0 +++ [pid 5080] +++ exited with 0 +++ [pid 5078] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5078, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5081] chdir("./15") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5081] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5082]}, 88) = 5082 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5082 attached [pid 5081] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5081] <... futex resumed>) = 0 [pid 5082] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5081] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] <... set_robust_list resumed>) = 0 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5082] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5082] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file2", 0777) = 0 [pid 5082] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file2") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5081] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5082] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5081] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5082] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5083 attached [pid 5082] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5081] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5083] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5082] <... mmap resumed>) = 0x20000000 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5083] <... rseq resumed>) = 0 [pid 5083] set_robust_list(0x7f8f94b099a0, 24 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5083] <... set_robust_list resumed>) = 0 [pid 5081] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] ftruncate(4, 2) = 0 [pid 5083] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5083] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5081] <... futex resumed>) = 1 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5081] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... open resumed>) = 5 [pid 5082] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5082] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] exit_group(0) = ? [pid 5082] <... futex resumed>) = ? [pid 5082] +++ exited with 0 +++ [pid 5083] <... futex resumed>) = ? [ 74.711149][ T5082] loop0: detected capacity change from 0 to 4096 [pid 5083] +++ exited with 0 +++ [pid 5081] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5081, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5084 ./strace-static-x86_64: Process 5084 attached [pid 5084] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5084] chdir("./16") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5084] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5085 attached [pid 5085] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5084] <... clone3 resumed> => {parent_tid=[5085]}, 88) = 5085 [pid 5085] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5084] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] memfd_create("syzkaller", 0 [pid 5084] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... memfd_create resumed>) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5085] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5085] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file2", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file2") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] <... futex resumed>) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5084] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... open resumed>) = 4 [pid 5085] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5085] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5084] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5084] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5085] <... mmap resumed>) = 0x20000000 [pid 5085] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5085] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... mprotect resumed>) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5086 attached [pid 5086] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5084] <... clone3 resumed> => {parent_tid=[5086]}, 88) = 5086 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5086] <... rseq resumed>) = 0 [pid 5086] set_robust_list(0x7f8f94b099a0, 24 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] <... set_robust_list resumed>) = 0 [pid 5084] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] <... futex resumed>) = 0 [pid 5086] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5086] ftruncate(4, 2 [pid 5084] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] <... ftruncate resumed>) = 0 [pid 5086] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [ 74.887960][ T5085] loop0: detected capacity change from 0 to 4096 [pid 5086] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5085] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5085] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] <... futex resumed>) = 0 [pid 5084] exit_group(0 [pid 5086] <... futex resumed>) = ? [pid 5084] <... exit_group resumed>) = ? [pid 5086] +++ exited with 0 +++ [pid 5085] +++ exited with 0 +++ [pid 5084] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5084, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5087 ./strace-static-x86_64: Process 5087 attached [pid 5087] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5087] chdir("./17") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5087] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5087] <... clone3 resumed> => {parent_tid=[5088]}, 88) = 5088 [pid 5088] <... rseq resumed>) = 0 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5088] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] <... set_robust_list resumed>) = 0 [pid 5087] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] <... futex resumed>) = 0 [pid 5088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5087] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5088] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5088] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file2", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5088] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file2") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [pid 5087] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5088] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5087] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5087] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5088] <... mmap resumed>) = 0x20000000 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5088] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5087] <... clone3 resumed> => {parent_tid=[5089]}, 88) = 5089 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5089 attached [pid 5087] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... rseq resumed>) = 0 [pid 5089] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5089] ftruncate(4, 2) = 0 [pid 5089] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5089] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... futex resumed>) = 0 [pid 5087] <... futex resumed>) = 1 [ 75.091776][ T5088] loop0: detected capacity change from 0 to 4096 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5087] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... open resumed>) = 5 [pid 5088] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5088] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5087] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5088] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5087] <... futex resumed>) = 0 [pid 5088] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5087] exit_group(0 [pid 5089] <... futex resumed>) = ? [pid 5088] <... futex resumed>) = ? [pid 5087] <... exit_group resumed>) = ? [pid 5089] +++ exited with 0 +++ [pid 5088] +++ exited with 0 +++ [pid 5087] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5087, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5090 attached , child_tidptr=0x555556ff8690) = 5090 [pid 5090] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5090] chdir("./18") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5090] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5091 attached => {parent_tid=[5091]}, 88) = 5091 [pid 5091] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] <... rseq resumed>) = 0 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5091] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5090] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... set_robust_list resumed>) = 0 [pid 5091] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... futex resumed>) = 0 [pid 5091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5091] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5091] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file2", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5091] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file2") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 1 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5091] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5091] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5092] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5091] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... rseq resumed>) = 0 [pid 5090] <... clone3 resumed> => {parent_tid=[5092]}, 88) = 5092 [pid 5092] set_robust_list(0x7f8f94b099a0, 24 [pid 5091] <... futex resumed>) = 0 [pid 5092] <... set_robust_list resumed>) = 0 [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5092] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5092] ftruncate(4, 2 [pid 5090] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5092] <... ftruncate resumed>) = 0 [pid 5092] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5092] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5090] <... futex resumed>) = 1 [ 75.253565][ T5091] loop0: detected capacity change from 0 to 4096 [pid 5091] <... open resumed>) = 5 [pid 5090] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... futex resumed>) = 1 [pid 5090] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5090] <... futex resumed>) = 0 [pid 5091] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5090] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5090] exit_group(0 [pid 5091] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5092] <... futex resumed>) = ? [pid 5091] <... futex resumed>) = ? [pid 5090] <... exit_group resumed>) = ? [pid 5091] +++ exited with 0 +++ [pid 5092] +++ exited with 0 +++ [pid 5090] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5090, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5093 ./strace-static-x86_64: Process 5093 attached [pid 5093] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5093] chdir("./19") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5093] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5094 attached [pid 5094] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5093] <... clone3 resumed> => {parent_tid=[5094]}, 88) = 5094 [pid 5094] <... rseq resumed>) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5094] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5094] <... set_robust_list resumed>) = 0 [pid 5093] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] <... futex resumed>) = 0 [pid 5094] memfd_create("syzkaller", 0 [pid 5093] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5094] <... memfd_create resumed>) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5094] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5094] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file2", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5094] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file2") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5093] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... open resumed>) = 4 [pid 5094] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5093] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5093] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5094] <... mmap resumed>) = 0x20000000 [pid 5094] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5093] <... mprotect resumed>) = 0 [pid 5094] <... futex resumed>) = 0 [pid 5094] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 75.439875][ T5094] loop0: detected capacity change from 0 to 4096 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5095 attached [pid 5095] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5093] <... clone3 resumed> => {parent_tid=[5095]}, 88) = 5095 [pid 5095] <... rseq resumed>) = 0 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], [pid 5095] set_robust_list(0x7f8f94b099a0, 24 [pid 5093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] <... set_robust_list resumed>) = 0 [pid 5093] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], [pid 5093] <... futex resumed>) = 0 [pid 5095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5095] ftruncate(4, 2 [pid 5093] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5095] <... ftruncate resumed>) = 0 [pid 5095] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5095] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... futex resumed>) = 0 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5094] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5094] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] exit_group(0 [pid 5095] <... futex resumed>) = ? [pid 5093] <... exit_group resumed>) = ? [pid 5095] +++ exited with 0 +++ [pid 5094] <... futex resumed>) = ? [pid 5094] +++ exited with 0 +++ [pid 5093] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5093, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached , child_tidptr=0x555556ff8690) = 5096 [pid 5096] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5096] chdir("./20") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5096] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5097 attached => {parent_tid=[5097]}, 88) = 5097 [pid 5097] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5097] <... rseq resumed>) = 0 [pid 5097] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5096] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5097] <... set_robust_list resumed>) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5097] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5097] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file2", 0777) = 0 [pid 5097] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5097] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file2") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5096] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... open resumed>) = 4 [pid 5097] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5096] <... futex resumed>) = 0 [pid 5097] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5096] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5097] <... mmap resumed>) = 0x20000000 [pid 5096] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5096] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5097] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] <... mprotect resumed>) = 0 [pid 5097] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5098]}, 88) = 5098 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5098] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5098] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 75.642844][ T5097] loop0: detected capacity change from 0 to 4096 [pid 5096] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5098] ftruncate(4, 2) = 0 [pid 5096] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5098] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5098] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5097] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5096] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... open resumed>) = 5 [pid 5097] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5096] <... futex resumed>) = 0 [pid 5097] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5096] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] exit_group(0 [pid 5097] <... futex resumed>) = ? [pid 5096] <... exit_group resumed>) = ? [pid 5098] <... futex resumed>) = ? [pid 5097] +++ exited with 0 +++ [pid 5098] +++ exited with 0 +++ [pid 5096] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5096, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5099 ./strace-static-x86_64: Process 5099 attached [pid 5099] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5099] chdir("./21") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5099] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5100]}, 88) = 5100 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5100 attached ) = 0 [pid 5100] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5099] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5100] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5100] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file2", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5100] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file2") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5099] <... futex resumed>) = 0 [ 75.839920][ T5100] loop0: detected capacity change from 0 to 4096 [pid 5099] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... open resumed>) = 4 [pid 5100] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5099] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5100] <... mmap resumed>) = 0x20000000 [pid 5099] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] <... futex resumed>) = 0 [pid 5100] <... futex resumed>) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5100] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5099] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5101 attached => {parent_tid=[5101]}, 88) = 5101 [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5101] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5099] <... futex resumed>) = 0 [pid 5101] <... rseq resumed>) = 0 [pid 5101] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], [pid 5099] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5101] ftruncate(4, 2) = 0 [pid 5101] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5101] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5100] <... futex resumed>) = 0 [pid 5099] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5100] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5099] <... futex resumed>) = 0 [pid 5100] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5099] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5100] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] exit_group(0 [pid 5101] <... futex resumed>) = ? [pid 5100] <... futex resumed>) = ? [pid 5099] <... exit_group resumed>) = ? [pid 5101] +++ exited with 0 +++ [pid 5100] +++ exited with 0 +++ [pid 5099] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5099, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5102] chdir("./22" [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5102 [pid 5102] <... chdir resumed>) = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5102] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5103 attached => {parent_tid=[5103]}, 88) = 5103 [pid 5103] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... rseq resumed>) = 0 [pid 5103] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5102] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5102] <... futex resumed>) = 0 [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5103] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5103] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file2", 0777) = 0 [pid 5103] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5103] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file2") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5102] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... open resumed>) = 4 [pid 5103] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5103] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5102] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5103] <... mmap resumed>) = 0x20000000 [pid 5103] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... mprotect resumed>) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5104 attached [pid 5104] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5104] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... clone3 resumed> => {parent_tid=[5104]}, 88) = 5104 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5102] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5104] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5104] ftruncate(4, 2 [pid 5102] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] <... ftruncate resumed>) = 0 [pid 5104] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5104] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [pid 5102] <... futex resumed>) = 1 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5103] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5102] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... futex resumed>) = 0 [ 76.042804][ T5103] loop0: detected capacity change from 0 to 4096 [pid 5102] <... futex resumed>) = 1 [pid 5103] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5102] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5103] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5102] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5103] <... futex resumed>) = 0 [pid 5102] exit_group(0 [pid 5103] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5104] <... futex resumed>) = ? [pid 5102] <... exit_group resumed>) = ? [pid 5103] +++ exited with 0 +++ [pid 5104] +++ exited with 0 +++ [pid 5102] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5102, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5105] chdir("./23") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5105] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5106 attached => {parent_tid=[5106]}, 88) = 5106 [pid 5106] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] <... rseq resumed>) = 0 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5105] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5106] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5106] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file2", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5106] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file2") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5105] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 4 [pid 5106] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] <... futex resumed>) = 0 [pid 5106] <... futex resumed>) = 1 [pid 5105] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5105] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5106] <... mmap resumed>) = 0x20000000 [ 76.232922][ T5106] loop0: detected capacity change from 0 to 4096 [pid 5106] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5106] <... futex resumed>) = 0 [pid 5105] <... mprotect resumed>) = 0 [pid 5106] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5107] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... clone3 resumed> => {parent_tid=[5107]}, 88) = 5107 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5105] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5107] ftruncate(4, 2 [pid 5105] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5107] <... ftruncate resumed>) = 0 [pid 5107] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5107] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5105] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 5 [pid 5106] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5105] <... futex resumed>) = 0 [pid 5106] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5105] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... futex resumed>) = 0 [pid 5106] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5105] exit_group(0 [pid 5107] <... futex resumed>) = ? [pid 5106] <... futex resumed>) = ? [pid 5107] +++ exited with 0 +++ [pid 5106] +++ exited with 0 +++ [pid 5105] <... exit_group resumed>) = ? [pid 5105] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5105, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5108 ./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5108] chdir("./24") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5108] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5109 attached [pid 5109] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5109] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5109] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... clone3 resumed> => {parent_tid=[5109]}, 88) = 5109 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5108] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5109] memfd_create("syzkaller", 0 [pid 5108] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] <... memfd_create resumed>) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5109] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5109] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file2", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5109] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file2") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5109] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5108] <... futex resumed>) = 0 [pid 5109] <... mmap resumed>) = 0x20000000 [pid 5109] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... futex resumed>) = 0 [pid 5108] <... futex resumed>) = 1 [pid 5109] ftruncate(4, 2 [pid 5108] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... ftruncate resumed>) = 0 [pid 5109] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 76.436804][ T5109] loop0: detected capacity change from 0 to 4096 [pid 5108] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... open resumed>) = 5 [pid 5109] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5108] <... futex resumed>) = 0 [pid 5109] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5108] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] exit_group(0 [pid 5109] <... futex resumed>) = ? [pid 5108] <... exit_group resumed>) = ? [pid 5109] +++ exited with 0 +++ [pid 5108] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5108, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5110 attached , child_tidptr=0x555556ff8690) = 5110 [pid 5110] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5110] chdir("./25") = 0 [pid 5110] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5110] setpgid(0, 0) = 0 [pid 5110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5110] write(3, "1000", 4) = 4 [pid 5110] close(3) = 0 [pid 5110] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5110] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5110] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5111 attached [pid 5111] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5111] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] <... clone3 resumed> => {parent_tid=[5111]}, 88) = 5111 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5110] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5110] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5111] memfd_create("syzkaller", 0) = 3 [pid 5111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5111] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5111] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5111] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5111] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5111] close(3) = 0 [pid 5111] mkdir("./file2", 0777) = 0 [pid 5111] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5111] chdir("./file2") = 0 [pid 5111] ioctl(4, LOOP_CLR_FD) = 0 [pid 5111] close(4) = 0 [pid 5111] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5110] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... open resumed>) = 4 [pid 5111] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5111] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5110] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5111] <... mmap resumed>) = 0x20000000 [pid 5110] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5111] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5112 attached [pid 5112] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5110] <... clone3 resumed> => {parent_tid=[5112]}, 88) = 5112 [ 76.632721][ T5111] loop0: detected capacity change from 0 to 4096 [pid 5112] <... rseq resumed>) = 0 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] set_robust_list(0x7f8f94b099a0, 24 [pid 5110] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... set_robust_list resumed>) = 0 [pid 5110] <... futex resumed>) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5112] ftruncate(4, 2) = 0 [pid 5112] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5112] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5110] <... futex resumed>) = 1 [pid 5111] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5110] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... open resumed>) = 5 [pid 5111] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5110] <... futex resumed>) = 0 [pid 5111] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5110] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5111] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5111] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5110] <... futex resumed>) = 0 [pid 5111] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5110] exit_group(0 [pid 5112] <... futex resumed>) = ? [pid 5111] <... futex resumed>) = ? [pid 5110] <... exit_group resumed>) = ? [pid 5111] +++ exited with 0 +++ [pid 5112] +++ exited with 0 +++ [pid 5110] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5110, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5113 attached , child_tidptr=0x555556ff8690) = 5113 [pid 5113] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5113] chdir("./26") = 0 [pid 5113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5113] setpgid(0, 0) = 0 [pid 5113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5113] write(3, "1000", 4) = 4 [pid 5113] close(3) = 0 [pid 5113] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5113] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5113] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5113] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5114 attached => {parent_tid=[5114]}, 88) = 5114 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5114] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5114] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 0 [pid 5113] <... futex resumed>) = 1 [pid 5114] memfd_create("syzkaller", 0) = 3 [pid 5114] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5113] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5114] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5114] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5114] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5114] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5114] close(3) = 0 [pid 5114] mkdir("./file2", 0777) = 0 [pid 5114] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5114] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5114] chdir("./file2") = 0 [pid 5114] ioctl(4, LOOP_CLR_FD) = 0 [pid 5114] close(4) = 0 [pid 5114] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5113] <... futex resumed>) = 0 [ 76.826594][ T5114] loop0: detected capacity change from 0 to 4096 [pid 5113] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... open resumed>) = 4 [pid 5114] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5113] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5113] <... futex resumed>) = 0 [pid 5114] <... mmap resumed>) = 0x20000000 [pid 5114] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5113] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5113] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5115 attached => {parent_tid=[5115]}, 88) = 5115 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5113] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5113] <... futex resumed>) = 0 [pid 5115] <... rseq resumed>) = 0 [pid 5115] set_robust_list(0x7f8f94b099a0, 24 [pid 5113] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... set_robust_list resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5115] ftruncate(4, 2) = 0 [pid 5115] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5115] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 76.876311][ T28] kauditd_printk_skb: 68 callbacks suppressed [ 76.876327][ T28] audit: type=1800 audit(1697944369.697:80): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 76.905281][ T28] audit: type=1800 audit(1697944369.727:81): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5113] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... open resumed>) = 5 [pid 5114] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5113] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5114] <... futex resumed>) = 1 [pid 5113] <... futex resumed>) = 0 [pid 5114] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5113] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5114] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5114] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5113] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5113] exit_group(0 [pid 5114] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5115] <... futex resumed>) = ? [pid 5114] <... futex resumed>) = ? [pid 5113] <... exit_group resumed>) = ? [pid 5115] +++ exited with 0 +++ [pid 5114] +++ exited with 0 +++ [pid 5113] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5113, si_uid=0, si_status=0, si_utime=2 /* 0.02 s */, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 [ 76.935553][ T28] audit: type=1800 audit(1697944369.757:82): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 close(4) = 0 rmdir("./26/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5116 ./strace-static-x86_64: Process 5116 attached [pid 5116] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5116] chdir("./27") = 0 [pid 5116] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5116] setpgid(0, 0) = 0 [pid 5116] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5116] write(3, "1000", 4) = 4 [pid 5116] close(3) = 0 [pid 5116] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5116] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5116] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5116] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5117]}, 88) = 5117 ./strace-static-x86_64: Process 5117 attached [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5116] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5117] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5117] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5117] memfd_create("syzkaller", 0) = 3 [pid 5117] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5117] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5117] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5117] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5117] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5117] close(3) = 0 [pid 5117] mkdir("./file2", 0777) = 0 [pid 5117] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5117] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5117] chdir("./file2") = 0 [pid 5117] ioctl(4, LOOP_CLR_FD) = 0 [pid 5117] close(4) = 0 [pid 5117] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] <... open resumed>) = 4 [ 77.079600][ T5117] loop0: detected capacity change from 0 to 4096 [pid 5117] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5117] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5116] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... mmap resumed>) = 0x20000000 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5117] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5116] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5116] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5116] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5118 attached => {parent_tid=[5118]}, 88) = 5118 [pid 5118] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], [pid 5118] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] ftruncate(4, 2) = 0 [pid 5118] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... futex resumed>) = 1 [pid 5118] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [ 77.128101][ T28] audit: type=1800 audit(1697944369.947:83): pid=5117 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 77.158364][ T28] audit: type=1800 audit(1697944369.967:84): pid=5117 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5117] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5116] <... futex resumed>) = 0 [pid 5116] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5116] <... futex resumed>) = 0 [pid 5117] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5116] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5117] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5117] <... futex resumed>) = 0 [pid 5116] exit_group(0 [pid 5117] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5116] <... exit_group resumed>) = ? [pid 5117] <... futex resumed>) = ? [pid 5118] <... futex resumed>) = ? [pid 5117] +++ exited with 0 +++ [pid 5118] +++ exited with 0 +++ [pid 5116] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5116, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 [ 77.178626][ T28] audit: type=1800 audit(1697944369.997:85): pid=5117 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5119 attached , child_tidptr=0x555556ff8690) = 5119 [pid 5119] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5119] chdir("./28") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5119] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5120] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5120] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... clone3 resumed> => {parent_tid=[5120]}, 88) = 5120 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = 0 [pid 5119] <... futex resumed>) = 1 [pid 5120] memfd_create("syzkaller", 0 [pid 5119] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] <... memfd_create resumed>) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5120] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5120] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file2", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5120] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file2") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5120] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5119] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] <... open resumed>) = 4 [pid 5120] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5119] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [ 77.296926][ T5120] loop0: detected capacity change from 0 to 4096 [pid 5120] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5119] <... futex resumed>) = 0 [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5119] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5120] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... clone3 resumed> => {parent_tid=[5121]}, 88) = 5121 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5121 attached [pid 5121] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5121] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5121] ftruncate(4, 2) = 0 [pid 5121] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5121] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5119] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5120] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5119] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] exit_group(0 [pid 5121] <... futex resumed>) = ? [ 77.342078][ T28] audit: type=1800 audit(1697944370.157:86): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 77.362549][ T28] audit: type=1800 audit(1697944370.157:87): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5120] <... futex resumed>) = ? [pid 5119] <... exit_group resumed>) = ? [pid 5121] +++ exited with 0 +++ [pid 5120] +++ exited with 0 +++ [pid 5119] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5119, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5122 attached , child_tidptr=0x555556ff8690) = 5122 [pid 5122] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5122] chdir("./29") = 0 [ 77.385270][ T28] audit: type=1800 audit(1697944370.177:88): pid=5120 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5122] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5123]}, 88) = 5123 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5123 attached ) = 0 [pid 5123] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5122] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... rseq resumed>) = 0 [pid 5123] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] memfd_create("syzkaller", 0) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5123] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5123] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file2", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5123] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file2") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5123] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5122] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 4 [pid 5123] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5123] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [ 77.511243][ T5123] loop0: detected capacity change from 0 to 4096 [pid 5122] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5123] <... mmap resumed>) = 0x20000000 [pid 5122] <... mprotect resumed>) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5124]}, 88) = 5124 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5124 attached NULL, 8) = 0 [pid 5124] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5122] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5124] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5123] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] ftruncate(4, 2) = 0 [pid 5124] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5124] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5122] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... open resumed>) = 5 [pid 5123] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5122] <... futex resumed>) = 0 [pid 5123] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5122] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5123] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5122] <... futex resumed>) = 0 [pid 5123] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] exit_group(0 [pid 5123] <... futex resumed>) = ? [pid 5122] <... exit_group resumed>) = ? [pid 5124] <... futex resumed>) = ? [pid 5123] +++ exited with 0 +++ [pid 5124] +++ exited with 0 +++ [pid 5122] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5122, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 77.565824][ T28] audit: type=1800 audit(1697944370.377:89): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./29/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5125 ./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5125] chdir("./30") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5125] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5126 attached [pid 5126] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5125] <... clone3 resumed> => {parent_tid=[5126]}, 88) = 5126 [pid 5126] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5126] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] memfd_create("syzkaller", 0 [pid 5125] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] <... memfd_create resumed>) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5126] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5126] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file2", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5126] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file2") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5126] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5126] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5126] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5127 attached [pid 5127] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5125] <... clone3 resumed> => {parent_tid=[5127]}, 88) = 5127 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5127] <... rseq resumed>) = 0 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 77.710676][ T5126] loop0: detected capacity change from 0 to 4096 [pid 5127] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5127] <... futex resumed>) = 0 [pid 5127] ftruncate(4, 2) = 0 [pid 5127] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5127] <... futex resumed>) = 1 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5127] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] <... open resumed>) = 5 [pid 5126] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = 0 [pid 5126] <... futex resumed>) = 1 [pid 5125] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5125] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5125] exit_group(0) = ? [pid 5126] +++ exited with 0 +++ [pid 5127] <... futex resumed>) = ? [pid 5127] +++ exited with 0 +++ [pid 5125] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5125, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5128 ./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5128] chdir("./31") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5128] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5128] <... clone3 resumed> => {parent_tid=[5129]}, 88) = 5129 [pid 5129] <... rseq resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5129] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] <... futex resumed>) = 0 [pid 5129] memfd_create("syzkaller", 0 [pid 5128] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5129] <... memfd_create resumed>) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5129] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5129] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file2", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5129] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file2") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [pid 5129] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5129] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 77.901035][ T5129] loop0: detected capacity change from 0 to 4096 [pid 5129] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5129] <... mmap resumed>) = 0x20000000 [pid 5128] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5128] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5130 attached [pid 5129] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5128] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] <... rseq resumed>) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] set_robust_list(0x7f8f94b099a0, 24 [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] <... set_robust_list resumed>) = 0 [pid 5128] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... futex resumed>) = 0 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5130] ftruncate(4, 2) = 0 [pid 5129] <... futex resumed>) = 0 [pid 5130] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5130] <... futex resumed>) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5130] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5129] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5129] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] <... futex resumed>) = 0 [pid 5129] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5128] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5129] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] exit_group(0 [pid 5129] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... exit_group resumed>) = ? [pid 5130] <... futex resumed>) = ? [pid 5129] <... futex resumed>) = ? [pid 5130] +++ exited with 0 +++ [pid 5129] +++ exited with 0 +++ [pid 5128] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5128, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5131] chdir("./32") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5131] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5132 attached [pid 5132] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5132] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5131] <... clone3 resumed> => {parent_tid=[5132]}, 88) = 5132 [pid 5132] <... set_robust_list resumed>) = 0 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] rt_sigprocmask(SIG_SETMASK, [], [pid 5131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5132] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5132] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file2", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5132] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file2") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5131] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 4 [pid 5132] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5131] <... futex resumed>) = 0 [pid 5132] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5131] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... mmap resumed>) = 0x20000000 [pid 5131] <... futex resumed>) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5131] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5132] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5132] <... futex resumed>) = 0 [pid 5131] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5132] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5133 attached => {parent_tid=[5133]}, 88) = 5133 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], [pid 5133] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5133] <... rseq resumed>) = 0 [pid 5133] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] <... futex resumed>) = 0 [pid 5133] ftruncate(4, 2) = 0 [pid 5131] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5133] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5133] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5131] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5132] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] <... futex resumed>) = 0 [pid 5132] <... futex resumed>) = 1 [pid 5131] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5131] <... futex resumed>) = 0 [pid 5132] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5131] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 78.102799][ T5132] loop0: detected capacity change from 0 to 4096 [pid 5132] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] exit_group(0) = ? [pid 5133] <... futex resumed>) = ? [pid 5133] +++ exited with 0 +++ [pid 5132] <... futex resumed>) = ? [pid 5132] +++ exited with 0 +++ [pid 5131] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5131, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5134] chdir("./33") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5134] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5135 attached => {parent_tid=[5135]}, 88) = 5135 [pid 5135] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5135] <... rseq resumed>) = 0 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5135] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5134] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... set_robust_list resumed>) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] <... futex resumed>) = 0 [pid 5135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5135] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5135] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file2", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5135] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file2") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5135] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] <... futex resumed>) = 0 [pid 5135] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5134] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5134] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5134] <... mprotect resumed>) = 0 [pid 5135] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5136 attached [pid 5136] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5136]}, 88) = 5136 [pid 5136] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f8f94b099a0, 24 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] <... set_robust_list resumed>) = 0 [pid 5134] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5136] ftruncate(4, 2) = 0 [pid 5136] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5136] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... futex resumed>) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5134] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... open resumed>) = 5 [pid 5135] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5134] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5135] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5135] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5134] <... futex resumed>) = 1 [pid 5135] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5134] exit_group(0 [pid 5135] <... futex resumed>) = ? [pid 5134] <... exit_group resumed>) = ? [pid 5136] <... futex resumed>) = ? [pid 5135] +++ exited with 0 +++ [pid 5136] +++ exited with 0 +++ [pid 5134] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5134, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 78.294978][ T5135] loop0: detected capacity change from 0 to 4096 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x555556ff8690) = 5137 [pid 5137] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5137] chdir("./34") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5137] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5138 attached [pid 5138] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5137] <... clone3 resumed> => {parent_tid=[5138]}, 88) = 5138 [pid 5138] <... rseq resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] <... set_robust_list resumed>) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] memfd_create("syzkaller", 0) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5138] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5138] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file2", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5138] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file2") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5138] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5138] <... futex resumed>) = 1 [pid 5137] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5138] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5137] <... mprotect resumed>) = 0 [pid 5138] <... mmap resumed>) = 0x20000000 [ 78.478736][ T5138] loop0: detected capacity change from 0 to 4096 [pid 5138] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5138] <... futex resumed>) = 0 [pid 5137] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5138] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5139 attached [pid 5139] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5137] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5139] <... rseq resumed>) = 0 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5139] set_robust_list(0x7f8f94b099a0, 24 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5139] <... set_robust_list resumed>) = 0 [pid 5137] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5139] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] <... futex resumed>) = 0 [pid 5139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5139] ftruncate(4, 2) = 0 [pid 5139] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5137] <... futex resumed>) = 0 [pid 5139] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... futex resumed>) = 0 [pid 5137] <... futex resumed>) = 1 [pid 5138] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5137] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... open resumed>) = 5 [pid 5138] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5138] <... futex resumed>) = 0 [pid 5138] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5137] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5138] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5137] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5137] exit_group(0 [pid 5139] <... futex resumed>) = ? [pid 5139] +++ exited with 0 +++ [pid 5138] <... futex resumed>) = ? [pid 5137] <... exit_group resumed>) = ? [pid 5138] +++ exited with 0 +++ [pid 5137] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5137, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached [pid 5140] set_robust_list(0x555556ff86a0, 24 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5140 [pid 5140] <... set_robust_list resumed>) = 0 [pid 5140] chdir("./35") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5140] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5141] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... clone3 resumed> => {parent_tid=[5141]}, 88) = 5141 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] <... memfd_create resumed>) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5141] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5141] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file2", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5141] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file2") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5141] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5140] <... futex resumed>) = 0 [pid 5141] <... mmap resumed>) = 0x20000000 [pid 5140] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5141] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5141] <... futex resumed>) = 0 [pid 5140] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5141] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... mprotect resumed>) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5142 attached [pid 5142] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5140] <... clone3 resumed> => {parent_tid=[5142]}, 88) = 5142 [pid 5142] <... rseq resumed>) = 0 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] set_robust_list(0x7f8f94b099a0, 24 [pid 5140] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] <... set_robust_list resumed>) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] ftruncate(4, 2) = 0 [pid 5142] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5142] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5140] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5140] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... open resumed>) = 5 [pid 5141] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... futex resumed>) = 0 [pid 5141] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5141] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5141] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] exit_group(0 [pid 5142] <... futex resumed>) = ? [pid 5141] <... futex resumed>) = ? [pid 5140] <... exit_group resumed>) = ? [pid 5142] +++ exited with 0 +++ [pid 5141] +++ exited with 0 +++ [pid 5140] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5140, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 78.675764][ T5141] loop0: detected capacity change from 0 to 4096 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5143 attached , child_tidptr=0x555556ff8690) = 5143 [pid 5143] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5143] chdir("./36") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5143] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5144]}, 88) = 5144 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5144 attached [pid 5144] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5144] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5144] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5144] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file2", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5144] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file2") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5143] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... open resumed>) = 4 [pid 5144] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5143] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5143] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5144] <... mmap resumed>) = 0x20000000 [pid 5143] <... mprotect resumed>) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5144] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5145 attached [pid 5145] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5145] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 78.870898][ T5144] loop0: detected capacity change from 0 to 4096 [pid 5145] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... clone3 resumed> => {parent_tid=[5145]}, 88) = 5145 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5145] <... futex resumed>) = 0 [pid 5143] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5145] ftruncate(4, 2) = 0 [pid 5145] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5145] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5143] <... futex resumed>) = 1 [pid 5143] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5144] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... futex resumed>) = 0 [pid 5144] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5143] <... futex resumed>) = 1 [pid 5144] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5143] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] exit_group(0 [pid 5145] <... futex resumed>) = ? [pid 5144] <... futex resumed>) = ? [pid 5143] <... exit_group resumed>) = ? [pid 5145] +++ exited with 0 +++ [pid 5144] +++ exited with 0 +++ [pid 5143] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5143, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x555556ff86a0, 24 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5146 [pid 5146] <... set_robust_list resumed>) = 0 [pid 5146] chdir("./37") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5146] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5147 attached => {parent_tid=[5147]}, 88) = 5147 [pid 5147] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5147] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5147] <... set_robust_list resumed>) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], [pid 5146] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] <... futex resumed>) = 0 [pid 5147] memfd_create("syzkaller", 0 [pid 5146] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] <... memfd_create resumed>) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5147] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5147] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file2", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5147] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file2") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5146] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 4 [pid 5147] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5146] <... futex resumed>) = 0 [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5146] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5147] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5146] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5148 attached [pid 5148] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5146] <... clone3 resumed> => {parent_tid=[5148]}, 88) = 5148 [pid 5148] <... rseq resumed>) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5146] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] ftruncate(4, 2 [pid 5146] <... futex resumed>) = 0 [pid 5148] <... ftruncate resumed>) = 0 [pid 5146] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 79.063451][ T5147] loop0: detected capacity change from 0 to 4096 [pid 5148] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5148] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5146] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 5 [pid 5147] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = 0 [pid 5147] <... futex resumed>) = 1 [pid 5146] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5146] <... futex resumed>) = 0 [pid 5147] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5146] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5147] <... futex resumed>) = 0 [pid 5146] exit_group(0) = ? [pid 5148] <... futex resumed>) = ? [pid 5147] +++ exited with 0 +++ [pid 5148] +++ exited with 0 +++ [pid 5146] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5146, si_uid=0, si_status=0, si_utime=0, si_stime=9 /* 0.09 s */} --- umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5149 ./strace-static-x86_64: Process 5149 attached [pid 5149] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5149] chdir("./38") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5149] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5150 attached => {parent_tid=[5150]}, 88) = 5150 [pid 5150] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5149] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] <... rseq resumed>) = 0 [pid 5150] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5150] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5150] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file2", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5150] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file2") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5149] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5149] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... open resumed>) = 4 [pid 5150] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] <... futex resumed>) = 1 [pid 5149] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5150] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5149] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5149] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5149] <... mprotect resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5150] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5151 attached [pid 5151] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5151]}, 88) = 5151 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] <... rseq resumed>) = 0 [pid 5149] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] set_robust_list(0x7f8f94b099a0, 24 [pid 5149] <... futex resumed>) = 0 [pid 5151] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5151] ftruncate(4, 2) = 0 [ 79.253163][ T5150] loop0: detected capacity change from 0 to 4096 [pid 5151] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] <... futex resumed>) = 0 [pid 5151] <... futex resumed>) = 1 [pid 5149] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] <... futex resumed>) = 0 [pid 5151] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5150] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5149] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5150] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5150] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = 0 [pid 5149] exit_group(0 [pid 5150] <... futex resumed>) = ? [pid 5151] <... futex resumed>) = ? [pid 5149] <... exit_group resumed>) = ? [pid 5150] +++ exited with 0 +++ [pid 5151] +++ exited with 0 +++ [pid 5149] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5149, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=6 /* 0.06 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached , child_tidptr=0x555556ff8690) = 5152 [pid 5152] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5152] chdir("./39") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5152] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5152] <... clone3 resumed> => {parent_tid=[5153]}, 88) = 5153 [pid 5153] <... rseq resumed>) = 0 [pid 5153] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] <... set_robust_list resumed>) = 0 [pid 5152] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5153] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5153] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file2", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file2") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5153] <... futex resumed>) = 0 [pid 5152] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5153] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5152] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5153] <... mmap resumed>) = 0x20000000 [pid 5152] <... mprotect resumed>) = 0 [pid 5153] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5154 attached => {parent_tid=[5154]}, 88) = 5154 [pid 5153] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5154] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] <... rseq resumed>) = 0 [ 79.460395][ T5153] loop0: detected capacity change from 0 to 4096 [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5152] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] <... futex resumed>) = 0 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] ftruncate(4, 2) = 0 [pid 5154] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = 0 [pid 5152] <... futex resumed>) = 1 [pid 5154] <... futex resumed>) = 1 [pid 5153] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5152] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5153] <... open resumed>) = 5 [pid 5153] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5152] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] <... futex resumed>) = 0 [pid 5152] exit_group(0 [pid 5153] ???( [pid 5154] <... futex resumed>) = ? [pid 5153] <... ??? resumed>) = ? [pid 5152] <... exit_group resumed>) = ? [pid 5154] +++ exited with 0 +++ [pid 5153] +++ exited with 0 +++ [pid 5152] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5152, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5155 attached , child_tidptr=0x555556ff8690) = 5155 [pid 5155] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5155] chdir("./40") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5155] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5156 attached [pid 5156] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5155] <... clone3 resumed> => {parent_tid=[5156]}, 88) = 5156 [pid 5156] <... rseq resumed>) = 0 [pid 5156] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... set_robust_list resumed>) = 0 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5156] memfd_create("syzkaller", 0 [pid 5155] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5156] <... memfd_create resumed>) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5156] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5156] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file2", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5156] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file2") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 1 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5156] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5156] <... futex resumed>) = 1 [pid 5156] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5155] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5156] <... mmap resumed>) = 0x20000000 [pid 5155] <... mprotect resumed>) = 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5157]}, 88) = 5157 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5155] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5157] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5157] ftruncate(4, 2) = 0 [pid 5157] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5157] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... futex resumed>) = 0 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5156] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5156] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [ 79.633994][ T5156] loop0: detected capacity change from 0 to 4096 [pid 5155] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5156] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] <... futex resumed>) = 0 [pid 5156] <... futex resumed>) = 1 [pid 5155] exit_group(0 [pid 5156] ???( [pid 5155] <... exit_group resumed>) = ? [pid 5156] <... ??? resumed>) = ? [pid 5157] <... futex resumed>) = ? [pid 5157] +++ exited with 0 +++ [pid 5156] +++ exited with 0 +++ [pid 5155] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5155, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5158] chdir("./41") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5158] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5159]}, 88) = 5159 ./strace-static-x86_64: Process 5159 attached [pid 5159] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] <... rseq resumed>) = 0 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5158] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5159] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5159] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file2", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5159] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file2") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = 0 [pid 5159] <... futex resumed>) = 1 [pid 5158] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... open resumed>) = 4 [pid 5159] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] <... futex resumed>) = 0 [pid 5159] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5158] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... mmap resumed>) = 0x20000000 [pid 5158] <... futex resumed>) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5158] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5159] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... clone3 resumed> => {parent_tid=[5160]}, 88) = 5160 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5160 attached [pid 5160] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5160] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5160] ftruncate(4, 2) = 0 [pid 5160] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5158] <... futex resumed>) = 1 [pid 5159] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5158] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... open resumed>) = 5 [ 79.832772][ T5159] loop0: detected capacity change from 0 to 4096 [pid 5159] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5159] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5158] <... futex resumed>) = 0 [pid 5159] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5158] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5158] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5159] <... futex resumed>) = 0 [pid 5158] exit_group(0 [pid 5159] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5158] <... exit_group resumed>) = ? [pid 5159] +++ exited with 0 +++ [pid 5160] <... futex resumed>) = ? [pid 5160] +++ exited with 0 +++ [pid 5158] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5158, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5161 ./strace-static-x86_64: Process 5161 attached [pid 5161] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5161] chdir("./42") = 0 [pid 5161] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5161] setpgid(0, 0) = 0 [pid 5161] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5161] write(3, "1000", 4) = 4 [pid 5161] close(3) = 0 [pid 5161] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5161] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5161] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5161] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5162]}, 88) = 5162 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5162 attached [pid 5162] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5162] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] memfd_create("syzkaller", 0) = 3 [pid 5162] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5162] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5162] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5162] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5162] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5162] close(3) = 0 [pid 5162] mkdir("./file2", 0777) = 0 [pid 5162] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5162] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5162] chdir("./file2") = 0 [pid 5162] ioctl(4, LOOP_CLR_FD) = 0 [pid 5162] close(4) = 0 [pid 5162] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5162] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5161] <... futex resumed>) = 0 [pid 5162] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5161] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... open resumed>) = 4 [pid 5162] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5161] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5161] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5161] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5163 attached [pid 5163] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5161] <... clone3 resumed> => {parent_tid=[5163]}, 88) = 5163 [pid 5163] <... rseq resumed>) = 0 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], [pid 5163] set_robust_list(0x7f8f94b099a0, 24 [pid 5161] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5163] <... set_robust_list resumed>) = 0 [pid 5161] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], [pid 5161] <... futex resumed>) = 0 [pid 5163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5161] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 80.017578][ T5162] loop0: detected capacity change from 0 to 4096 [pid 5163] ftruncate(4, 2) = 0 [pid 5162] <... futex resumed>) = 1 [pid 5163] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5162] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5163] <... futex resumed>) = 1 [pid 5161] <... futex resumed>) = 0 [pid 5161] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] open("", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5161] <... futex resumed>) = 0 [pid 5163] <... open resumed>) = -1 ENOENT (No such file or directory) [pid 5161] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5163] <... futex resumed>) = 0 [pid 5161] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5163] ioctl(-1, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5161] <... futex resumed>) = 0 [pid 5163] <... ioctl resumed>) = -1 EBADF (Bad file descriptor) [pid 5161] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5163] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5162] <... mmap resumed>) = 0x20000000 [pid 5161] <... futex resumed>) = 0 [pid 5163] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5162] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5162] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5161] exit_group(0 [pid 5163] <... futex resumed>) = ? [pid 5162] <... futex resumed>) = ? [pid 5161] <... exit_group resumed>) = ? [pid 5163] +++ exited with 0 +++ [pid 5162] +++ exited with 0 +++ [pid 5161] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5161, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5164 ./strace-static-x86_64: Process 5164 attached [pid 5164] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5164] chdir("./43") = 0 [pid 5164] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5164] setpgid(0, 0) = 0 [pid 5164] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5164] write(3, "1000", 4) = 4 [pid 5164] close(3) = 0 [pid 5164] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5164] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5164] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5164] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5165 attached [pid 5165] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5164] <... clone3 resumed> => {parent_tid=[5165]}, 88) = 5165 [pid 5165] <... rseq resumed>) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5165] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5164] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] <... futex resumed>) = 0 [pid 5165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5164] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5165] memfd_create("syzkaller", 0) = 3 [pid 5165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5165] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5165] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5165] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5165] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5165] close(3) = 0 [pid 5165] mkdir("./file2", 0777) = 0 [pid 5165] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5165] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5165] chdir("./file2") = 0 [pid 5165] ioctl(4, LOOP_CLR_FD) = 0 [pid 5165] close(4) = 0 [pid 5165] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 1 [pid 5165] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5165] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] <... futex resumed>) = 1 [pid 5164] <... futex resumed>) = 0 [pid 5165] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5164] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5165] <... mmap resumed>) = 0x20000000 [pid 5164] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5164] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5164] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5164] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5165] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... clone3 resumed> => {parent_tid=[5166]}, 88) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5164] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5166] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5164] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] ftruncate(4, 2) = 0 [pid 5164] <... futex resumed>) = 0 [pid 5164] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5166] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5166] <... futex resumed>) = 0 [pid 5164] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] <... futex resumed>) = 1 [pid 5165] <... futex resumed>) = 0 [pid 5164] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [ 80.215070][ T5165] loop0: detected capacity change from 0 to 4096 [pid 5165] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] <... futex resumed>) = 0 [pid 5165] <... futex resumed>) = 1 [pid 5164] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5165] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5164] <... futex resumed>) = 0 [pid 5165] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5165] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] <... futex resumed>) = 0 [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5165] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5164] exit_group(0) = ? [pid 5166] <... futex resumed>) = ? [pid 5165] <... futex resumed>) = ? [pid 5166] +++ exited with 0 +++ [pid 5165] +++ exited with 0 +++ [pid 5164] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5164, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5167 attached , child_tidptr=0x555556ff8690) = 5167 [pid 5167] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5167] chdir("./44") = 0 [pid 5167] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5167] setpgid(0, 0) = 0 [pid 5167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5167] write(3, "1000", 4) = 4 [pid 5167] close(3) = 0 [pid 5167] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5167] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5167] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5167] <... clone3 resumed> => {parent_tid=[5168]}, 88) = 5168 [pid 5168] <... rseq resumed>) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5167] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5167] <... futex resumed>) = 0 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5168] memfd_create("syzkaller", 0) = 3 [pid 5168] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5168] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5168] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5168] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5168] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5168] close(3) = 0 [pid 5168] mkdir("./file2", 0777) = 0 [pid 5168] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5168] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5168] chdir("./file2") = 0 [pid 5168] ioctl(4, LOOP_CLR_FD) = 0 [pid 5168] close(4) = 0 [pid 5168] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5168] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5167] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... mmap resumed>) = 0x20000000 [pid 5167] <... futex resumed>) = 0 [pid 5167] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5167] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5168] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... mprotect resumed>) = 0 [pid 5168] <... futex resumed>) = 0 [pid 5168] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5169 attached [pid 5169] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5167] <... clone3 resumed> => {parent_tid=[5169]}, 88) = 5169 [pid 5169] <... rseq resumed>) = 0 [pid 5169] set_robust_list(0x7f8f94b099a0, 24 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] <... set_robust_list resumed>) = 0 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5167] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5169] ftruncate(4, 2 [pid 5167] <... futex resumed>) = 0 [pid 5169] <... ftruncate resumed>) = 0 [pid 5167] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5169] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5169] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5168] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 80.408698][ T5168] loop0: detected capacity change from 0 to 4096 [pid 5167] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] <... open resumed>) = 5 [pid 5168] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] <... futex resumed>) = 0 [pid 5168] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5168] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5167] <... futex resumed>) = 0 [pid 5168] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5167] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5168] <... futex resumed>) = 1 [pid 5167] exit_group(0 [pid 5168] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5167] <... exit_group resumed>) = ? [pid 5168] <... futex resumed>) = ? [pid 5168] +++ exited with 0 +++ [pid 5169] <... futex resumed>) = ? [pid 5169] +++ exited with 0 +++ [pid 5167] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5167, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5170 ./strace-static-x86_64: Process 5170 attached [pid 5170] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5170] chdir("./45") = 0 [pid 5170] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5170] setpgid(0, 0) = 0 [pid 5170] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5170] write(3, "1000", 4) = 4 [pid 5170] close(3) = 0 [pid 5170] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5170] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5170] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5170] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5171 attached [pid 5171] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5170] <... clone3 resumed> => {parent_tid=[5171]}, 88) = 5171 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5170] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5171] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5171] memfd_create("syzkaller", 0) = 3 [pid 5171] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5171] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5171] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5171] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5171] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5171] close(3) = 0 [pid 5171] mkdir("./file2", 0777) = 0 [pid 5171] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5171] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5171] chdir("./file2") = 0 [pid 5171] ioctl(4, LOOP_CLR_FD) = 0 [pid 5171] close(4) = 0 [pid 5171] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5171] <... futex resumed>) = 1 [pid 5170] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... open resumed>) = 4 [pid 5171] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5171] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] <... futex resumed>) = 0 [pid 5170] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... futex resumed>) = 0 [pid 5171] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5170] <... futex resumed>) = 1 [pid 5170] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5170] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5171] <... mmap resumed>) = 0x20000000 [pid 5170] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5171] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5171] <... futex resumed>) = 0 [pid 5170] <... mprotect resumed>) = 0 [pid 5171] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5170] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5172 attached [pid 5172] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5170] <... clone3 resumed> => {parent_tid=[5172]}, 88) = 5172 [pid 5172] <... rseq resumed>) = 0 [pid 5172] set_robust_list(0x7f8f94b099a0, 24 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], [pid 5172] <... set_robust_list resumed>) = 0 [pid 5170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], [pid 5170] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5172] ftruncate(4, 2 [pid 5170] <... futex resumed>) = 0 [pid 5172] <... ftruncate resumed>) = 0 [pid 5170] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5172] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5172] <... futex resumed>) = 0 [pid 5170] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5171] <... futex resumed>) = 0 [pid 5170] <... futex resumed>) = 1 [pid 5171] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 80.606517][ T5171] loop0: detected capacity change from 0 to 4096 [pid 5170] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] <... open resumed>) = 5 [pid 5171] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5170] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5171] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5170] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5170] <... futex resumed>) = 0 [pid 5171] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5170] exit_group(0 [pid 5172] <... futex resumed>) = ? [pid 5171] <... futex resumed>) = ? [pid 5170] <... exit_group resumed>) = ? [pid 5171] +++ exited with 0 +++ [pid 5172] +++ exited with 0 +++ [pid 5170] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5170, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5173 ./strace-static-x86_64: Process 5173 attached [pid 5173] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5173] chdir("./46") = 0 [pid 5173] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5173] setpgid(0, 0) = 0 [pid 5173] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5173] write(3, "1000", 4) = 4 [pid 5173] close(3) = 0 [pid 5173] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5173] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5173] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5173] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5173] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5174 attached [pid 5174] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5173] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5174] <... rseq resumed>) = 0 [pid 5174] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5174] <... set_robust_list resumed>) = 0 [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], [pid 5173] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] <... futex resumed>) = 0 [pid 5174] memfd_create("syzkaller", 0 [pid 5173] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5174] <... memfd_create resumed>) = 3 [pid 5174] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5174] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5174] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5174] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5174] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5174] close(3) = 0 [pid 5174] mkdir("./file2", 0777) = 0 [pid 5174] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5174] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5174] chdir("./file2") = 0 [pid 5174] ioctl(4, LOOP_CLR_FD) = 0 [pid 5174] close(4) = 0 [pid 5174] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5174] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5174] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5174] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5174] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5173] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5173] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5173] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5175 attached [pid 5175] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5173] <... clone3 resumed> => {parent_tid=[5175]}, 88) = 5175 [pid 5175] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 80.793225][ T5174] loop0: detected capacity change from 0 to 4096 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5173] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5175] ftruncate(4, 2 [pid 5173] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5175] <... ftruncate resumed>) = 0 [pid 5175] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5174] <... futex resumed>) = 0 [pid 5173] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5174] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] <... futex resumed>) = 1 [pid 5174] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5174] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5173] <... futex resumed>) = 0 [pid 5174] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5173] exit_group(0) = ? [pid 5175] <... futex resumed>) = ? [pid 5174] <... futex resumed>) = ? [pid 5174] +++ exited with 0 +++ [pid 5175] +++ exited with 0 +++ [pid 5173] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5173, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5176 attached , child_tidptr=0x555556ff8690) = 5176 [pid 5176] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5176] chdir("./47") = 0 [pid 5176] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5176] setpgid(0, 0) = 0 [pid 5176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5176] write(3, "1000", 4) = 4 [pid 5176] close(3) = 0 [pid 5176] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5176] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5176] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5177]}, 88) = 5177 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5176] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5176] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5177 attached [pid 5177] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5177] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5177] memfd_create("syzkaller", 0) = 3 [pid 5177] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5177] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5177] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5177] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5177] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5177] close(3) = 0 [pid 5177] mkdir("./file2", 0777) = 0 [pid 5177] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5177] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5177] chdir("./file2") = 0 [pid 5177] ioctl(4, LOOP_CLR_FD) = 0 [pid 5177] close(4) = 0 [pid 5177] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] <... futex resumed>) = 0 [pid 5177] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5176] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... open resumed>) = 4 [pid 5177] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5177] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5176] <... futex resumed>) = 0 [pid 5177] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5176] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... mmap resumed>) = 0x20000000 [pid 5176] <... futex resumed>) = 0 [pid 5176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5176] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5176] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5178 attached => {parent_tid=[5178]}, 88) = 5178 [pid 5178] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] <... futex resumed>) = 0 [pid 5176] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5178] <... rseq resumed>) = 0 [pid 5176] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5178] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5178] ftruncate(4, 2) = 0 [pid 5178] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 80.975169][ T5177] loop0: detected capacity change from 0 to 4096 [pid 5178] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... futex resumed>) = 0 [pid 5177] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5177] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5177] <... futex resumed>) = 0 [pid 5176] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5177] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = 0 [pid 5177] <... futex resumed>) = 1 [pid 5176] exit_group(0 [pid 5177] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... futex resumed>) = ? [pid 5177] <... futex resumed>) = ? [pid 5176] <... exit_group resumed>) = ? [pid 5178] +++ exited with 0 +++ [pid 5177] +++ exited with 0 +++ [pid 5176] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5176, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5179 attached , child_tidptr=0x555556ff8690) = 5179 [pid 5179] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5179] chdir("./48") = 0 [pid 5179] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5179] setpgid(0, 0) = 0 [pid 5179] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5179] write(3, "1000", 4) = 4 [pid 5179] close(3) = 0 [pid 5179] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5179] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5179] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5179] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5179] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5180 attached => {parent_tid=[5180]}, 88) = 5180 [pid 5180] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5180] <... rseq resumed>) = 0 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] memfd_create("syzkaller", 0 [pid 5179] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5180] <... memfd_create resumed>) = 3 [pid 5180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5180] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5180] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5180] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5180] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5180] close(3) = 0 [pid 5180] mkdir("./file2", 0777) = 0 [pid 5180] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5180] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5180] chdir("./file2") = 0 [pid 5180] ioctl(4, LOOP_CLR_FD) = 0 [pid 5180] close(4) = 0 [pid 5180] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5179] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... open resumed>) = 4 [pid 5180] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5180] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5179] <... futex resumed>) = 0 [pid 5180] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5179] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] <... mmap resumed>) = 0x20000000 [pid 5179] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5180] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5180] <... futex resumed>) = 0 [ 81.164073][ T5180] loop0: detected capacity change from 0 to 4096 [pid 5179] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5180] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] <... mprotect resumed>) = 0 [pid 5179] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5179] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5181 attached [pid 5181] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5179] <... clone3 resumed> => {parent_tid=[5181]}, 88) = 5181 [pid 5181] <... rseq resumed>) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5181] set_robust_list(0x7f8f94b099a0, 24 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5181] <... set_robust_list resumed>) = 0 [pid 5179] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] <... futex resumed>) = 0 [pid 5181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] ftruncate(4, 2) = 0 [pid 5181] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5181] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5179] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] <... futex resumed>) = 0 [pid 5179] <... futex resumed>) = 1 [pid 5180] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5179] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] <... open resumed>) = 5 [pid 5180] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] <... futex resumed>) = 0 [pid 5179] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5180] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5179] <... futex resumed>) = 0 [pid 5180] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5179] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5180] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] <... futex resumed>) = 0 [pid 5179] exit_group(0 [pid 5180] ???( [pid 5181] <... futex resumed>) = ? [pid 5180] <... ??? resumed>) = ? [pid 5179] <... exit_group resumed>) = ? [pid 5181] +++ exited with 0 +++ [pid 5180] +++ exited with 0 +++ [pid 5179] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5179, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5182 ./strace-static-x86_64: Process 5182 attached [pid 5182] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5182] chdir("./49") = 0 [pid 5182] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5182] setpgid(0, 0) = 0 [pid 5182] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5182] write(3, "1000", 4) = 4 [pid 5182] close(3) = 0 [pid 5182] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5182] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5182] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5182] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5182] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5183 attached [pid 5183] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5182] <... clone3 resumed> => {parent_tid=[5183]}, 88) = 5183 [pid 5183] <... rseq resumed>) = 0 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] <... set_robust_list resumed>) = 0 [pid 5182] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] <... futex resumed>) = 0 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5183] memfd_create("syzkaller", 0) = 3 [pid 5183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5183] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5183] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5183] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5183] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5183] close(3) = 0 [pid 5183] mkdir("./file2", 0777) = 0 [pid 5183] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5183] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5183] chdir("./file2") = 0 [pid 5183] ioctl(4, LOOP_CLR_FD) = 0 [pid 5183] close(4) = 0 [pid 5183] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5182] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... open resumed>) = 4 [pid 5183] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5182] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5182] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5182] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5182] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5184] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5182] <... clone3 resumed> => {parent_tid=[5184]}, 88) = 5184 [pid 5184] <... rseq resumed>) = 0 [pid 5183] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] rt_sigprocmask(SIG_SETMASK, [], [pid 5184] set_robust_list(0x7f8f94b099a0, 24 [pid 5182] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5184] <... set_robust_list resumed>) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5183] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5184] ftruncate(4, 2 [pid 5182] <... futex resumed>) = 0 [pid 5184] <... ftruncate resumed>) = 0 [ 81.381231][ T5183] loop0: detected capacity change from 0 to 4096 [pid 5182] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5184] <... futex resumed>) = 0 [pid 5182] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5183] <... futex resumed>) = 0 [pid 5182] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5183] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5182] <... futex resumed>) = 0 [pid 5183] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5182] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5183] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5183] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5182] <... futex resumed>) = 0 [pid 5183] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5182] exit_group(0 [pid 5184] <... futex resumed>) = ? [pid 5183] <... futex resumed>) = ? [pid 5182] <... exit_group resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ [pid 5182] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5182, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5185 attached , child_tidptr=0x555556ff8690) = 5185 [pid 5185] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5185] chdir("./50") = 0 [pid 5185] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5185] setpgid(0, 0) = 0 [pid 5185] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5185] write(3, "1000", 4) = 4 [pid 5185] close(3) = 0 [pid 5185] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5185] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5185] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5185] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5186 attached => {parent_tid=[5186]}, 88) = 5186 [pid 5186] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] <... rseq resumed>) = 0 [pid 5186] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5185] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5185] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] memfd_create("syzkaller", 0) = 3 [pid 5186] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5186] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5186] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5186] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5186] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5186] close(3) = 0 [pid 5186] mkdir("./file2", 0777) = 0 [pid 5186] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5186] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5186] chdir("./file2") = 0 [pid 5186] ioctl(4, LOOP_CLR_FD) = 0 [pid 5186] close(4) = 0 [pid 5186] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5186] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5186] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5185] <... futex resumed>) = 1 [pid 5185] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... open resumed>) = 4 [pid 5186] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5185] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5185] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5186] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<[], 8) = 0 [pid 5185] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5187]}, 88) = 5187 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5185] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5187 attached [pid 5187] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5186] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] <... rseq resumed>) = 0 [pid 5187] set_robust_list(0x7f8f94b099a0, 24) = 0 [ 81.598793][ T5186] loop0: detected capacity change from 0 to 4096 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] <... futex resumed>) = 0 [pid 5186] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5187] ftruncate(4, 2) = 0 [pid 5187] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5185] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... futex resumed>) = 0 [pid 5187] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = 1 [pid 5185] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5186] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5185] <... futex resumed>) = 0 [pid 5186] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5185] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5186] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5185] exit_group(0 [pid 5187] <... futex resumed>) = ? [pid 5186] <... futex resumed>) = ? [pid 5185] <... exit_group resumed>) = ? [pid 5187] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5185] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5185, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5188 attached , child_tidptr=0x555556ff8690) = 5188 [pid 5188] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5188] chdir("./51") = 0 [pid 5188] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5188] setpgid(0, 0) = 0 [pid 5188] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5188] write(3, "1000", 4) = 4 [pid 5188] close(3) = 0 [pid 5188] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5188] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5188] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5188] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5189]}, 88) = 5189 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5189] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5189] memfd_create("syzkaller", 0) = 3 [pid 5189] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5189] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5189] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5189] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5189] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5189] close(3) = 0 [pid 5189] mkdir("./file2", 0777) = 0 [ 81.891860][ T5189] loop0: detected capacity change from 0 to 4096 [pid 5189] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5189] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5189] chdir("./file2") = 0 [pid 5189] ioctl(4, LOOP_CLR_FD) = 0 [pid 5189] close(4) = 0 [pid 5189] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5188] <... futex resumed>) = 0 [pid 5189] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5188] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... open resumed>) = 4 [pid 5189] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... futex resumed>) = 1 [pid 5189] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5188] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5189] <... mmap resumed>) = 0x20000000 [pid 5188] <... futex resumed>) = 0 [pid 5189] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5189] <... futex resumed>) = 0 [pid 5188] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5189] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5188] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5188] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5188] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5190]}, 88) = 5190 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5190 attached [pid 5190] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5190] set_robust_list(0x7f8f94b099a0, 24) = 0 [ 81.977013][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 81.977028][ T28] audit: type=1800 audit(1697944374.797:154): pid=5189 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5190] ftruncate(4, 2 [pid 5188] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5188] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5189] <... futex resumed>) = 0 [pid 5189] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000784} --- [pid 5188] <... futex resumed>) = ? [pid 5189] +++ killed by SIGBUS +++ [pid 5190] <... ftruncate resumed>) = ? [pid 5190] +++ killed by SIGBUS +++ [pid 5188] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5188, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 [ 82.025986][ T28] audit: type=1800 audit(1697944374.797:155): pid=5189 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5191 ./strace-static-x86_64: Process 5191 attached [pid 5191] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5191] chdir("./52") = 0 [pid 5191] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5191] setpgid(0, 0) = 0 [pid 5191] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5191] write(3, "1000", 4) = 4 [pid 5191] close(3) = 0 [pid 5191] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5191] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5191] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5191] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5192 attached [pid 5192] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5191] <... clone3 resumed> => {parent_tid=[5192]}, 88) = 5192 [pid 5192] <... rseq resumed>) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], [pid 5191] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5192] memfd_create("syzkaller", 0) = 3 [pid 5192] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5192] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5192] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5192] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5192] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5192] close(3) = 0 [pid 5192] mkdir("./file2", 0777) = 0 [pid 5192] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5192] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5192] chdir("./file2") = 0 [pid 5192] ioctl(4, LOOP_CLR_FD) = 0 [pid 5192] close(4) = 0 [pid 5192] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5192] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5192] <... futex resumed>) = 0 [pid 5191] <... futex resumed>) = 1 [pid 5192] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 82.232473][ T5192] loop0: detected capacity change from 0 to 4096 [pid 5191] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5192] <... open resumed>) = 4 [pid 5192] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5192] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5191] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5191] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5191] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5191] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5193]}, 88) = 5193 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], [pid 5192] <... mmap resumed>) = 0x20000000 [pid 5191] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5191] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5193 attached [pid 5193] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5193] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5193] ftruncate(4, 2) = 0 [pid 5193] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] <... futex resumed>) = 0 [pid 5193] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5193] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [pid 5191] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5193] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5193] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5191] <... futex resumed>) = 0 [ 82.280554][ T28] audit: type=1800 audit(1697944375.097:156): pid=5192 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 82.304615][ T28] audit: type=1800 audit(1697944375.127:157): pid=5192 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5193] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5192] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5192] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5191] exit_group(0 [pid 5192] <... futex resumed>) = ? [pid 5191] <... exit_group resumed>) = ? [pid 5192] +++ exited with 0 +++ [pid 5193] <... futex resumed>) = ? [pid 5193] +++ exited with 0 +++ [pid 5191] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5191, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 82.330418][ T28] audit: type=1800 audit(1697944375.147:158): pid=5193 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5194 attached , child_tidptr=0x555556ff8690) = 5194 [pid 5194] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5194] chdir("./53") = 0 [pid 5194] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5194] setpgid(0, 0) = 0 [pid 5194] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5194] write(3, "1000", 4) = 4 [pid 5194] close(3) = 0 [pid 5194] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5194] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5194] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5194] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5194] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5194] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5194] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5195 attached => {parent_tid=[5195]}, 88) = 5195 [pid 5195] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] <... set_robust_list resumed>) = 0 [pid 5194] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] <... futex resumed>) = 0 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5195] memfd_create("syzkaller", 0) = 3 [pid 5195] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5195] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5195] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5195] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5195] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5195] close(3) = 0 [pid 5195] mkdir("./file2", 0777) = 0 [pid 5195] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5195] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5195] chdir("./file2") = 0 [pid 5195] ioctl(4, LOOP_CLR_FD) = 0 [pid 5195] close(4) = 0 [pid 5195] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5195] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... open resumed>) = 4 [ 82.448609][ T5195] loop0: detected capacity change from 0 to 4096 [pid 5195] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5194] <... futex resumed>) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5195] ftruncate(4, 2) = 0 [pid 5195] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] <... futex resumed>) = 0 [pid 5195] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5195] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5194] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5194] <... futex resumed>) = 0 [pid 5194] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5195] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5195] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] <... futex resumed>) = 0 [pid 5195] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 82.489752][ T28] audit: type=1800 audit(1697944375.307:159): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 82.510918][ T28] audit: type=1800 audit(1697944375.307:160): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5194] exit_group(0 [pid 5195] <... futex resumed>) = ? [pid 5195] +++ exited with 0 +++ [pid 5194] <... exit_group resumed>) = ? [pid 5194] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5194, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 [ 82.538798][ T28] audit: type=1800 audit(1697944375.357:161): pid=5195 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5196 attached [pid 5196] set_robust_list(0x555556ff86a0, 24 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5196 [pid 5196] <... set_robust_list resumed>) = 0 [pid 5196] chdir("./54") = 0 [pid 5196] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5196] setpgid(0, 0) = 0 [pid 5196] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5196] write(3, "1000", 4) = 4 [pid 5196] close(3) = 0 [pid 5196] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5196] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5196] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5196] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5197 attached => {parent_tid=[5197]}, 88) = 5197 [pid 5197] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5197] <... rseq resumed>) = 0 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5197] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5196] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5197] <... set_robust_list resumed>) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] memfd_create("syzkaller", 0) = 3 [pid 5197] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5197] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5197] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5197] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5197] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5197] close(3) = 0 [pid 5197] mkdir("./file2", 0777) = 0 [pid 5197] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5197] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5197] chdir("./file2") = 0 [pid 5197] ioctl(4, LOOP_CLR_FD) = 0 [pid 5197] close(4) = 0 [pid 5197] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] <... futex resumed>) = 0 [pid 5197] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5196] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... open resumed>) = 4 [pid 5197] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 82.696939][ T5197] loop0: detected capacity change from 0 to 4096 [pid 5197] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5197] <... futex resumed>) = 0 [pid 5196] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5196] <... futex resumed>) = 0 [pid 5196] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5196] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5197] <... mmap resumed>) = 0x20000000 [pid 5197] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5197] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... mprotect resumed>) = 0 [pid 5196] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5196] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5198 attached [pid 5198] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5196] <... clone3 resumed> => {parent_tid=[5198]}, 88) = 5198 [pid 5198] <... rseq resumed>) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] set_robust_list(0x7f8f94b099a0, 24 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] <... set_robust_list resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] ftruncate(4, 2) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5198] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5196] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... futex resumed>) = 0 [pid 5196] <... futex resumed>) = 1 [pid 5197] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5196] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... open resumed>) = 5 [pid 5197] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] <... futex resumed>) = 0 [pid 5197] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5196] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5197] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5196] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5197] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5196] exit_group(0 [pid 5197] <... futex resumed>) = ? [pid 5196] <... exit_group resumed>) = ? [pid 5198] <... futex resumed>) = ? [pid 5197] +++ exited with 0 +++ [pid 5198] +++ exited with 0 +++ [pid 5196] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5196, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 82.744270][ T28] audit: type=1800 audit(1697944375.557:162): pid=5197 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 82.767746][ T28] audit: type=1800 audit(1697944375.587:163): pid=5197 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5199 ./strace-static-x86_64: Process 5199 attached [pid 5199] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5199] chdir("./55") = 0 [pid 5199] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5199] setpgid(0, 0) = 0 [pid 5199] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5199] write(3, "1000", 4) = 4 [pid 5199] close(3) = 0 [pid 5199] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5199] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5199] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5199] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5200 attached [pid 5200] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5199] <... clone3 resumed> => {parent_tid=[5200]}, 88) = 5200 [pid 5200] <... rseq resumed>) = 0 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], [pid 5200] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5200] <... set_robust_list resumed>) = 0 [pid 5199] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] <... futex resumed>) = 0 [pid 5200] memfd_create("syzkaller", 0 [pid 5199] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5200] <... memfd_create resumed>) = 3 [pid 5200] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5200] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5200] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5200] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5200] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5200] close(3) = 0 [pid 5200] mkdir("./file2", 0777) = 0 [pid 5200] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5200] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5200] chdir("./file2") = 0 [pid 5200] ioctl(4, LOOP_CLR_FD) = 0 [pid 5200] close(4) = 0 [pid 5200] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5200] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5199] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5199] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5199] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5201]}, 88) = 5201 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5199] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5201 attached [pid 5201] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5201] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5201] ftruncate(4, 2) = 0 [pid 5201] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = 1 [pid 5201] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5200] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5201] <... open resumed>) = 5 [pid 5201] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] <... futex resumed>) = 0 [pid 5199] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5201] <... futex resumed>) = 1 [pid 5201] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5200] <... mmap resumed>) = 0x20000000 [ 82.900132][ T5200] loop0: detected capacity change from 0 to 4096 [ 82.956485][ T5201] [ 82.958859][ T5201] ====================================================== [ 82.965869][ T5201] WARNING: possible circular locking dependency detected [ 82.972871][ T5201] 6.6.0-rc6-syzkaller-00330-gd537ae43f8a1 #0 Not tainted [ 82.979871][ T5201] ------------------------------------------------------ [ 82.986870][ T5201] syz-executor262/5201 is trying to acquire lock: [ 82.993271][ T5201] ffff88807ace1e20 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0xa5/0x120 [ 83.002161][ T5201] [pid 5200] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 83.002161][ T5201] but task is already holding lock: [ 83.009512][ T5201] ffff888075e2cb70 (&ni->file.run_lock#3){++++}-{3:3}, at: ni_fiemap+0x373/0x1230 [ 83.018762][ T5201] [ 83.018762][ T5201] which lock already depends on the new lock. [ 83.018762][ T5201] [ 83.029185][ T5201] [ 83.029185][ T5201] the existing dependency chain (in reverse order) is: [ 83.038213][ T5201] [ 83.038213][ T5201] -> #1 (&ni->file.run_lock#3){++++}-{3:3}: [ 83.046302][ T5201] down_read+0xb1/0xa40 [ 83.050985][ T5201] attr_data_get_block+0x2e7/0x2da0 [ 83.056712][ T5201] ntfs_file_mmap+0x453/0x7a0 [ 83.061910][ T5201] mmap_region+0xfd0/0x2280 [ 83.066939][ T5201] do_mmap+0x8d3/0xfa0 [ 83.071533][ T5201] vm_mmap_pgoff+0x1dc/0x410 [ 83.076660][ T5201] ksys_mmap_pgoff+0x4ff/0x6d0 [ 83.081960][ T5201] do_syscall_64+0x41/0xc0 [ 83.086923][ T5201] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.093346][ T5201] [ 83.093346][ T5201] -> #0 (&mm->mmap_lock){++++}-{3:3}: [ 83.100910][ T5201] __lock_acquire+0x39ff/0x7f70 [ 83.106281][ T5201] lock_acquire+0x1e3/0x520 [ 83.111306][ T5201] __might_fault+0xc1/0x120 [ 83.116343][ T5201] _copy_to_user+0x2a/0xa0 [ 83.121281][ T5201] fiemap_fill_next_extent+0x235/0x410 [ 83.127268][ T5201] ni_fiemap+0xa5e/0x1230 [ 83.132119][ T5201] ntfs_fiemap+0x132/0x180 [ 83.137051][ T5201] do_vfs_ioctl+0x19ea/0x2b40 [ 83.142251][ T5201] __se_sys_ioctl+0x81/0x170 [ 83.147364][ T5201] do_syscall_64+0x41/0xc0 [ 83.152303][ T5201] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.158722][ T5201] [ 83.158722][ T5201] other info that might help us debug this: [ 83.158722][ T5201] [ 83.168947][ T5201] Possible unsafe locking scenario: [ 83.168947][ T5201] [ 83.176411][ T5201] CPU0 CPU1 [ 83.181770][ T5201] ---- ---- [ 83.187130][ T5201] rlock(&ni->file.run_lock#3); [ 83.192073][ T5201] lock(&mm->mmap_lock); [ 83.198924][ T5201] lock(&ni->file.run_lock#3); [ 83.206321][ T5201] rlock(&mm->mmap_lock); [ 83.210737][ T5201] [ 83.210737][ T5201] *** DEADLOCK *** [ 83.210737][ T5201] [ 83.218874][ T5201] 2 locks held by syz-executor262/5201: [ 83.224410][ T5201] #0: ffff888075e2cac0 (&ni->ni_lock#2/4){+.+.}-{3:3}, at: ntfs_fiemap+0xff/0x180 [ 83.233735][ T5201] #1: ffff888075e2cb70 (&ni->file.run_lock#3){++++}-{3:3}, at: ni_fiemap+0x373/0x1230 [ 83.243401][ T5201] [ 83.243401][ T5201] stack backtrace: [ 83.249280][ T5201] CPU: 1 PID: 5201 Comm: syz-executor262 Not tainted 6.6.0-rc6-syzkaller-00330-gd537ae43f8a1 #0 [ 83.259695][ T5201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023 [ 83.269745][ T5201] Call Trace: [ 83.273024][ T5201] [ 83.275959][ T5201] dump_stack_lvl+0x1e7/0x2d0 [ 83.280647][ T5201] ? nf_tcp_handle_invalid+0x650/0x650 [ 83.286121][ T5201] ? print_circular_bug+0x12b/0x1a0 [ 83.291322][ T5201] check_noncircular+0x375/0x4a0 [ 83.296258][ T5201] ? mark_lock+0x9a/0x340 [ 83.300589][ T5201] ? print_deadlock_bug+0x600/0x600 [ 83.305795][ T5201] ? lockdep_lock+0x123/0x2b0 [ 83.310474][ T5201] ? mark_lock+0x9a/0x340 [ 83.314804][ T5201] ? _find_first_zero_bit+0xd4/0x100 [ 83.320116][ T5201] __lock_acquire+0x39ff/0x7f70 [ 83.324981][ T5201] ? register_lock_class+0x104/0x990 [ 83.330266][ T5201] ? verify_lock_unused+0x140/0x140 [ 83.335463][ T5201] ? verify_lock_unused+0x140/0x140 [ 83.340654][ T5201] ? mark_lock+0x9a/0x340 [ 83.344987][ T5201] ? __lock_acquire+0x1345/0x7f70 [ 83.350016][ T5201] lock_acquire+0x1e3/0x520 [ 83.354516][ T5201] ? __might_fault+0xa5/0x120 [ 83.359314][ T5201] ? read_lock_is_recursive+0x20/0x20 [ 83.364688][ T5201] ? __might_sleep+0xc0/0xc0 [ 83.369284][ T5201] ? __might_sleep+0xc0/0xc0 [ 83.373891][ T5201] ? __might_fault+0xa5/0x120 [ 83.378582][ T5201] __might_fault+0xc1/0x120 [ 83.383096][ T5201] ? __might_fault+0xa5/0x120 [ 83.387779][ T5201] _copy_to_user+0x2a/0xa0 [ 83.392202][ T5201] fiemap_fill_next_extent+0x235/0x410 [ 83.397700][ T5201] ? vfs_ioctl+0xc0/0xc0 [ 83.401981][ T5201] ? run_lookup_entry+0x3fa/0x560 [ 83.407013][ T5201] ni_fiemap+0xa5e/0x1230 [ 83.411353][ T5201] ? ni_parse_reparse+0x6b0/0x6b0 [ 83.416386][ T5201] ? __might_sleep+0xc0/0xc0 [ 83.420973][ T5201] ? fiemap_prep+0x19e/0x240 [ 83.425577][ T5201] ntfs_fiemap+0x132/0x180 [ 83.429995][ T5201] ? ntfs_file_open+0x210/0x210 [ 83.434843][ T5201] ? __might_fault+0xc1/0x120 [ 83.439548][ T5201] ? ntfs_file_open+0x210/0x210 [ 83.444411][ T5201] do_vfs_ioctl+0x19ea/0x2b40 [ 83.449097][ T5201] ? __x64_compat_sys_ioctl+0x90/0x90 [ 83.454478][ T5201] ? __lock_acquire+0x7f70/0x7f70 [ 83.459500][ T5201] ? lockdep_hardirqs_on+0x98/0x140 [ 83.464701][ T5201] ? __kmem_cache_free+0x25f/0x3b0 [ 83.469810][ T5201] ? tomoyo_path_number_perm+0x68d/0x870 [ 83.475446][ T5201] ? tomoyo_path_number_perm+0x71a/0x870 [ 83.481084][ T5201] ? tomoyo_path_number_perm+0x208/0x870 [ 83.486718][ T5201] ? smack_log+0x123/0x540 [ 83.491137][ T5201] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 83.496601][ T5201] ? smk_access+0x4e0/0x4e0 [ 83.501109][ T5201] ? smk_access+0x4ab/0x4e0 [ 83.505617][ T5201] ? smk_tskacc+0x2ff/0x360 [ 83.510135][ T5201] ? smack_file_ioctl+0x2fa/0x3a0 [ 83.515165][ T5201] ? smack_file_alloc_security+0xe0/0xe0 [ 83.520805][ T5201] ? __fget_files+0x28/0x4a0 [ 83.525394][ T5201] ? __fget_files+0x28/0x4a0 [ 83.529993][ T5201] ? bpf_lsm_file_ioctl+0x9/0x10 [ 83.534934][ T5201] ? security_file_ioctl+0x81/0xa0 [ 83.540054][ T5201] __se_sys_ioctl+0x81/0x170 [ 83.544654][ T5201] do_syscall_64+0x41/0xc0 [ 83.549084][ T5201] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 83.555003][ T5201] RIP: 0033:0x7f8f94b6dbd9 [ 83.559421][ T5201] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 83.579036][ T5201] RSP: 002b:00007f8f94b09218 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 83.587454][ T5201] RAX: ffffffffffffffda RBX: 00007f8f94c156d8 RCX: 00007f8f94b6dbd9 [ 83.595424][ T5201] RDX: 0000000020000180 RSI: 00000000c020660b RDI: 0000000000000005 [pid 5200] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=1, ...}) = 0 [pid 5199] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5201] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] exit_group(0 [pid 5201] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] +++ exited with 0 +++ [pid 5200] <... futex resumed>) = ? [pid 5199] <... exit_group resumed>) = ? [pid 5200] +++ exited with 0 +++ [pid 5199] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5199, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 83.603395][ T5201] RBP: 00007f8f94c156d0 R08: 0000000000000000 R09: 0000000000000000 [ 83.611451][ T5201] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8f94be1bd0 [ 83.619418][ T5201] R13: 00007f8f94be19e8 R14: 0000000000bcaefa R15: 0032656c69662f2e [ 83.627410][ T5201] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5202 attached [pid 5202] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5202] chdir("./56") = 0 [pid 5202] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5202] setpgid(0, 0) = 0 [pid 5202] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5202] write(3, "1000", 4 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5202 [pid 5202] <... write resumed>) = 4 [pid 5202] close(3) = 0 [pid 5202] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5202] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5202] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5202] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5203 attached => {parent_tid=[5203]}, 88) = 5203 [pid 5203] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5203] <... rseq resumed>) = 0 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5203] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5202] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... futex resumed>) = 0 [pid 5203] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5203] memfd_create("syzkaller", 0) = 3 [pid 5203] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5203] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5203] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5203] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5203] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5203] close(3) = 0 [pid 5203] mkdir("./file2", 0777) = 0 [pid 5203] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5203] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5203] chdir("./file2") = 0 [pid 5203] ioctl(4, LOOP_CLR_FD) = 0 [pid 5203] close(4) = 0 [pid 5203] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5203] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5202] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... open resumed>) = 4 [pid 5203] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [pid 5203] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5202] <... futex resumed>) = 0 [pid 5203] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5202] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... mmap resumed>) = 0x20000000 [pid 5202] <... futex resumed>) = 0 [pid 5202] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5203] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5202] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5203] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5202] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5202] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5204 attached [pid 5204] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5202] <... clone3 resumed> => {parent_tid=[5204]}, 88) = 5204 [pid 5204] <... rseq resumed>) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] set_robust_list(0x7f8f94b099a0, 24 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] <... set_robust_list resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5204] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5204] ftruncate(4, 2) = 0 [pid 5204] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5204] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5203] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5202] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... open resumed>) = 5 [pid 5203] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5203] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5202] <... futex resumed>) = 0 [pid 5202] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5202] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5203] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] <... futex resumed>) = 0 [ 83.723693][ T5203] loop0: detected capacity change from 0 to 4096 [pid 5202] exit_group(0) = ? [pid 5203] +++ exited with 0 +++ [pid 5204] <... futex resumed>) = ? [pid 5204] +++ exited with 0 +++ [pid 5202] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5202, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5205 ./strace-static-x86_64: Process 5205 attached [pid 5205] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5205] chdir("./57") = 0 [pid 5205] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5205] setpgid(0, 0) = 0 [pid 5205] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5205] write(3, "1000", 4) = 4 [pid 5205] close(3) = 0 [pid 5205] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5205] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5205] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5205] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5205] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5206 attached [pid 5206] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5205] <... clone3 resumed> => {parent_tid=[5206]}, 88) = 5206 [pid 5206] <... rseq resumed>) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5205] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] memfd_create("syzkaller", 0 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5206] <... memfd_create resumed>) = 3 [pid 5206] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5206] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5206] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5206] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5206] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5206] close(3) = 0 [pid 5206] mkdir("./file2", 0777) = 0 [pid 5206] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5206] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5206] chdir("./file2") = 0 [pid 5206] ioctl(4, LOOP_CLR_FD) = 0 [pid 5206] close(4) = 0 [pid 5206] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... open resumed>) = 4 [pid 5206] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5206] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = 0 [pid 5205] <... futex resumed>) = 1 [pid 5206] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5205] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... mmap resumed>) = 0x20000000 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5206] <... futex resumed>) = 0 [pid 5206] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5205] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5205] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5205] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5207 attached [pid 5207] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5207] set_robust_list(0x7f8f94b099a0, 24 [pid 5205] <... clone3 resumed> => {parent_tid=[5207]}, 88) = 5207 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] <... set_robust_list resumed>) = 0 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] <... futex resumed>) = 0 [pid 5205] <... futex resumed>) = 1 [pid 5207] ftruncate(4, 2) = 0 [pid 5205] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5207] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5207] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] <... futex resumed>) = 0 [pid 5205] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5206] <... futex resumed>) = 0 [pid 5206] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5206] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5205] <... futex resumed>) = 0 [pid 5206] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] <... futex resumed>) = 0 [pid 5206] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5206] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5206] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5205] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5205] exit_group(0 [pid 5207] <... futex resumed>) = ? [pid 5205] <... exit_group resumed>) = ? [pid 5207] +++ exited with 0 +++ [pid 5206] <... futex resumed>) = ? [pid 5206] +++ exited with 0 +++ [pid 5205] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5205, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 83.890761][ T5206] loop0: detected capacity change from 0 to 4096 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5208 attached , child_tidptr=0x555556ff8690) = 5208 [pid 5208] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5208] chdir("./58") = 0 [pid 5208] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5208] setpgid(0, 0) = 0 [pid 5208] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5208] write(3, "1000", 4) = 4 [pid 5208] close(3) = 0 [pid 5208] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5208] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5208] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5208] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5209 attached [pid 5209] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5208] <... clone3 resumed> => {parent_tid=[5209]}, 88) = 5209 [pid 5209] <... rseq resumed>) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5209] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5209] <... set_robust_list resumed>) = 0 [pid 5208] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5208] <... futex resumed>) = 0 [pid 5209] memfd_create("syzkaller", 0 [pid 5208] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5209] <... memfd_create resumed>) = 3 [pid 5209] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5209] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5209] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5209] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5209] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5209] close(3) = 0 [pid 5209] mkdir("./file2", 0777) = 0 [pid 5209] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5209] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5209] chdir("./file2") = 0 [pid 5209] ioctl(4, LOOP_CLR_FD) = 0 [pid 5209] close(4) = 0 [pid 5209] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5209] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5209] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5208] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5208] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5208] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5210 attached => {parent_tid=[5210]}, 88) = 5210 [pid 5210] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5209] <... mmap resumed>) = 0x20000000 [pid 5210] <... rseq resumed>) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] set_robust_list(0x7f8f94b099a0, 24 [pid 5208] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] <... set_robust_list resumed>) = 0 [pid 5208] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5208] <... futex resumed>) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5208] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] ftruncate(4, 2) = 0 [pid 5210] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = 0 [pid 5208] <... futex resumed>) = 1 [pid 5210] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5208] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... open resumed>) = 5 [pid 5210] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5208] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = 1 [pid 5208] <... futex resumed>) = 0 [pid 5210] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5208] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5210] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5210] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5210] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5209] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5209] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5208] exit_group(0 [pid 5210] <... futex resumed>) = ? [pid 5209] <... futex resumed>) = ? [pid 5208] <... exit_group resumed>) = ? [pid 5210] +++ exited with 0 +++ [pid 5209] +++ exited with 0 +++ [pid 5208] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5208, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 84.015404][ T5209] loop0: detected capacity change from 0 to 4096 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5211 ./strace-static-x86_64: Process 5211 attached [pid 5211] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5211] chdir("./59") = 0 [pid 5211] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5211] setpgid(0, 0) = 0 [pid 5211] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5211] write(3, "1000", 4) = 4 [pid 5211] close(3) = 0 [pid 5211] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5211] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5211] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5212 attached [pid 5212] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5211] <... clone3 resumed> => {parent_tid=[5212]}, 88) = 5212 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... rseq resumed>) = 0 [pid 5212] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 0 [pid 5211] <... futex resumed>) = 1 [pid 5212] memfd_create("syzkaller", 0 [pid 5211] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5212] <... memfd_create resumed>) = 3 [pid 5212] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5212] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5212] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5212] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5212] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5212] close(3) = 0 [pid 5212] mkdir("./file2", 0777) = 0 [pid 5212] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5212] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5212] chdir("./file2") = 0 [pid 5212] ioctl(4, LOOP_CLR_FD) = 0 [pid 5212] close(4) = 0 [pid 5212] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] <... futex resumed>) = 1 [pid 5212] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5212] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = 1 [pid 5211] <... futex resumed>) = 0 [pid 5212] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5211] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5212] <... mmap resumed>) = 0x20000000 [pid 5211] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5211] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5211] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5213]}, 88) = 5213 [pid 5212] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... futex resumed>) = 0 [pid 5212] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5213 attached [pid 5213] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5213] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] ftruncate(4, 2) = 0 [pid 5213] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] <... futex resumed>) = 0 [pid 5211] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5212] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5212] <... futex resumed>) = 1 [pid 5211] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5211] <... futex resumed>) = 0 [pid 5212] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5211] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5212] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5212] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5211] <... futex resumed>) = 0 [pid 5211] exit_group(0) = ? [pid 5213] <... futex resumed>) = ? [pid 5212] <... futex resumed>) = ? [pid 5213] +++ exited with 0 +++ [pid 5212] +++ exited with 0 +++ [pid 5211] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5211, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 [ 84.187948][ T5212] loop0: detected capacity change from 0 to 4096 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5214 attached , child_tidptr=0x555556ff8690) = 5214 [pid 5214] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5214] chdir("./60") = 0 [pid 5214] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5214] setpgid(0, 0) = 0 [pid 5214] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5214] write(3, "1000", 4) = 4 [pid 5214] close(3) = 0 [pid 5214] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5214] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5214] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5214] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5215]}, 88) = 5215 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5214] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5215 attached [pid 5215] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5215] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] memfd_create("syzkaller", 0) = 3 [pid 5215] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5215] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5215] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5215] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5215] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5215] close(3) = 0 [pid 5215] mkdir("./file2", 0777) = 0 [pid 5215] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5215] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5215] chdir("./file2") = 0 [pid 5215] ioctl(4, LOOP_CLR_FD) = 0 [pid 5215] close(4) = 0 [pid 5215] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = 0 [pid 5214] <... futex resumed>) = 1 [pid 5215] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5214] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... open resumed>) = 4 [pid 5215] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5215] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5214] <... futex resumed>) = 0 [pid 5215] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5214] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5215] <... mmap resumed>) = 0x20000000 [pid 5214] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5215] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... mprotect resumed>) = 0 [pid 5215] <... futex resumed>) = 0 [pid 5215] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5214] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5216 attached => {parent_tid=[5216]}, 88) = 5216 [pid 5216] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], [pid 5216] <... rseq resumed>) = 0 [pid 5216] set_robust_list(0x7f8f94b099a0, 24 [pid 5214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] <... set_robust_list resumed>) = 0 [pid 5214] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5216] ftruncate(4, 2) = 0 [pid 5216] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5216] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5214] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5215] <... futex resumed>) = 0 [pid 5214] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 84.307557][ T5215] loop0: detected capacity change from 0 to 4096 [pid 5215] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5215] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5215] <... futex resumed>) = 1 [pid 5214] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5215] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5214] <... futex resumed>) = 0 [pid 5214] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5215] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] <... futex resumed>) = 0 [pid 5214] exit_group(0 [pid 5215] ???( [pid 5214] <... exit_group resumed>) = ? [pid 5215] <... ??? resumed>) = ? [pid 5216] <... futex resumed>) = ? [pid 5215] +++ exited with 0 +++ [pid 5216] +++ exited with 0 +++ [pid 5214] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5214, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5217 attached [pid 5217] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5217 [pid 5217] chdir("./61") = 0 [pid 5217] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5217] setpgid(0, 0) = 0 [pid 5217] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5217] write(3, "1000", 4) = 4 [pid 5217] close(3) = 0 [pid 5217] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5217] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5217] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5217] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5218 attached [pid 5218] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5218] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... clone3 resumed> => {parent_tid=[5218]}, 88) = 5218 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = 0 [pid 5217] <... futex resumed>) = 1 [pid 5218] memfd_create("syzkaller", 0 [pid 5217] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5218] <... memfd_create resumed>) = 3 [pid 5218] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5218] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5218] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5218] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5218] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5218] close(3) = 0 [pid 5218] mkdir("./file2", 0777) = 0 [pid 5218] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5218] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5218] chdir("./file2") = 0 [pid 5218] ioctl(4, LOOP_CLR_FD) = 0 [pid 5218] close(4) = 0 [pid 5218] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] <... open resumed>) = 4 [pid 5218] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5218] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5217] <... futex resumed>) = 0 [pid 5218] <... mmap resumed>) = 0x20000000 [pid 5217] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5217] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5217] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5217] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5218] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... clone3 resumed> => {parent_tid=[5219]}, 88) = 5219 ./strace-static-x86_64: Process 5219 attached [pid 5219] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] <... rseq resumed>) = 0 [pid 5217] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5217] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5217] <... futex resumed>) = 0 [pid 5219] ftruncate(4, 2 [pid 5218] <... futex resumed>) = 0 [pid 5217] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5219] <... ftruncate resumed>) = 0 [pid 5218] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5217] <... futex resumed>) = 0 [pid 5217] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5218] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5217] <... futex resumed>) = 0 [pid 5218] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5218] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5217] <... futex resumed>) = 0 [pid 5218] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5217] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5218] <... futex resumed>) = 0 [pid 5218] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5217] exit_group(0) = ? [pid 5218] <... futex resumed>) = ? [pid 5219] <... futex resumed>) = ? [pid 5219] +++ exited with 0 +++ [pid 5218] +++ exited with 0 +++ [pid 5217] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5217, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 84.482178][ T5218] loop0: detected capacity change from 0 to 4096 umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5220 attached , child_tidptr=0x555556ff8690) = 5220 [pid 5220] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5220] chdir("./62") = 0 [pid 5220] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5220] setpgid(0, 0) = 0 [pid 5220] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5220] write(3, "1000", 4) = 4 [pid 5220] close(3) = 0 [pid 5220] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5220] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5220] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5220] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5221 attached => {parent_tid=[5221]}, 88) = 5221 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5220] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5221] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5221] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5221] memfd_create("syzkaller", 0) = 3 [pid 5221] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5221] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5221] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5221] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5221] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5221] close(3) = 0 [pid 5221] mkdir("./file2", 0777) = 0 [pid 5221] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5221] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5221] chdir("./file2") = 0 [pid 5221] ioctl(4, LOOP_CLR_FD) = 0 [pid 5221] close(4) = 0 [pid 5221] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] <... futex resumed>) = 0 [pid 5220] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5221] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5221] <... futex resumed>) = 0 [pid 5220] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5221] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5220] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5220] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5221] <... mmap resumed>) = 0x20000000 [pid 5221] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5221] <... futex resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5221] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5222 attached => {parent_tid=[5222]}, 88) = 5222 [pid 5222] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5222] <... rseq resumed>) = 0 [pid 5222] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5220] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] ftruncate(4, 2) = 0 [pid 5220] <... futex resumed>) = 0 [pid 5222] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5220] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5221] <... futex resumed>) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5220] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5221] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5221] <... futex resumed>) = 0 [pid 5220] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5221] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5221] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] <... futex resumed>) = 0 [pid 5221] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5220] exit_group(0 [pid 5222] <... futex resumed>) = ? [pid 5221] <... futex resumed>) = ? [pid 5222] +++ exited with 0 +++ [pid 5221] +++ exited with 0 +++ [pid 5220] <... exit_group resumed>) = ? [pid 5220] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5220, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 84.625640][ T5221] loop0: detected capacity change from 0 to 4096 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5223 attached , child_tidptr=0x555556ff8690) = 5223 [pid 5223] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5223] chdir("./63") = 0 [pid 5223] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5223] setpgid(0, 0) = 0 [pid 5223] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5223] write(3, "1000", 4) = 4 [pid 5223] close(3) = 0 [pid 5223] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5223] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5223] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5223] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5224 attached => {parent_tid=[5224]}, 88) = 5224 [pid 5224] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5224] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5224] <... set_robust_list resumed>) = 0 [pid 5223] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] <... futex resumed>) = 0 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5224] memfd_create("syzkaller", 0) = 3 [pid 5224] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5224] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5224] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5224] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5224] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5224] close(3) = 0 [pid 5224] mkdir("./file2", 0777) = 0 [pid 5224] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5224] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5224] chdir("./file2") = 0 [pid 5224] ioctl(4, LOOP_CLR_FD) = 0 [pid 5224] close(4) = 0 [pid 5224] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5224] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5223] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5224] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5223] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] <... mmap resumed>) = 0x20000000 [pid 5223] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5223] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5225 attached [pid 5225] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5223] <... clone3 resumed> => {parent_tid=[5225]}, 88) = 5225 [pid 5225] set_robust_list(0x7f8f94b099a0, 24 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] <... set_robust_list resumed>) = 0 [pid 5223] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], [pid 5223] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5223] <... futex resumed>) = 0 [pid 5225] ftruncate(4, 2 [pid 5223] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... ftruncate resumed>) = 0 [pid 5225] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5225] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... open resumed>) = 5 [pid 5224] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 0 [pid 5223] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 1 [pid 5225] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5224] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5223] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5224] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5224] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] <... futex resumed>) = 0 [pid 5224] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5223] exit_group(0 [pid 5225] <... futex resumed>) = ? [pid 5224] <... futex resumed>) = ? [pid 5225] +++ exited with 0 +++ [pid 5224] +++ exited with 0 +++ [pid 5223] <... exit_group resumed>) = ? [pid 5223] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5223, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 [ 84.742917][ T5224] loop0: detected capacity change from 0 to 4096 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5226 attached , child_tidptr=0x555556ff8690) = 5226 [pid 5226] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5226] chdir("./64") = 0 [pid 5226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5226] setpgid(0, 0) = 0 [pid 5226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5226] write(3, "1000", 4) = 4 [pid 5226] close(3) = 0 [pid 5226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5226] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5226] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5227]}, 88) = 5227 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5226] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5227 attached [pid 5227] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5227] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5227] memfd_create("syzkaller", 0) = 3 [pid 5227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5227] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5227] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5227] close(3) = 0 [pid 5227] mkdir("./file2", 0777) = 0 [pid 5227] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5227] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5227] chdir("./file2") = 0 [pid 5227] ioctl(4, LOOP_CLR_FD) = 0 [pid 5227] close(4) = 0 [pid 5227] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5226] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5227] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5226] <... futex resumed>) = 0 [pid 5227] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5226] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... mmap resumed>) = 0x20000000 [pid 5226] <... futex resumed>) = 0 [pid 5226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5227] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5226] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5227] <... futex resumed>) = 0 [pid 5226] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5227] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... mprotect resumed>) = 0 [pid 5226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5228 attached => {parent_tid=[5228]}, 88) = 5228 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5228] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5226] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5226] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] ftruncate(4, 2) = 0 [pid 5228] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [pid 5227] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5226] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... open resumed>) = 5 [pid 5227] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] <... futex resumed>) = 0 [pid 5226] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] <... futex resumed>) = 0 [pid 5226] <... futex resumed>) = 1 [ 84.859792][ T5227] loop0: detected capacity change from 0 to 4096 [pid 5227] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5226] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5227] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5227] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5226] <... futex resumed>) = 0 [pid 5227] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5226] exit_group(0 [pid 5228] <... futex resumed>) = ? [pid 5227] <... futex resumed>) = ? [pid 5226] <... exit_group resumed>) = ? [pid 5228] +++ exited with 0 +++ [pid 5227] +++ exited with 0 +++ [pid 5226] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5226, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5229 attached , child_tidptr=0x555556ff8690) = 5229 [pid 5229] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5229] chdir("./65") = 0 [pid 5229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5229] setpgid(0, 0) = 0 [pid 5229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5229] write(3, "1000", 4) = 4 [pid 5229] close(3) = 0 [pid 5229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5229] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5229] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5229] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5230]}, 88) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5230] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5230] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5230] memfd_create("syzkaller", 0) = 3 [pid 5230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5230] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5230] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5230] close(3) = 0 [pid 5230] mkdir("./file2", 0777) = 0 [pid 5230] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5230] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5230] chdir("./file2") = 0 [pid 5230] ioctl(4, LOOP_CLR_FD) = 0 [pid 5230] close(4) = 0 [pid 5230] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5230] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5229] <... futex resumed>) = 0 [pid 5230] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5229] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] <... open resumed>) = 4 [pid 5230] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5229] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] <... mmap resumed>) = 0x20000000 [pid 5229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5229] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5230] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... mprotect resumed>) = 0 [pid 5229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5231 attached => {parent_tid=[5231]}, 88) = 5231 [pid 5231] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], [pid 5231] set_robust_list(0x7f8f94b099a0, 24 [pid 5229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5231] <... set_robust_list resumed>) = 0 [pid 5229] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] <... futex resumed>) = 0 [pid 5231] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5229] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] ftruncate(4, 2) = 0 [pid 5231] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5231] <... futex resumed>) = 1 [pid 5229] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5229] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=48000000} [pid 5230] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5230] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5229] <... futex resumed>) = 0 [pid 5229] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5229] <... futex resumed>) = 0 [pid 5230] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5229] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5230] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5229] <... futex resumed>) = 0 [pid 5230] <... futex resumed>) = 1 [pid 5230] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5229] exit_group(0 [pid 5231] <... futex resumed>) = ? [pid 5230] <... futex resumed>) = ? [pid 5229] <... exit_group resumed>) = ? [pid 5231] +++ exited with 0 +++ [pid 5230] +++ exited with 0 +++ [pid 5229] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5229, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 [ 85.023946][ T5230] loop0: detected capacity change from 0 to 4096 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5232 attached , child_tidptr=0x555556ff8690) = 5232 [pid 5232] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5232] chdir("./66") = 0 [pid 5232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5232] setpgid(0, 0) = 0 [pid 5232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5232] write(3, "1000", 4) = 4 [pid 5232] close(3) = 0 [pid 5232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5232] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5232] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5233 attached => {parent_tid=[5233]}, 88) = 5233 [pid 5233] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5232] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] <... futex resumed>) = 0 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5233] memfd_create("syzkaller", 0) = 3 [pid 5233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5233] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5233] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5233] close(3) = 0 [pid 5233] mkdir("./file2", 0777) = 0 [pid 5233] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5233] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5233] chdir("./file2") = 0 [pid 5233] ioctl(4, LOOP_CLR_FD) = 0 [pid 5233] close(4) = 0 [pid 5233] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] <... futex resumed>) = 0 [pid 5232] <... futex resumed>) = 1 [pid 5232] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5233] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5232] <... futex resumed>) = 0 [pid 5232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5233] <... mmap resumed>) = 0x20000000 [pid 5232] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5233] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5232] <... mprotect resumed>) = 0 [pid 5233] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5234 attached [pid 5234] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5232] <... clone3 resumed> => {parent_tid=[5234]}, 88) = 5234 [pid 5234] <... rseq resumed>) = 0 [pid 5232] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] set_robust_list(0x7f8f94b099a0, 24 [pid 5232] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5232] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] <... futex resumed>) = 0 [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] ftruncate(4, 2) = 0 [pid 5234] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5234] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5232] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5233] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5232] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [ 85.166880][ T5233] loop0: detected capacity change from 0 to 4096 [pid 5232] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5233] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5233] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5232] <... futex resumed>) = 0 [pid 5233] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5232] exit_group(0 [pid 5234] <... futex resumed>) = ? [pid 5233] <... futex resumed>) = ? [pid 5232] <... exit_group resumed>) = ? [pid 5234] +++ exited with 0 +++ [pid 5233] +++ exited with 0 +++ [pid 5232] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5232, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5235 attached , child_tidptr=0x555556ff8690) = 5235 [pid 5235] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5235] chdir("./67") = 0 [pid 5235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5235] setpgid(0, 0) = 0 [pid 5235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5235] write(3, "1000", 4) = 4 [pid 5235] close(3) = 0 [pid 5235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5235] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5235] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5235] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5236 attached => {parent_tid=[5236]}, 88) = 5236 [pid 5236] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5236] <... rseq resumed>) = 0 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5236] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5235] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] <... futex resumed>) = 0 [pid 5236] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5236] memfd_create("syzkaller", 0) = 3 [pid 5236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5236] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5236] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5236] close(3) = 0 [pid 5236] mkdir("./file2", 0777) = 0 [pid 5236] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5236] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5236] chdir("./file2") = 0 [pid 5236] ioctl(4, LOOP_CLR_FD) = 0 [pid 5236] close(4) = 0 [pid 5236] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5235] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... open resumed>) = 4 [pid 5236] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5235] <... futex resumed>) = 0 [pid 5236] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5235] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... mmap resumed>) = 0x20000000 [pid 5236] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5235] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5235] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5237 attached [pid 5237] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5235] <... clone3 resumed> => {parent_tid=[5237]}, 88) = 5237 [pid 5237] <... rseq resumed>) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], [pid 5237] set_robust_list(0x7f8f94b099a0, 24 [pid 5235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5237] <... set_robust_list resumed>) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], [pid 5235] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5235] <... futex resumed>) = 0 [pid 5237] ftruncate(4, 2) = 0 [pid 5235] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5237] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [ 85.299487][ T5236] loop0: detected capacity change from 0 to 4096 [pid 5236] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5235] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] <... open resumed>) = 5 [pid 5236] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = 0 [pid 5235] <... futex resumed>) = 1 [pid 5235] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5236] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5236] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5235] <... futex resumed>) = 0 [pid 5236] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5235] exit_group(0 [pid 5237] <... futex resumed>) = ? [pid 5236] <... futex resumed>) = ? [pid 5235] <... exit_group resumed>) = ? [pid 5237] +++ exited with 0 +++ [pid 5236] +++ exited with 0 +++ [pid 5235] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5235, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached , child_tidptr=0x555556ff8690) = 5238 [pid 5238] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5238] chdir("./68") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5238] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5239 attached [pid 5239] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5238] <... clone3 resumed> => {parent_tid=[5239]}, 88) = 5239 [pid 5239] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5239] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5238] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5239] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5239] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./file2", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5239] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file2") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5239] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5238] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... open resumed>) = 4 [pid 5239] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5238] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... mmap resumed>) = 0x20000000 [pid 5238] <... futex resumed>) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5239] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5238] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5239] <... futex resumed>) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5239] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5240 attached => {parent_tid=[5240]}, 88) = 5240 [pid 5240] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5240] set_robust_list(0x7f8f94b099a0, 24 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5238] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] ftruncate(4, 2) = 0 [pid 5240] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5240] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] <... futex resumed>) = 0 [pid 5238] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5239] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = 0 [pid 5239] <... futex resumed>) = 1 [pid 5238] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5238] <... futex resumed>) = 0 [pid 5239] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5238] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5238] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5239] <... futex resumed>) = 0 [pid 5238] exit_group(0) = ? [pid 5240] <... futex resumed>) = ? [pid 5239] +++ exited with 0 +++ [pid 5240] +++ exited with 0 +++ [pid 5238] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5238, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 85.454408][ T5239] loop0: detected capacity change from 0 to 4096 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5241] chdir("./69") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5241 [pid 5241] <... setpgid resumed>) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5241] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5242 attached => {parent_tid=[5242]}, 88) = 5242 [pid 5242] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5241] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5242] <... rseq resumed>) = 0 [pid 5241] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5242] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5242] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file2", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5242] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file2") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 1 [pid 5241] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... open resumed>) = 4 [pid 5242] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5242] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5241] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5241] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5242] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... mprotect resumed>) = 0 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5243]}, 88) = 5243 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5241] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5243 attached [pid 5243] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5243] <... rseq resumed>) = 0 [pid 5243] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5243] ftruncate(4, 2) = 0 [pid 5243] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5243] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = 0 [pid 5241] <... futex resumed>) = 1 [pid 5242] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5241] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... open resumed>) = 5 [pid 5242] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5242] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5241] <... futex resumed>) = 0 [pid 5242] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5241] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5241] exit_group(0 [pid 5243] <... futex resumed>) = ? [pid 5241] <... exit_group resumed>) = ? [pid 5243] +++ exited with 0 +++ [pid 5242] +++ exited with 0 +++ [pid 5241] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5241, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 85.587109][ T5242] loop0: detected capacity change from 0 to 4096 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached [pid 5244] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5244] chdir("./70") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5244] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5245 attached => {parent_tid=[5245]}, 88) = 5245 [pid 5245] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5245] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5245] <... set_robust_list resumed>) = 0 [pid 5244] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] <... futex resumed>) = 0 [pid 5245] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5244 [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5245] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5245] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file2", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5245] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file2") = 0 [pid 5245] ioctl(4, LOOP_CLR_FD) = 0 [pid 5245] close(4) = 0 [pid 5245] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5245] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5244] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5245] <... futex resumed>) = 1 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5246 attached [pid 5245] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< => {parent_tid=[5246]}, 88) = 5246 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5246] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5246] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5246] ftruncate(4, 2) = 0 [pid 5246] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5246] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5245] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5244] <... futex resumed>) = 0 [pid 5245] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5244] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5245] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] exit_group(0 [pid 5246] <... futex resumed>) = ? [pid 5245] <... futex resumed>) = ? [pid 5244] <... exit_group resumed>) = ? [pid 5246] +++ exited with 0 +++ [pid 5245] +++ exited with 0 +++ [pid 5244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5244, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 [ 85.712965][ T5245] loop0: detected capacity change from 0 to 4096 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x555556ff8690) = 5247 [pid 5247] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5247] chdir("./71") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5247] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5248 attached [pid 5248] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5247] <... clone3 resumed> => {parent_tid=[5248]}, 88) = 5248 [pid 5248] <... rseq resumed>) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] <... futex resumed>) = 0 [pid 5248] memfd_create("syzkaller", 0 [pid 5247] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] <... memfd_create resumed>) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5248] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5248] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file2", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5248] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file2") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5247] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... open resumed>) = 4 [pid 5248] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5248] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5248] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5247] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5249 attached => {parent_tid=[5249]}, 88) = 5249 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5247] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5249] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5249] ftruncate(4, 2) = 0 [pid 5249] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5249] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5247] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... open resumed>) = 5 [pid 5248] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 1 [pid 5247] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5247] <... futex resumed>) = 0 [pid 5248] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5247] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5248] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... futex resumed>) = 0 [pid 5247] exit_group(0 [pid 5249] <... futex resumed>) = ? [pid 5248] <... futex resumed>) = ? [pid 5247] <... exit_group resumed>) = ? [pid 5249] +++ exited with 0 +++ [pid 5248] +++ exited with 0 +++ [pid 5247] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5247, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 85.868392][ T5248] loop0: detected capacity change from 0 to 4096 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x555556ff8690) = 5250 [pid 5250] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5250] chdir("./72") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5250] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5251 attached [pid 5251] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5250] <... clone3 resumed> => {parent_tid=[5251]}, 88) = 5251 [pid 5251] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] <... set_robust_list resumed>) = 0 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], [pid 5250] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] memfd_create("syzkaller", 0) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5251] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5251] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./file2", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5251] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file2") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5251] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5251] <... futex resumed>) = 1 [pid 5250] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5251] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5250] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5251] <... mmap resumed>) = 0x20000000 [pid 5250] <... mprotect resumed>) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5252 attached [pid 5251] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... clone3 resumed> => {parent_tid=[5252]}, 88) = 5252 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5252] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] ftruncate(4, 2) = 0 [pid 5252] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5250] <... futex resumed>) = 1 [pid 5251] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5250] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5251] <... open resumed>) = 5 [pid 5251] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] <... futex resumed>) = 1 [pid 5251] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5251] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5251] <... futex resumed>) = 1 [pid 5251] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] exit_group(0 [pid 5251] <... futex resumed>) = ? [pid 5250] <... exit_group resumed>) = ? [pid 5252] <... futex resumed>) = ? [pid 5251] +++ exited with 0 +++ [pid 5252] +++ exited with 0 +++ [pid 5250] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5250, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 85.976485][ T5251] loop0: detected capacity change from 0 to 4096 umount2("./72/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x555556ff8690) = 5253 [pid 5253] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5253] chdir("./73") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5253] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5254 attached => {parent_tid=[5254]}, 88) = 5254 [pid 5254] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] <... rseq resumed>) = 0 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5253] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... set_robust_list resumed>) = 0 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] <... futex resumed>) = 0 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] memfd_create("syzkaller", 0) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5254] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5254] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file2", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5254] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file2") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... open resumed>) = 4 [pid 5254] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5254] <... mmap resumed>) = 0x20000000 [pid 5253] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5254] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5255 attached => {parent_tid=[5255]}, 88) = 5255 [pid 5255] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5255] <... rseq resumed>) = 0 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5255] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5255] <... futex resumed>) = 0 [pid 5255] ftruncate(4, 2 [pid 5253] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... ftruncate resumed>) = 0 [pid 5255] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = 0 [pid 5255] <... futex resumed>) = 1 [pid 5253] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5255] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 1 [pid 5253] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... futex resumed>) = 0 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5254] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5253] <... futex resumed>) = 0 [pid 5254] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5253] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5254] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5254] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] exit_group(0) = ? [pid 5255] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5255] +++ exited with 0 +++ [pid 5254] +++ exited with 0 +++ [pid 5253] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5253, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 86.100963][ T5254] loop0: detected capacity change from 0 to 4096 restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5256 ./strace-static-x86_64: Process 5256 attached [pid 5256] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5256] chdir("./74") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5256] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5257]}, 88) = 5257 ./strace-static-x86_64: Process 5257 attached [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5257] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] <... set_robust_list resumed>) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] memfd_create("syzkaller", 0 [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] <... memfd_create resumed>) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5257] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5257] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file2", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5257] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file2") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5257] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5256] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... mmap resumed>) = 0x20000000 [pid 5256] <... futex resumed>) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5257] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5256] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5257] <... futex resumed>) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5257] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5258 attached [pid 5258] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5256] <... clone3 resumed> => {parent_tid=[5258]}, 88) = 5258 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5258] <... rseq resumed>) = 0 [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5258] set_robust_list(0x7f8f94b099a0, 24 [pid 5256] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5258] <... set_robust_list resumed>) = 0 [pid 5256] <... futex resumed>) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] ftruncate(4, 2) = 0 [pid 5256] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5258] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5256] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... open resumed>) = 5 [pid 5257] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5256] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5257] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] exit_group(0 [pid 5258] <... futex resumed>) = ? [pid 5257] <... futex resumed>) = ? [pid 5256] <... exit_group resumed>) = ? [pid 5258] +++ exited with 0 +++ [pid 5257] +++ exited with 0 +++ [pid 5256] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5256, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 86.233611][ T5257] loop0: detected capacity change from 0 to 4096 unlink("./74/binderfs") = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5259 attached , child_tidptr=0x555556ff8690) = 5259 [pid 5259] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5259] chdir("./75") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5259] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5260 attached => {parent_tid=[5260]}, 88) = 5260 [pid 5260] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... rseq resumed>) = 0 [pid 5260] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5259] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] <... futex resumed>) = 0 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5260] memfd_create("syzkaller", 0) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5260] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5260] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] mkdir("./file2", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5260] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file2") = 0 [pid 5260] ioctl(4, LOOP_CLR_FD) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = 1 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5260] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5259] <... futex resumed>) = 0 [pid 5260] <... mmap resumed>) = 0x20000000 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5259] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5260] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5261 attached ) = 0 [pid 5259] <... clone3 resumed> => {parent_tid=[5261]}, 88) = 5261 [pid 5261] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] <... rseq resumed>) = 0 [pid 5260] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5261] set_robust_list(0x7f8f94b099a0, 24 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5259] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] <... futex resumed>) = 0 [pid 5261] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] ftruncate(4, 2 [pid 5259] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5261] <... ftruncate resumed>) = 0 [pid 5261] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5261] <... futex resumed>) = 0 [pid 5259] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... futex resumed>) = 1 [pid 5260] <... futex resumed>) = 0 [pid 5259] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5260] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5260] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5259] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5260] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] exit_group(0 [pid 5261] <... futex resumed>) = ? [pid 5260] <... futex resumed>) = ? [pid 5259] <... exit_group resumed>) = ? [pid 5261] +++ exited with 0 +++ [pid 5260] +++ exited with 0 +++ [pid 5259] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5259, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 86.362544][ T5260] loop0: detected capacity change from 0 to 4096 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5262 ./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5262] chdir("./76") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5262] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5263]}, 88) = 5263 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5263 attached [pid 5262] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5262] <... futex resumed>) = 0 [pid 5263] <... rseq resumed>) = 0 [pid 5263] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5263] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5263] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file2", 0777) = 0 [pid 5263] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5263] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file2") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5263] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5262] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... open resumed>) = 4 [pid 5263] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5263] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5262] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5263] <... mmap resumed>) = 0x20000000 [pid 5262] <... mprotect resumed>) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5263] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5264]}, 88) = 5264 ./strace-static-x86_64: Process 5264 attached [pid 5262] rt_sigprocmask(SIG_SETMASK, [], [pid 5264] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5263] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5262] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5264] <... rseq resumed>) = 0 [pid 5262] <... futex resumed>) = 0 [pid 5264] set_robust_list(0x7f8f94b099a0, 24 [pid 5262] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5264] <... set_robust_list resumed>) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] ftruncate(4, 2) = 0 [pid 5264] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5264] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5262] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5263] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5262] <... futex resumed>) = 0 [pid 5263] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5262] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] exit_group(0 [pid 5264] <... futex resumed>) = ? [pid 5262] <... exit_group resumed>) = ? [pid 5264] +++ exited with 0 +++ [pid 5263] <... futex resumed>) = ? [pid 5263] +++ exited with 0 +++ [pid 5262] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5262, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 [ 86.522515][ T5263] loop0: detected capacity change from 0 to 4096 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5265] chdir("./77") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5265 [pid 5265] <... setpgid resumed>) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5265] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5265] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5266]}, 88) = 5266 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5265] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5266 attached [pid 5266] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5266] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5266] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5266] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5266] close(3) = 0 [pid 5266] mkdir("./file2", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5266] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5266] chdir("./file2") = 0 [pid 5266] ioctl(4, LOOP_CLR_FD) = 0 [pid 5266] close(4) = 0 [pid 5266] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5266] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5265] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... open resumed>) = 4 [pid 5266] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5266] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5265] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5265] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5267 attached [pid 5267] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5265] <... clone3 resumed> => {parent_tid=[5267]}, 88) = 5267 [pid 5267] set_robust_list(0x7f8f94b099a0, 24 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], [pid 5266] <... mmap resumed>) = 0x20000000 [pid 5267] <... set_robust_list resumed>) = 0 [pid 5265] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], [pid 5265] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5267] ftruncate(4, 2 [pid 5266] <... futex resumed>) = 0 [pid 5265] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] <... ftruncate resumed>) = 0 [pid 5266] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5267] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] <... futex resumed>) = 0 [pid 5265] <... futex resumed>) = 1 [pid 5267] <... futex resumed>) = 1 [pid 5265] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5267] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5266] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5266] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5265] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5266] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5266] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] exit_group(0 [pid 5267] <... futex resumed>) = ? [pid 5265] <... exit_group resumed>) = ? [pid 5267] +++ exited with 0 +++ [pid 5266] <... futex resumed>) = ? [pid 5266] +++ exited with 0 +++ [pid 5265] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5265, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 86.696842][ T5266] loop0: detected capacity change from 0 to 4096 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5269 attached , child_tidptr=0x555556ff8690) = 5269 [pid 5269] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5269] chdir("./78") = 0 [pid 5269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5269] setpgid(0, 0) = 0 [pid 5269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5269] write(3, "1000", 4) = 4 [pid 5269] close(3) = 0 [ 86.756589][ T9] cfg80211: failed to load regulatory.db [pid 5269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5269] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5269] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5270 attached => {parent_tid=[5270]}, 88) = 5270 [pid 5270] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5270] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5270] <... set_robust_list resumed>) = 0 [pid 5269] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] memfd_create("syzkaller", 0 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5270] <... memfd_create resumed>) = 3 [pid 5270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5270] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5270] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5270] close(3) = 0 [pid 5270] mkdir("./file2", 0777) = 0 [pid 5270] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5270] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5270] chdir("./file2") = 0 [pid 5270] ioctl(4, LOOP_CLR_FD) = 0 [pid 5270] close(4) = 0 [pid 5270] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... futex resumed>) = 1 [pid 5270] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5270] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5270] <... futex resumed>) = 1 [pid 5269] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5270] <... mmap resumed>) = 0x20000000 [pid 5270] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5270] <... futex resumed>) = 0 [pid 5269] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5270] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5271]}, 88) = 5271 ./strace-static-x86_64: Process 5271 attached [pid 5269] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] set_robust_list(0x7f8f94b099a0, 24 [pid 5269] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] <... set_robust_list resumed>) = 0 [pid 5269] <... futex resumed>) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5271] ftruncate(4, 2) = 0 [pid 5269] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5271] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] <... futex resumed>) = 0 [pid 5269] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = 0 [pid 5269] <... futex resumed>) = 1 [pid 5270] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5269] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... open resumed>) = 5 [pid 5270] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] <... futex resumed>) = 0 [pid 5270] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5269] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5270] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5270] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5270] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5269] exit_group(0 [pid 5271] <... futex resumed>) = ? [pid 5270] <... futex resumed>) = ? [pid 5269] <... exit_group resumed>) = ? [pid 5270] +++ exited with 0 +++ [pid 5271] +++ exited with 0 +++ [pid 5269] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5269, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.845660][ T5270] loop0: detected capacity change from 0 to 4096 newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5272 attached , child_tidptr=0x555556ff8690) = 5272 [pid 5272] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5272] chdir("./79") = 0 [pid 5272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5272] setpgid(0, 0) = 0 [pid 5272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5272] write(3, "1000", 4) = 4 [pid 5272] close(3) = 0 [pid 5272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5272] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5272] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5272] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5273 attached [pid 5273] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5273] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5273] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... clone3 resumed> => {parent_tid=[5273]}, 88) = 5273 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5273] memfd_create("syzkaller", 0 [pid 5272] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5273] <... memfd_create resumed>) = 3 [pid 5273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5273] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5273] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5273] close(3) = 0 [pid 5273] mkdir("./file2", 0777) = 0 [pid 5273] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5273] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5273] chdir("./file2") = 0 [pid 5273] ioctl(4, LOOP_CLR_FD) = 0 [pid 5273] close(4) = 0 [pid 5273] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... futex resumed>) = 0 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5273] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5273] <... futex resumed>) = 0 [pid 5273] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5272] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... mmap resumed>) = 0x20000000 [pid 5272] <... futex resumed>) = 0 [ 86.983130][ T5273] loop0: detected capacity change from 0 to 4096 [ 87.013810][ T28] kauditd_printk_skb: 73 callbacks suppressed [pid 5272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5272] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5274]}, 88) = 5274 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] <... futex resumed>) = 0 [pid 5272] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5274 attached [pid 5274] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5274] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] ftruncate(4, 2) = 0 [pid 5274] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] <... futex resumed>) = 0 [pid 5272] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = 0 [pid 5272] <... futex resumed>) = 1 [pid 5273] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5272] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... open resumed>) = 5 [pid 5273] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5272] <... futex resumed>) = 0 [pid 5273] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5272] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5273] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5273] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5272] <... futex resumed>) = 0 [pid 5273] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5272] exit_group(0 [pid 5273] <... futex resumed>) = ? [pid 5272] <... exit_group resumed>) = ? [pid 5273] +++ exited with 0 +++ [pid 5274] <... futex resumed>) = ? [pid 5274] +++ exited with 0 +++ [pid 5272] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5272, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 87.013825][ T28] audit: type=1800 audit(1697944379.827:237): pid=5273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 87.041091][ T28] audit: type=1800 audit(1697944379.847:238): pid=5273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5275 ./strace-static-x86_64: Process 5275 attached [pid 5275] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5275] chdir("./80") = 0 [pid 5275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5275] setpgid(0, 0) = 0 [pid 5275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5275] write(3, "1000", 4) = 4 [pid 5275] close(3) = 0 [pid 5275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5275] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5275] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5276 attached => {parent_tid=[5276]}, 88) = 5276 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], [pid 5276] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5276] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5275] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5276] memfd_create("syzkaller", 0) = 3 [pid 5276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [ 87.066452][ T28] audit: type=1800 audit(1697944379.887:239): pid=5273 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5276] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5276] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5276] close(3) = 0 [pid 5276] mkdir("./file2", 0777) = 0 [pid 5276] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5276] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5276] chdir("./file2") = 0 [pid 5276] ioctl(4, LOOP_CLR_FD) = 0 [pid 5276] close(4) = 0 [pid 5276] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5275] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... open resumed>) = 4 [pid 5276] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5276] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5275] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... mmap resumed>) = 0x20000000 [pid 5275] <... futex resumed>) = 0 [ 87.152836][ T5276] loop0: detected capacity change from 0 to 4096 [pid 5276] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5276] <... futex resumed>) = 0 [pid 5276] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5275] <... futex resumed>) = 0 [pid 5275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5275] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5277]}, 88) = 5277 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5275] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5277 attached [pid 5277] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5277] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5277] ftruncate(4, 2) = 0 [pid 5277] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5277] <... futex resumed>) = 1 [pid 5276] <... futex resumed>) = 0 [pid 5275] <... futex resumed>) = 1 [pid 5277] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5276] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5275] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... open resumed>) = 5 [pid 5276] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5276] <... futex resumed>) = 1 [pid 5276] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5275] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5276] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5276] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5275] <... futex resumed>) = 0 [pid 5275] exit_group(0 [pid 5276] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... futex resumed>) = ? [pid 5276] <... futex resumed>) = ? [pid 5277] +++ exited with 0 +++ [pid 5276] +++ exited with 0 +++ [pid 5275] <... exit_group resumed>) = ? [pid 5275] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5275, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 [ 87.188460][ T28] audit: type=1800 audit(1697944380.007:240): pid=5276 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 87.208795][ T28] audit: type=1800 audit(1697944380.007:241): pid=5276 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 87.230183][ T28] audit: type=1800 audit(1697944380.047:242): pid=5276 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5278 attached , child_tidptr=0x555556ff8690) = 5278 [pid 5278] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5278] chdir("./81") = 0 [pid 5278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5278] setpgid(0, 0) = 0 [pid 5278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5278] write(3, "1000", 4) = 4 [pid 5278] close(3) = 0 [pid 5278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5278] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5278] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5279 attached => {parent_tid=[5279]}, 88) = 5279 [pid 5279] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5279] <... rseq resumed>) = 0 [pid 5279] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5278] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] <... futex resumed>) = 0 [pid 5279] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5279] memfd_create("syzkaller", 0) = 3 [pid 5279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5279] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5279] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5279] close(3) = 0 [pid 5279] mkdir("./file2", 0777) = 0 [pid 5279] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5279] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5279] chdir("./file2") = 0 [pid 5279] ioctl(4, LOOP_CLR_FD) = 0 [pid 5279] close(4) = 0 [pid 5279] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] <... futex resumed>) = 1 [ 87.337247][ T5279] loop0: detected capacity change from 0 to 4096 [pid 5279] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5279] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5279] <... futex resumed>) = 1 [pid 5278] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] <... mmap resumed>) = 0x20000000 [pid 5278] <... futex resumed>) = 0 [pid 5278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5278] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5280 attached => {parent_tid=[5280]}, 88) = 5280 [pid 5280] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] set_robust_list(0x7f8f94b099a0, 24 [pid 5278] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... set_robust_list resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5278] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] ftruncate(4, 2) = 0 [pid 5280] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5280] <... futex resumed>) = 1 [pid 5278] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5278] <... futex resumed>) = 0 [pid 5278] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] <... futex resumed>) = 0 [pid 5280] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5279] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5279] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = 0 [pid 5280] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5280] <... futex resumed>) = 0 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5278] exit_group(0 [pid 5280] <... futex resumed>) = ? [pid 5278] <... exit_group resumed>) = ? [pid 5280] +++ exited with 0 +++ [pid 5279] +++ exited with 0 +++ [pid 5278] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5278, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 87.374649][ T28] audit: type=1800 audit(1697944380.197:243): pid=5279 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 87.396653][ T28] audit: type=1800 audit(1697944380.217:244): pid=5279 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 87.417589][ T28] audit: type=1800 audit(1697944380.217:245): pid=5280 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5281 attached , child_tidptr=0x555556ff8690) = 5281 [pid 5281] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5281] chdir("./82") = 0 [pid 5281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5281] setpgid(0, 0) = 0 [pid 5281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5281] write(3, "1000", 4) = 4 [pid 5281] close(3) = 0 [pid 5281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5281] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5281] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5282 attached => {parent_tid=[5282]}, 88) = 5282 [pid 5282] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], [pid 5282] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5281] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5282] <... set_robust_list resumed>) = 0 [pid 5281] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], [pid 5281] <... futex resumed>) = 0 [pid 5282] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5281] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5282] memfd_create("syzkaller", 0) = 3 [pid 5282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5282] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5282] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5282] close(3) = 0 [pid 5282] mkdir("./file2", 0777) = 0 [pid 5282] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5282] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5282] chdir("./file2") = 0 [pid 5282] ioctl(4, LOOP_CLR_FD) = 0 [pid 5282] close(4) = 0 [pid 5282] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5282] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5281] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... open resumed>) = 4 [pid 5282] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5281] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5282] <... futex resumed>) = 1 [ 87.511322][ T5282] loop0: detected capacity change from 0 to 4096 [pid 5282] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5281] <... clone3 resumed> => {parent_tid=[5283]}, 88) = 5283 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... mmap resumed>) = 0x20000000 [pid 5282] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5282] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5283 attached [pid 5283] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] ftruncate(4, 2) = 0 [pid 5283] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] <... futex resumed>) = 0 [pid 5283] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] <... futex resumed>) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5282] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5281] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] <... open resumed>) = 5 [pid 5282] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5282] <... futex resumed>) = 1 [pid 5281] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5282] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5281] <... futex resumed>) = 0 [pid 5282] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5281] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5282] <... futex resumed>) = 0 [pid 5282] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5281] exit_group(0 [pid 5283] <... futex resumed>) = ? [pid 5282] <... futex resumed>) = ? [pid 5281] <... exit_group resumed>) = ? [pid 5283] +++ exited with 0 +++ [pid 5282] +++ exited with 0 +++ [pid 5281] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5281, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5284 attached , child_tidptr=0x555556ff8690) = 5284 [pid 5284] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5284] chdir("./83") = 0 [pid 5284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5284] setpgid(0, 0) = 0 [pid 5284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5284] write(3, "1000", 4) = 4 [pid 5284] close(3) = 0 [pid 5284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5284] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 87.560111][ T28] audit: type=1800 audit(1697944380.377:246): pid=5282 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5284] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5284] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5285 attached [pid 5285] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5284] <... clone3 resumed> => {parent_tid=[5285]}, 88) = 5285 [pid 5285] <... rseq resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5284] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] <... futex resumed>) = 0 [pid 5285] memfd_create("syzkaller", 0 [pid 5284] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5285] <... memfd_create resumed>) = 3 [pid 5285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5285] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5285] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5285] close(3) = 0 [pid 5285] mkdir("./file2", 0777) = 0 [pid 5285] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5285] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5285] chdir("./file2") = 0 [pid 5285] ioctl(4, LOOP_CLR_FD) = 0 [pid 5285] close(4) = 0 [pid 5285] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5285] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5285] <... futex resumed>) = 1 [pid 5285] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] <... futex resumed>) = 0 [pid 5285] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5284] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5285] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5285] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5286]}, 88) = 5286 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5286 attached [pid 5284] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5286] <... rseq resumed>) = 0 [pid 5286] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5286] ftruncate(4, 2) = 0 [pid 5286] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5285] <... futex resumed>) = 0 [pid 5284] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5285] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5284] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5285] <... futex resumed>) = 1 [pid 5285] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5285] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5285] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5284] exit_group(0 [pid 5285] <... futex resumed>) = ? [pid 5286] <... futex resumed>) = ? [pid 5284] <... exit_group resumed>) = ? [pid 5286] +++ exited with 0 +++ [pid 5285] +++ exited with 0 +++ [pid 5284] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5284, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 [ 87.657647][ T5285] loop0: detected capacity change from 0 to 4096 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5287 attached , child_tidptr=0x555556ff8690) = 5287 [pid 5287] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5287] chdir("./84") = 0 [pid 5287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5287] setpgid(0, 0) = 0 [pid 5287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5287] write(3, "1000", 4) = 4 [pid 5287] close(3) = 0 [pid 5287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5287] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5287] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5288 attached [pid 5288] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5287] <... clone3 resumed> => {parent_tid=[5288]}, 88) = 5288 [pid 5288] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], [pid 5288] <... set_robust_list resumed>) = 0 [pid 5287] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], [pid 5287] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5288] memfd_create("syzkaller", 0 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5288] <... memfd_create resumed>) = 3 [pid 5288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5288] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5288] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5288] close(3) = 0 [pid 5288] mkdir("./file2", 0777) = 0 [pid 5288] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5288] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5288] chdir("./file2") = 0 [pid 5288] ioctl(4, LOOP_CLR_FD) = 0 [pid 5288] close(4) = 0 [pid 5288] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... futex resumed>) = 1 [pid 5288] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5288] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5288] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5288] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5288] <... mmap resumed>) = 0x20000000 [pid 5288] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5288] <... futex resumed>) = 0 [pid 5288] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5289 attached [pid 5289] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5289] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... clone3 resumed> => {parent_tid=[5289]}, 88) = 5289 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5287] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5289] ftruncate(4, 2) = 0 [pid 5289] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] <... futex resumed>) = 0 [pid 5287] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5288] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5287] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5288] <... open resumed>) = 5 [pid 5288] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5287] <... futex resumed>) = 0 [pid 5288] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5287] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5288] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5287] <... futex resumed>) = 0 [pid 5288] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5288] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5287] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5287] exit_group(0 [pid 5289] <... futex resumed>) = ? [pid 5287] <... exit_group resumed>) = ? [pid 5289] +++ exited with 0 +++ [pid 5288] <... futex resumed>) = ? [pid 5288] +++ exited with 0 +++ [pid 5287] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5287, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 87.794554][ T5288] loop0: detected capacity change from 0 to 4096 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5290 attached , child_tidptr=0x555556ff8690) = 5290 [pid 5290] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5290] chdir("./85") = 0 [pid 5290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5290] setpgid(0, 0) = 0 [pid 5290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5290] write(3, "1000", 4) = 4 [pid 5290] close(3) = 0 [pid 5290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5290] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5290] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5291]}, 88) = 5291 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5290] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5291 attached [pid 5291] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5291] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5291] memfd_create("syzkaller", 0) = 3 [pid 5291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5291] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5291] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5291] close(3) = 0 [pid 5291] mkdir("./file2", 0777) = 0 [pid 5291] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5291] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5291] chdir("./file2") = 0 [pid 5291] ioctl(4, LOOP_CLR_FD) = 0 [pid 5291] close(4) = 0 [pid 5291] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5291] <... futex resumed>) = 0 [pid 5291] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5290] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5291] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[5292]}, 88) = 5292 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5290] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5292 attached [pid 5292] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5291] <... futex resumed>) = 0 [pid 5291] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] <... rseq resumed>) = 0 [pid 5292] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5292] ftruncate(4, 2) = 0 [pid 5292] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5292] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5290] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 0 [pid 5290] <... futex resumed>) = 1 [pid 5291] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5290] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] <... open resumed>) = 5 [pid 5291] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5291] <... futex resumed>) = 1 [pid 5290] <... futex resumed>) = 0 [pid 5290] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5291] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5291] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = 0 [pid 5291] <... futex resumed>) = 1 [pid 5290] exit_group(0 [pid 5292] <... futex resumed>) = ? [pid 5290] <... exit_group resumed>) = ? [pid 5292] +++ exited with 0 +++ [pid 5291] +++ exited with 0 +++ [pid 5290] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5290, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 87.923371][ T5291] loop0: detected capacity change from 0 to 4096 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5293 ./strace-static-x86_64: Process 5293 attached [pid 5293] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5293] chdir("./86") = 0 [pid 5293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5293] setpgid(0, 0) = 0 [pid 5293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5293] write(3, "1000", 4) = 4 [pid 5293] close(3) = 0 [pid 5293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5293] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5293] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5294] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5293] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = 0 [pid 5293] <... futex resumed>) = 1 [pid 5294] memfd_create("syzkaller", 0 [pid 5293] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5294] <... memfd_create resumed>) = 3 [pid 5294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5294] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5294] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5294] close(3) = 0 [pid 5294] mkdir("./file2", 0777) = 0 [pid 5294] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5294] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5294] chdir("./file2") = 0 [pid 5294] ioctl(4, LOOP_CLR_FD) = 0 [pid 5294] close(4) = 0 [pid 5294] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5294] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5294] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5293] <... futex resumed>) = 0 [pid 5293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5293] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5293] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5294] <... mmap resumed>) = 0x20000000 [pid 5294] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5294] <... futex resumed>) = 0 [pid 5293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5295]}, 88) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5294] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] ftruncate(4, 2) = 0 [pid 5295] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 88.061956][ T5294] loop0: detected capacity change from 0 to 4096 [pid 5293] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5295] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5294] <... futex resumed>) = 0 [pid 5294] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5294] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5294] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5293] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5294] <... futex resumed>) = 0 [pid 5293] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5294] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5294] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5293] <... futex resumed>) = 0 [pid 5293] exit_group(0) = ? [pid 5295] <... futex resumed>) = ? [pid 5295] +++ exited with 0 +++ [pid 5294] +++ exited with 0 +++ [pid 5293] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5293, si_uid=0, si_status=0, si_utime=0, si_stime=8 /* 0.08 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5296 attached , child_tidptr=0x555556ff8690) = 5296 [pid 5296] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5296] chdir("./87") = 0 [pid 5296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5296] setpgid(0, 0) = 0 [pid 5296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5296] write(3, "1000", 4) = 4 [pid 5296] close(3) = 0 [pid 5296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5296] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5296] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5297]}, 88) = 5297 ./strace-static-x86_64: Process 5297 attached [pid 5297] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5297] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5296] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5296] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5297] memfd_create("syzkaller", 0) = 3 [pid 5297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5297] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5297] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5297] close(3) = 0 [pid 5297] mkdir("./file2", 0777) = 0 [pid 5297] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5297] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5297] chdir("./file2") = 0 [pid 5297] ioctl(4, LOOP_CLR_FD) = 0 [pid 5297] close(4) = 0 [pid 5297] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5297] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5296] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... open resumed>) = 4 [pid 5297] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5297] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] <... futex resumed>) = 0 [pid 5297] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5296] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5297] <... mmap resumed>) = 0x20000000 [pid 5296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5296] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5296] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5297] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5297] <... futex resumed>) = 0 [pid 5296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5297] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5298 attached [pid 5298] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5298] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5296] <... clone3 resumed> => {parent_tid=[5298]}, 88) = 5298 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5296] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5298] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5298] ftruncate(4, 2 [pid 5296] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5298] <... ftruncate resumed>) = 0 [pid 5298] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] <... futex resumed>) = 0 [pid 5298] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 1 [pid 5297] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5296] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] <... open resumed>) = 5 [pid 5297] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5297] <... futex resumed>) = 1 [pid 5297] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5297] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5297] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5296] <... futex resumed>) = 0 [pid 5296] exit_group(0 [pid 5298] <... futex resumed>) = ? [pid 5297] <... futex resumed>) = ? [pid 5298] +++ exited with 0 +++ [pid 5297] +++ exited with 0 +++ [pid 5296] <... exit_group resumed>) = ? [ 88.209180][ T5297] loop0: detected capacity change from 0 to 4096 [pid 5296] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5296, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5299 attached , child_tidptr=0x555556ff8690) = 5299 [pid 5299] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5299] chdir("./88") = 0 [pid 5299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5299] setpgid(0, 0) = 0 [pid 5299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5299] write(3, "1000", 4) = 4 [pid 5299] close(3) = 0 [pid 5299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5299] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5299] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5300 attached => {parent_tid=[5300]}, 88) = 5300 [pid 5300] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] <... rseq resumed>) = 0 [pid 5300] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5300] memfd_create("syzkaller", 0) = 3 [pid 5300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5300] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5300] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5300] close(3) = 0 [pid 5300] mkdir("./file2", 0777) = 0 [pid 5300] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5300] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5300] chdir("./file2") = 0 [pid 5300] ioctl(4, LOOP_CLR_FD) = 0 [pid 5300] close(4) = 0 [pid 5300] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5300] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5300] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5299] <... futex resumed>) = 1 [pid 5299] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... open resumed>) = 4 [pid 5300] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5299] <... futex resumed>) = 0 [pid 5300] <... mmap resumed>) = 0x20000000 [pid 5299] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5299] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5300] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5301 attached [pid 5300] <... futex resumed>) = 0 [pid 5300] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] <... clone3 resumed> => {parent_tid=[5301]}, 88) = 5301 [pid 5301] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5301] <... rseq resumed>) = 0 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] set_robust_list(0x7f8f94b099a0, 24 [pid 5299] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] <... set_robust_list resumed>) = 0 [pid 5299] <... futex resumed>) = 0 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] ftruncate(4, 2 [pid 5299] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5301] <... ftruncate resumed>) = 0 [pid 5301] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] <... futex resumed>) = 0 [pid 5301] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5300] <... futex resumed>) = 0 [pid 5299] <... futex resumed>) = 1 [pid 5300] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5299] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... open resumed>) = 5 [pid 5300] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5299] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5300] <... futex resumed>) = 1 [pid 5300] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5299] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5300] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5299] exit_group(0 [pid 5300] <... futex resumed>) = ? [pid 5299] <... exit_group resumed>) = ? [pid 5300] +++ exited with 0 +++ [pid 5301] <... futex resumed>) = ? [pid 5301] +++ exited with 0 +++ [pid 5299] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5299, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 [ 88.337537][ T5300] loop0: detected capacity change from 0 to 4096 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5302 attached , child_tidptr=0x555556ff8690) = 5302 [pid 5302] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5302] chdir("./89") = 0 [pid 5302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5302] setpgid(0, 0) = 0 [pid 5302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5302] write(3, "1000", 4) = 4 [pid 5302] close(3) = 0 [pid 5302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5302] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5302] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5303 attached [pid 5303] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5302] <... clone3 resumed> => {parent_tid=[5303]}, 88) = 5303 [pid 5303] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5303] <... set_robust_list resumed>) = 0 [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5303] memfd_create("syzkaller", 0 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5303] <... memfd_create resumed>) = 3 [pid 5303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5303] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5303] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5303] close(3) = 0 [pid 5303] mkdir("./file2", 0777) = 0 [pid 5303] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5303] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5303] chdir("./file2") = 0 [pid 5303] ioctl(4, LOOP_CLR_FD) = 0 [pid 5303] close(4) = 0 [pid 5303] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5303] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5303] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = 0 [pid 5302] <... futex resumed>) = 1 [pid 5303] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5302] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5302] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5303] <... mmap resumed>) = 0x20000000 [pid 5302] <... mprotect resumed>) = 0 [pid 5303] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5303] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5304 attached [pid 5304] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5302] <... clone3 resumed> => {parent_tid=[5304]}, 88) = 5304 [pid 5302] rt_sigprocmask(SIG_SETMASK, [], [pid 5304] <... rseq resumed>) = 0 [pid 5302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5302] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5304] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5304] ftruncate(4, 2) = 0 [pid 5304] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5302] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] <... futex resumed>) = 1 [pid 5303] <... futex resumed>) = 0 [pid 5302] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5303] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5303] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5302] <... futex resumed>) = 0 [pid 5303] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5302] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5303] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5303] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5302] <... futex resumed>) = 0 [pid 5303] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5302] exit_group(0 [pid 5304] <... futex resumed>) = ? [pid 5302] <... exit_group resumed>) = ? [pid 5303] <... futex resumed>) = ? [pid 5303] +++ exited with 0 +++ [pid 5304] +++ exited with 0 +++ [pid 5302] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5302, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 [ 88.457745][ T5303] loop0: detected capacity change from 0 to 4096 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5305 attached , child_tidptr=0x555556ff8690) = 5305 [pid 5305] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5305] chdir("./90") = 0 [pid 5305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5305] setpgid(0, 0) = 0 [pid 5305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5305] write(3, "1000", 4) = 4 [pid 5305] close(3) = 0 [pid 5305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5305] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5305] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5306 attached => {parent_tid=[5306]}, 88) = 5306 [pid 5306] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], [pid 5306] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... set_robust_list resumed>) = 0 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5305] <... futex resumed>) = 0 [pid 5306] memfd_create("syzkaller", 0 [pid 5305] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5306] <... memfd_create resumed>) = 3 [pid 5306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5306] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5306] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5306] close(3) = 0 [pid 5306] mkdir("./file2", 0777) = 0 [pid 5306] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5306] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5306] chdir("./file2") = 0 [pid 5306] ioctl(4, LOOP_CLR_FD) = 0 [pid 5306] close(4) = 0 [pid 5306] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5306] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5305] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... open resumed>) = 4 [pid 5306] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5306] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5305] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5307 attached [pid 5307] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5307] set_robust_list(0x7f8f94b099a0, 24 [pid 5305] <... clone3 resumed> => {parent_tid=[5307]}, 88) = 5307 [pid 5307] <... set_robust_list resumed>) = 0 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5305] rt_sigprocmask(SIG_SETMASK, [], [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5306] <... mmap resumed>) = 0x20000000 [pid 5307] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5305] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = 0 [pid 5305] <... futex resumed>) = 1 [pid 5307] ftruncate(4, 2 [pid 5305] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5307] <... ftruncate resumed>) = 0 [pid 5307] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5307] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5305] <... futex resumed>) = 0 [pid 5307] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5305] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] <... open resumed>) = 5 [pid 5307] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5305] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5307] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5305] <... futex resumed>) = 0 [pid 5305] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5306] <... futex resumed>) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5306] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5305] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 5306] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5306] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5305] <... futex resumed>) = 0 [pid 5305] exit_group(0 [pid 5307] <... futex resumed>) = ? [pid 5305] <... exit_group resumed>) = ? [pid 5307] +++ exited with 0 +++ [pid 5306] +++ exited with 0 +++ [pid 5305] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5305, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=5 /* 0.05 s */} --- umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 88.582417][ T5306] loop0: detected capacity change from 0 to 4096 openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5308 ./strace-static-x86_64: Process 5308 attached [pid 5308] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5308] chdir("./91") = 0 [pid 5308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5308] setpgid(0, 0) = 0 [pid 5308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5308] write(3, "1000", 4) = 4 [pid 5308] close(3) = 0 [pid 5308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5308] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5308] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5309 attached => {parent_tid=[5309]}, 88) = 5309 [pid 5309] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], [pid 5309] <... rseq resumed>) = 0 [pid 5308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5309] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5308] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... set_robust_list resumed>) = 0 [pid 5308] <... futex resumed>) = 0 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5309] memfd_create("syzkaller", 0) = 3 [pid 5309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5309] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5309] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5309] close(3) = 0 [pid 5309] mkdir("./file2", 0777) = 0 [pid 5309] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5309] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5309] chdir("./file2") = 0 [pid 5309] ioctl(4, LOOP_CLR_FD) = 0 [pid 5309] close(4) = 0 [pid 5309] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5309] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5308] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... open resumed>) = 4 [pid 5309] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5309] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5308] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5309] <... mmap resumed>) = 0x20000000 [pid 5308] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5309] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5310 attached => {parent_tid=[5310]}, 88) = 5310 [pid 5310] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], [pid 5310] set_robust_list(0x7f8f94b099a0, 24 [pid 5308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5310] <... set_robust_list resumed>) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] ftruncate(4, 2) = 0 [pid 5310] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5310] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] <... futex resumed>) = 0 [pid 5308] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5309] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5308] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... open resumed>) = 5 [pid 5309] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5309] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5308] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5308] <... futex resumed>) = 1 [pid 5309] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5308] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5309] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [ 88.737419][ T5309] loop0: detected capacity change from 0 to 4096 [pid 5309] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] <... futex resumed>) = 0 [pid 5308] exit_group(0) = ? [pid 5310] <... futex resumed>) = ? [pid 5310] +++ exited with 0 +++ [pid 5309] +++ exited with 0 +++ [pid 5308] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5308, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5311 ./strace-static-x86_64: Process 5311 attached [pid 5311] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5311] chdir("./92") = 0 [pid 5311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5311] setpgid(0, 0) = 0 [pid 5311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5311] write(3, "1000", 4) = 4 [pid 5311] close(3) = 0 [pid 5311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5311] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5311] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5312 attached [pid 5312] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5311] <... clone3 resumed> => {parent_tid=[5312]}, 88) = 5312 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] <... rseq resumed>) = 0 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5312] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5311] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... set_robust_list resumed>) = 0 [pid 5311] <... futex resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5312] memfd_create("syzkaller", 0) = 3 [pid 5312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5312] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5312] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5312] close(3) = 0 [pid 5312] mkdir("./file2", 0777) = 0 [pid 5312] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5312] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5312] chdir("./file2") = 0 [pid 5312] ioctl(4, LOOP_CLR_FD) = 0 [pid 5312] close(4) = 0 [pid 5312] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5311] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... open resumed>) = 4 [pid 5312] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5311] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5311] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5312] <... mmap resumed>) = 0x20000000 [pid 5312] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] <... mprotect resumed>) = 0 [pid 5311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5313]}, 88) = 5313 ./strace-static-x86_64: Process 5313 attached [pid 5311] rt_sigprocmask(SIG_SETMASK, [], [pid 5313] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] <... rseq resumed>) = 0 [pid 5311] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] set_robust_list(0x7f8f94b099a0, 24 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... set_robust_list resumed>) = 0 [pid 5311] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] ftruncate(4, 2) = 0 [pid 5313] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5311] <... futex resumed>) = 0 [pid 5313] <... futex resumed>) = 1 [pid 5313] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = 0 [pid 5311] <... futex resumed>) = 1 [pid 5311] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5312] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5311] <... futex resumed>) = 0 [pid 5312] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5311] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5312] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5312] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5311] <... futex resumed>) = 0 [pid 5312] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5311] exit_group(0) = ? [pid 5313] <... futex resumed>) = ? [pid 5313] +++ exited with 0 +++ [pid 5312] <... futex resumed>) = ? [pid 5312] +++ exited with 0 +++ [pid 5311] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5311, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 88.908413][ T5312] loop0: detected capacity change from 0 to 4096 rmdir("./92/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5314 attached , child_tidptr=0x555556ff8690) = 5314 [pid 5314] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5314] chdir("./93") = 0 [pid 5314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5314] setpgid(0, 0) = 0 [pid 5314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5314] write(3, "1000", 4) = 4 [pid 5314] close(3) = 0 [pid 5314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5314] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5314] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5315]}, 88) = 5315 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5314] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5314] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5315 attached [pid 5315] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5315] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5315] memfd_create("syzkaller", 0) = 3 [pid 5315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5315] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5315] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5315] close(3) = 0 [pid 5315] mkdir("./file2", 0777) = 0 [pid 5315] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5315] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5315] chdir("./file2") = 0 [pid 5315] ioctl(4, LOOP_CLR_FD) = 0 [pid 5315] close(4) = 0 [pid 5315] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5314] <... futex resumed>) = 0 [pid 5315] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5314] <... futex resumed>) = 0 [pid 5315] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5314] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... open resumed>) = 4 [pid 5315] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5314] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5314] <... futex resumed>) = 0 [pid 5315] <... mmap resumed>) = 0x20000000 [pid 5314] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5315] <... futex resumed>) = 0 [pid 5314] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5316 attached => {parent_tid=[5316]}, 88) = 5316 [pid 5316] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5314] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] set_robust_list(0x7f8f94b099a0, 24 [pid 5314] <... futex resumed>) = 0 [pid 5316] <... set_robust_list resumed>) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 89.033398][ T5315] loop0: detected capacity change from 0 to 4096 [pid 5316] ftruncate(4, 2) = 0 [pid 5316] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5316] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5314] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = 0 [pid 5314] <... futex resumed>) = 1 [pid 5315] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5314] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... open resumed>) = 5 [pid 5315] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... futex resumed>) = 0 [pid 5314] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5314] <... futex resumed>) = 0 [pid 5315] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5314] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5315] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5315] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] <... futex resumed>) = 0 [pid 5314] exit_group(0 [pid 5316] <... futex resumed>) = ? [pid 5314] <... exit_group resumed>) = ? [pid 5316] +++ exited with 0 +++ [pid 5315] <... futex resumed>) = ? [pid 5315] +++ exited with 0 +++ [pid 5314] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5314, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=1 /* 0.01 s */} --- umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5317 attached , child_tidptr=0x555556ff8690) = 5317 [pid 5317] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5317] chdir("./94") = 0 [pid 5317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5317] setpgid(0, 0) = 0 [pid 5317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5317] write(3, "1000", 4) = 4 [pid 5317] close(3) = 0 [pid 5317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5317] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5317] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5318 attached [pid 5318] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5317] <... clone3 resumed> => {parent_tid=[5318]}, 88) = 5318 [pid 5318] <... rseq resumed>) = 0 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] <... set_robust_list resumed>) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5318] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5317] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5318] memfd_create("syzkaller", 0) = 3 [pid 5318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5318] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5318] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5318] close(3) = 0 [pid 5318] mkdir("./file2", 0777) = 0 [pid 5318] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5318] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5318] chdir("./file2") = 0 [pid 5318] ioctl(4, LOOP_CLR_FD) = 0 [pid 5318] close(4) = 0 [pid 5318] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5317] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5318] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5318] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5317] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5317] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5318] <... mmap resumed>) = 0x20000000 [pid 5318] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... mprotect resumed>) = 0 [pid 5317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5319 attached [pid 5319] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5319] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... clone3 resumed> => {parent_tid=[5319]}, 88) = 5319 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5317] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [pid 5319] ftruncate(4, 2 [pid 5317] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... ftruncate resumed>) = 0 [pid 5319] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5319] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] <... futex resumed>) = 0 [pid 5317] <... futex resumed>) = 1 [ 89.180237][ T5318] loop0: detected capacity change from 0 to 4096 [pid 5317] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5318] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5317] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5318] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5317] <... futex resumed>) = 0 [pid 5317] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5318] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5318] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5317] <... futex resumed>) = 0 [pid 5317] exit_group(0) = ? [pid 5319] <... futex resumed>) = ? [pid 5319] +++ exited with 0 +++ [pid 5318] +++ exited with 0 +++ [pid 5317] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5317, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5320 ./strace-static-x86_64: Process 5320 attached [pid 5320] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5320] chdir("./95") = 0 [pid 5320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5320] setpgid(0, 0) = 0 [pid 5320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5320] write(3, "1000", 4) = 4 [pid 5320] close(3) = 0 [pid 5320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5320] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5320] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5321 attached [pid 5321] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5321] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5321] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... clone3 resumed> => {parent_tid=[5321]}, 88) = 5321 [pid 5320] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5320] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5321] memfd_create("syzkaller", 0 [pid 5320] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5321] <... memfd_create resumed>) = 3 [pid 5321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5321] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5321] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5321] close(3) = 0 [pid 5321] mkdir("./file2", 0777) = 0 [pid 5321] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5321] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5321] chdir("./file2") = 0 [pid 5321] ioctl(4, LOOP_CLR_FD) = 0 [pid 5321] close(4) = 0 [pid 5321] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5320] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5321] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5321] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5320] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] <... mmap resumed>) = 0x20000000 [pid 5320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5321] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5320] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] <... clone3 resumed> => {parent_tid=[5322]}, 88) = 5322 ./strace-static-x86_64: Process 5322 attached [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5322] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5322] <... rseq resumed>) = 0 [pid 5320] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] set_robust_list(0x7f8f94b099a0, 24 [pid 5320] <... futex resumed>) = 0 [pid 5322] <... set_robust_list resumed>) = 0 [pid 5320] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] ftruncate(4, 2) = 0 [pid 5322] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5322] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5321] <... futex resumed>) = 0 [pid 5320] <... futex resumed>) = 1 [pid 5320] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5321] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5320] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5320] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5321] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5321] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5320] <... futex resumed>) = 0 [pid 5321] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5320] exit_group(0 [pid 5322] <... futex resumed>) = ? [pid 5321] <... futex resumed>) = ? [pid 5320] <... exit_group resumed>) = ? [pid 5322] +++ exited with 0 +++ [pid 5321] +++ exited with 0 +++ [pid 5320] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5320, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 89.345483][ T5321] loop0: detected capacity change from 0 to 4096 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x555556ff8690) = 5323 [pid 5323] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5323] chdir("./96") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5323] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5324 attached => {parent_tid=[5324]}, 88) = 5324 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5324] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5323] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5324] <... set_robust_list resumed>) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5324] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5324] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./file2", 0777) = 0 [pid 5324] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5324] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file2") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5323] <... futex resumed>) = 0 [pid 5324] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5323] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... open resumed>) = 4 [pid 5324] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5323] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... mmap resumed>) = 0x20000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5323] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5325]}, 88) = 5325 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], [pid 5324] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5324] <... futex resumed>) = 0 [pid 5323] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5325 attached [pid 5325] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5325] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5325] ftruncate(4, 2) = 0 [pid 5325] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5325] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5324] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5323] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... open resumed>) = 5 [pid 5324] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... futex resumed>) = 0 [pid 5323] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5324] <... futex resumed>) = 1 [pid 5323] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5324] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] exit_group(0 [pid 5325] <... futex resumed>) = ? [pid 5324] <... futex resumed>) = ? [pid 5323] <... exit_group resumed>) = ? [pid 5325] +++ exited with 0 +++ [pid 5324] +++ exited with 0 +++ [pid 5323] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5323, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5326 ./strace-static-x86_64: Process 5326 attached [pid 5326] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5326] chdir("./97") = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5326] setpgid(0, 0) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5326] write(3, "1000", 4) = 4 [pid 5326] close(3) = 0 [ 89.488528][ T5324] loop0: detected capacity change from 0 to 4096 [pid 5326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5326] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5326] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5326] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5327 attached [pid 5327] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5326] <... clone3 resumed> => {parent_tid=[5327]}, 88) = 5327 [pid 5327] <... rseq resumed>) = 0 [pid 5327] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] <... futex resumed>) = 0 [pid 5327] memfd_create("syzkaller", 0 [pid 5326] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5327] <... memfd_create resumed>) = 3 [pid 5327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5327] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5327] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5327] close(3) = 0 [pid 5327] mkdir("./file2", 0777) = 0 [pid 5327] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5327] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5327] chdir("./file2") = 0 [pid 5327] ioctl(4, LOOP_CLR_FD) = 0 [pid 5327] close(4) = 0 [pid 5327] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... open resumed>) = 4 [pid 5327] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5327] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] <... futex resumed>) = 0 [pid 5327] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5326] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5326] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5327] <... mmap resumed>) = 0x20000000 [pid 5326] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5327] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5328 attached [pid 5328] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5326] <... clone3 resumed> => {parent_tid=[5328]}, 88) = 5328 [pid 5328] <... rseq resumed>) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5328] set_robust_list(0x7f8f94b099a0, 24 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5328] <... set_robust_list resumed>) = 0 [pid 5326] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], [pid 5326] <... futex resumed>) = 0 [pid 5328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5326] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] ftruncate(4, 2) = 0 [pid 5328] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5326] <... futex resumed>) = 1 [pid 5326] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5328] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5327] <... open resumed>) = 5 [pid 5327] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... futex resumed>) = 0 [pid 5327] <... futex resumed>) = 1 [pid 5326] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5326] <... futex resumed>) = 0 [pid 5327] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5326] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5327] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] exit_group(0 [pid 5328] <... futex resumed>) = ? [pid 5327] <... futex resumed>) = ? [pid 5326] <... exit_group resumed>) = ? [pid 5328] +++ exited with 0 +++ [pid 5327] +++ exited with 0 +++ [pid 5326] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5326, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=1 /* 0.01 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 89.599286][ T5327] loop0: detected capacity change from 0 to 4096 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5329 attached , child_tidptr=0x555556ff8690) = 5329 [pid 5329] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5329] chdir("./98") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5329] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5330 attached => {parent_tid=[5330]}, 88) = 5330 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5330] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5330] <... rseq resumed>) = 0 [pid 5330] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5329] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... set_robust_list resumed>) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5330] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5330] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file2", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5330] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file2") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5330] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 4 [pid 5330] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5330] <... mmap resumed>) = 0x20000000 [pid 5329] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5329] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5330] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5330] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5331 attached => {parent_tid=[5331]}, 88) = 5331 [pid 5331] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] rt_sigprocmask(SIG_SETMASK, [], [pid 5329] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5329] <... futex resumed>) = 0 [pid 5331] ftruncate(4, 2 [pid 5329] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5331] <... ftruncate resumed>) = 0 [pid 5331] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = 1 [pid 5330] <... futex resumed>) = 0 [pid 5329] <... futex resumed>) = 1 [pid 5331] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5330] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5329] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 5 [pid 5330] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5329] <... futex resumed>) = 0 [pid 5330] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5329] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... futex resumed>) = 0 [pid 5330] <... futex resumed>) = 1 [pid 5329] exit_group(0 [pid 5330] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5331] <... futex resumed>) = ? [pid 5330] <... futex resumed>) = ? [pid 5329] <... exit_group resumed>) = ? [pid 5331] +++ exited with 0 +++ [pid 5330] +++ exited with 0 +++ [pid 5329] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5329, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file2") = 0 [ 89.722578][ T5330] loop0: detected capacity change from 0 to 4096 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5332 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5332] chdir("./99") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5332] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5333 attached => {parent_tid=[5333]}, 88) = 5333 [pid 5333] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] <... rseq resumed>) = 0 [pid 5333] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] <... set_robust_list resumed>) = 0 [pid 5332] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5333] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5333] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5333] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] close(3) = 0 [pid 5333] mkdir("./file2", 0777) = 0 [pid 5333] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5333] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./file2") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5333] <... futex resumed>) = 1 [pid 5332] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... open resumed>) = 4 [pid 5333] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5332] <... futex resumed>) = 0 [pid 5333] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5332] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... mmap resumed>) = 0x20000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5332] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5333] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5333] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5334 attached [pid 5334] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5334] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5332] <... clone3 resumed> => {parent_tid=[5334]}, 88) = 5334 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], [pid 5333] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] rt_sigprocmask(SIG_SETMASK, [], [pid 5334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5334] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5332] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5334] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5334] ftruncate(4, 2 [pid 5332] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5334] <... ftruncate resumed>) = 0 [pid 5334] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5334] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5333] <... futex resumed>) = 0 [pid 5332] <... futex resumed>) = 1 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5332] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... open resumed>) = 5 [pid 5333] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5333] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] exit_group(0 [pid 5333] <... futex resumed>) = 1 [pid 5333] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5332] <... exit_group resumed>) = ? [pid 5333] <... futex resumed>) = ? [pid 5333] +++ exited with 0 +++ [ 89.842137][ T5333] loop0: detected capacity change from 0 to 4096 [pid 5334] <... futex resumed>) = ? [pid 5334] +++ exited with 0 +++ [pid 5332] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5332, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5335 attached [pid 5335] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5335] chdir("./100") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5335 [pid 5335] <... setpgid resumed>) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5335] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5336 attached [pid 5336] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5336] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5335] <... clone3 resumed> => {parent_tid=[5336]}, 88) = 5336 [pid 5336] <... set_robust_list resumed>) = 0 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = 1 [pid 5335] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] memfd_create("syzkaller", 0) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5336] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5336] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./file2", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5336] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file2") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5336] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5335] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... open resumed>) = 4 [pid 5336] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5335] <... futex resumed>) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5336] <... mmap resumed>) = 0x20000000 [pid 5335] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5337]}, 88) = 5337 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 0 [pid 5335] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5337 attached [pid 5337] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5337] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5337] ftruncate(4, 2) = 0 [pid 5337] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5337] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = 1 [pid 5336] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5335] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... open resumed>) = 5 [pid 5336] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... futex resumed>) = 1 [pid 5335] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5335] <... futex resumed>) = 0 [pid 5336] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5335] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 89.976834][ T5336] loop0: detected capacity change from 0 to 4096 [pid 5336] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] exit_group(0 [pid 5337] <... futex resumed>) = ? [pid 5335] <... exit_group resumed>) = ? [pid 5337] +++ exited with 0 +++ [pid 5336] <... futex resumed>) = ? [pid 5336] +++ exited with 0 +++ [pid 5335] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5335, si_uid=0, si_status=0, si_utime=0, si_stime=7 /* 0.07 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5338 attached , child_tidptr=0x555556ff8690) = 5338 [pid 5338] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5338] chdir("./101") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5338] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5339 attached => {parent_tid=[5339]}, 88) = 5339 [pid 5339] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], [pid 5339] <... rseq resumed>) = 0 [pid 5338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5339] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5338] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... set_robust_list resumed>) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], [pid 5338] <... futex resumed>) = 0 [pid 5339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5338] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5339] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5339] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] close(3) = 0 [pid 5339] mkdir("./file2", 0777) = 0 [pid 5339] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5339] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5339] chdir("./file2") = 0 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5338] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... open resumed>) = 4 [pid 5339] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5339] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5340] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5338] <... clone3 resumed> => {parent_tid=[5340]}, 88) = 5340 [pid 5340] <... rseq resumed>) = 0 [pid 5339] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], [pid 5340] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5339] <... futex resumed>) = 0 [pid 5338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], [pid 5339] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] ftruncate(4, 2 [pid 5338] <... futex resumed>) = 0 [pid 5340] <... ftruncate resumed>) = 0 [pid 5338] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5340] <... futex resumed>) = 0 [pid 5340] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5339] <... futex resumed>) = 0 [pid 5338] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5339] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] <... futex resumed>) = 0 [pid 5339] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5338] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5339] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] exit_group(0 [pid 5340] <... futex resumed>) = ? [pid 5339] <... futex resumed>) = ? [pid 5338] <... exit_group resumed>) = ? [pid 5340] +++ exited with 0 +++ [pid 5339] +++ exited with 0 +++ [pid 5338] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5338, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 [ 90.109059][ T5339] loop0: detected capacity change from 0 to 4096 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5341 attached , child_tidptr=0x555556ff8690) = 5341 [pid 5341] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5341] chdir("./102") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5341] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5342 attached [pid 5342] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5342] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... clone3 resumed> => {parent_tid=[5342]}, 88) = 5342 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5342] memfd_create("syzkaller", 0) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5342] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5342] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file2", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5342] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5342] chdir("./file2") = 0 [pid 5342] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] close(4) = 0 [pid 5342] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5341] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... open resumed>) = 4 [pid 5342] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5341] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5343 attached [pid 5343] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5343] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... clone3 resumed> => {parent_tid=[5343]}, 88) = 5343 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5343] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5343] ftruncate(4, 2) = 0 [pid 5343] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5343] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5342] <... futex resumed>) = 0 [pid 5341] <... futex resumed>) = 1 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5341] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5342] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5341] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5341] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5342] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5342] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] exit_group(0 [pid 5343] <... futex resumed>) = ? [pid 5342] <... futex resumed>) = ? [pid 5341] <... exit_group resumed>) = ? [pid 5343] +++ exited with 0 +++ [pid 5342] +++ exited with 0 +++ [pid 5341] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5341, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 90.265706][ T5342] loop0: detected capacity change from 0 to 4096 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5344 ./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5344] chdir("./103") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5344] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5345 attached [pid 5345] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5344] <... clone3 resumed> => {parent_tid=[5345]}, 88) = 5345 [pid 5345] <... rseq resumed>) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5345] <... set_robust_list resumed>) = 0 [pid 5344] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], [pid 5344] <... futex resumed>) = 0 [pid 5345] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5345] memfd_create("syzkaller", 0) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5345] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5345] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file2", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5345] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file2") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5344] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... open resumed>) = 4 [pid 5345] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5344] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... mmap resumed>) = 0x20000000 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5344] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5345] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... mprotect resumed>) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5346 attached => {parent_tid=[5346]}, 88) = 5346 [pid 5346] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5346] <... rseq resumed>) = 0 [pid 5346] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5346] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5346] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5346] ftruncate(4, 2) = 0 [pid 5344] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] <... futex resumed>) = 0 [pid 5344] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5346] <... futex resumed>) = 0 [pid 5345] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5346] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5345] <... open resumed>) = 5 [pid 5345] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5344] <... futex resumed>) = 0 [pid 5345] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5344] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5344] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5345] <... futex resumed>) = 0 [pid 5345] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] exit_group(0 [pid 5346] <... futex resumed>) = ? [pid 5346] +++ exited with 0 +++ [pid 5345] <... futex resumed>) = ? [pid 5344] <... exit_group resumed>) = ? [pid 5345] +++ exited with 0 +++ [pid 5344] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5344, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.412567][ T5345] loop0: detected capacity change from 0 to 4096 openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5347 attached , child_tidptr=0x555556ff8690) = 5347 [pid 5347] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5347] chdir("./104") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5347] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5348]}, 88) = 5348 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5347] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5348 attached [pid 5348] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5348] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5348] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5348] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] mkdir("./file2", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5348] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file2") = 0 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... open resumed>) = 4 [pid 5348] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5348] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... mmap resumed>) = 0x20000000 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5348] <... futex resumed>) = 0 [pid 5347] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5347] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5348] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... mprotect resumed>) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5349 attached [pid 5349] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5347] <... clone3 resumed> => {parent_tid=[5349]}, 88) = 5349 [pid 5349] <... rseq resumed>) = 0 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] set_robust_list(0x7f8f94b099a0, 24 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] <... set_robust_list resumed>) = 0 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5347] <... futex resumed>) = 0 [pid 5349] ftruncate(4, 2 [pid 5347] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] <... ftruncate resumed>) = 0 [pid 5349] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5349] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5348] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5347] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] <... open resumed>) = 5 [pid 5348] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5348] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5347] exit_group(0 [pid 5349] <... futex resumed>) = ? [pid 5347] <... exit_group resumed>) = ? [pid 5349] +++ exited with 0 +++ [pid 5348] +++ exited with 0 +++ [pid 5347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5347, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 90.561064][ T5348] loop0: detected capacity change from 0 to 4096 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5350 ./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5350] chdir("./105") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5350] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5351 attached [pid 5351] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5351] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... clone3 resumed> => {parent_tid=[5351]}, 88) = 5351 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5350] <... futex resumed>) = 1 [pid 5351] memfd_create("syzkaller", 0 [pid 5350] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] <... memfd_create resumed>) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5351] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5351] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file2", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5351] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./file2") = 0 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5350] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... open resumed>) = 4 [pid 5351] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5350] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5351] <... mmap resumed>) = 0x20000000 [pid 5350] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5351] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... mprotect resumed>) = 0 [pid 5351] <... futex resumed>) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5351] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5352]}, 88) = 5352 ./strace-static-x86_64: Process 5352 attached [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5352] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5352] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] ftruncate(4, 2) = 0 [pid 5352] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5352] <... futex resumed>) = 1 [pid 5350] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = 0 [pid 5352] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] <... futex resumed>) = 1 [pid 5350] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5351] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5350] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5351] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] exit_group(0 [pid 5351] <... futex resumed>) = ? [pid 5352] <... futex resumed>) = ? [pid 5350] <... exit_group resumed>) = ? [pid 5351] +++ exited with 0 +++ [pid 5352] +++ exited with 0 +++ [pid 5350] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5350, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 90.715648][ T5351] loop0: detected capacity change from 0 to 4096 rmdir("./105/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5353 attached , child_tidptr=0x555556ff8690) = 5353 [pid 5353] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5353] chdir("./106") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5353] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5354]}, 88) = 5354 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5354 attached [pid 5354] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5354] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] memfd_create("syzkaller", 0) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5354] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5354] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file2", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5354] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file2") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5353] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... open resumed>) = 4 [pid 5354] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[5355]}, 88) = 5355 [pid 5355] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5355] <... rseq resumed>) = 0 [pid 5355] set_robust_list(0x7f8f94b099a0, 24 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5355] <... set_robust_list resumed>) = 0 [pid 5353] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5354] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5353] <... futex resumed>) = 0 [pid 5355] ftruncate(4, 2 [pid 5354] <... futex resumed>) = 0 [ 90.830642][ T5354] loop0: detected capacity change from 0 to 4096 [pid 5353] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] <... ftruncate resumed>) = 0 [pid 5354] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5355] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5355] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... futex resumed>) = 0 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5354] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5354] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] exit_group(0) = ? [pid 5355] <... futex resumed>) = ? [pid 5355] +++ exited with 0 +++ [pid 5354] +++ exited with 0 +++ [pid 5353] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5353, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5356 ./strace-static-x86_64: Process 5356 attached [pid 5356] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5356] chdir("./107") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5356] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5357 attached => {parent_tid=[5357]}, 88) = 5357 [pid 5357] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5357] <... rseq resumed>) = 0 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5356] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... set_robust_list resumed>) = 0 [pid 5356] <... futex resumed>) = 0 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], [pid 5356] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5357] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5357] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./file2", 0777) = 0 [pid 5357] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5357] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file2") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5356] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 4 [pid 5357] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5356] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5356] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5356] <... clone3 resumed> => {parent_tid=[5358]}, 88) = 5358 [pid 5358] <... rseq resumed>) = 0 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] set_robust_list(0x7f8f94b099a0, 24 [pid 5357] <... mmap resumed>) = 0x20000000 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5357] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5358] ftruncate(4, 2) = 0 [pid 5358] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5358] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] <... futex resumed>) = 0 [pid 5356] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = 0 [pid 5356] <... futex resumed>) = 1 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5356] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 5 [pid 5357] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5356] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5357] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] exit_group(0 [pid 5357] <... futex resumed>) = ? [pid 5356] <... exit_group resumed>) = ? [pid 5358] <... futex resumed>) = ? [pid 5357] +++ exited with 0 +++ [pid 5358] +++ exited with 0 +++ [pid 5356] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5356, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 90.983525][ T5357] loop0: detected capacity change from 0 to 4096 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5359 ./strace-static-x86_64: Process 5359 attached [pid 5359] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5359] chdir("./108") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5359] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5360 attached => {parent_tid=[5360]}, 88) = 5360 [pid 5360] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] <... rseq resumed>) = 0 [pid 5360] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5360] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5360] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file2", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5360] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file2") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5359] <... futex resumed>) = 1 [pid 5359] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5360] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5359] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5361 attached [pid 5361] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5359] <... clone3 resumed> => {parent_tid=[5361]}, 88) = 5361 [pid 5361] <... rseq resumed>) = 0 [pid 5360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5361] set_robust_list(0x7f8f94b099a0, 24 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], [pid 5361] <... set_robust_list resumed>) = 0 [pid 5360] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] ftruncate(4, 2 [pid 5359] <... futex resumed>) = 0 [pid 5361] <... ftruncate resumed>) = 0 [pid 5359] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5361] <... futex resumed>) = 1 [pid 5359] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5361] <... open resumed>) = 5 [pid 5361] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... futex resumed>) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5361] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=0, fm_flags=0, fm_extent_count=0} [pid 5359] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... mmap resumed>) = 0x20000000 [pid 5360] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5361] <... ioctl resumed>) = -1 EINVAL (Invalid argument) [pid 5361] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5361] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] exit_group(0 [pid 5361] <... futex resumed>) = ? [pid 5359] <... exit_group resumed>) = ? [pid 5361] +++ exited with 0 +++ [pid 5360] <... futex resumed>) = ? [pid 5360] +++ exited with 0 +++ [pid 5359] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5359, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 [ 91.130379][ T5360] loop0: detected capacity change from 0 to 4096 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5362 attached , child_tidptr=0x555556ff8690) = 5362 [pid 5362] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5362] chdir("./109") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5362] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5363]}, 88) = 5363 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5362] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5363 attached [pid 5363] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5363] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5363] memfd_create("syzkaller", 0) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5363] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5363] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file2", 0777) = 0 [pid 5363] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5363] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file2") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] <... futex resumed>) = 0 [pid 5363] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5362] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... open resumed>) = 4 [pid 5363] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] <... futex resumed>) = 0 [pid 5363] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5362] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] <... mmap resumed>) = 0x20000000 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5363] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5363] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5364 attached [pid 5364] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5364] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5362] <... clone3 resumed> => {parent_tid=[5364]}, 88) = 5364 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5364] <... futex resumed>) = 0 [pid 5364] ftruncate(4, 2) = 0 [pid 5362] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] <... futex resumed>) = 0 [pid 5362] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5364] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5363] <... futex resumed>) = 0 [pid 5362] <... futex resumed>) = 1 [pid 5363] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5362] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... open resumed>) = 5 [pid 5363] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] <... futex resumed>) = 0 [pid 5363] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5362] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [ 91.258714][ T5363] loop0: detected capacity change from 0 to 4096 [pid 5363] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] exit_group(0 [pid 5364] <... futex resumed>) = ? [pid 5363] <... futex resumed>) = ? [pid 5362] <... exit_group resumed>) = ? [pid 5364] +++ exited with 0 +++ [pid 5363] +++ exited with 0 +++ [pid 5362] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5362, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5365 attached , child_tidptr=0x555556ff8690) = 5365 [pid 5365] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5365] chdir("./110") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5365] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5366 attached => {parent_tid=[5366]}, 88) = 5366 [pid 5366] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5366] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5366] <... set_robust_list resumed>) = 0 [pid 5365] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... futex resumed>) = 0 [pid 5366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5366] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5366] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file2", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5366] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file2") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5366] <... futex resumed>) = 1 [pid 5365] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5365] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 4 [pid 5366] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] <... futex resumed>) = 0 [pid 5366] <... futex resumed>) = 1 [pid 5365] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5365] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... mmap resumed>) = 0x20000000 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5366] <... futex resumed>) = 0 [pid 5366] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5367 attached => {parent_tid=[5367]}, 88) = 5367 [pid 5367] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], [pid 5367] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], [pid 5365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5365] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5367] ftruncate(4, 2) = 0 [pid 5367] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5367] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5365] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 5 [pid 5366] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5365] <... futex resumed>) = 0 [pid 5366] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5365] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5366] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [ 91.391204][ T5366] loop0: detected capacity change from 0 to 4096 [pid 5366] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] exit_group(0 [pid 5367] <... futex resumed>) = ? [pid 5365] <... exit_group resumed>) = ? [pid 5367] +++ exited with 0 +++ [pid 5366] <... futex resumed>) = ? [pid 5366] +++ exited with 0 +++ [pid 5365] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5365, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5368 attached , child_tidptr=0x555556ff8690) = 5368 [pid 5368] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5368] chdir("./111") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5368] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5369 attached [pid 5369] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5369] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5369] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... clone3 resumed> => {parent_tid=[5369]}, 88) = 5369 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 1 [pid 5369] memfd_create("syzkaller", 0 [pid 5368] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5369] <... memfd_create resumed>) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5369] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5369] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file2", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5369] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file2") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5369] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... open resumed>) = 4 [pid 5369] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5368] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5369] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5368] <... mprotect resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5370 attached [pid 5370] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5368] <... clone3 resumed> => {parent_tid=[5370]}, 88) = 5370 [pid 5370] <... rseq resumed>) = 0 [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] set_robust_list(0x7f8f94b099a0, 24 [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5370] <... set_robust_list resumed>) = 0 [pid 5368] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], [pid 5368] <... futex resumed>) = 0 [pid 5370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5370] ftruncate(4, 2 [pid 5368] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... ftruncate resumed>) = 0 [pid 5370] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5370] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5368] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... open resumed>) = 5 [pid 5370] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = 1 [pid 5369] <... futex resumed>) = 0 [pid 5368] <... futex resumed>) = 0 [pid 5370] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5369] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5370] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... futex resumed>) = 0 [pid 5370] <... futex resumed>) = 1 [pid 5370] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] exit_group(0 [pid 5370] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5368] <... exit_group resumed>) = ? [pid 5370] +++ exited with 0 +++ [pid 5369] +++ exited with 0 +++ [pid 5368] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5368, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 [ 91.527087][ T5369] loop0: detected capacity change from 0 to 4096 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x555556ff8690) = 5371 [pid 5371] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5371] chdir("./112") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5371] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5372 attached [pid 5372] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5371] <... clone3 resumed> => {parent_tid=[5372]}, 88) = 5372 [pid 5372] <... rseq resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5372] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5372] <... set_robust_list resumed>) = 0 [pid 5371] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] <... futex resumed>) = 0 [pid 5372] memfd_create("syzkaller", 0 [pid 5371] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] <... memfd_create resumed>) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5372] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5372] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file2", 0777) = 0 [pid 5372] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5372] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file2") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5372] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5371] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... open resumed>) = 4 [pid 5372] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5371] <... futex resumed>) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5372] <... mmap resumed>) = 0x20000000 [pid 5371] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5371] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5373 attached [pid 5373] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5371] <... clone3 resumed> => {parent_tid=[5373]}, 88) = 5373 [pid 5373] set_robust_list(0x7f8f94b099a0, 24 [pid 5372] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] <... set_robust_list resumed>) = 0 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 91.630622][ T5372] loop0: detected capacity change from 0 to 4096 [pid 5373] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5372] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5373] <... futex resumed>) = 0 [pid 5371] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5373] ftruncate(4, 2) = 0 [pid 5373] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5373] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5371] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... open resumed>) = 5 [pid 5372] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5371] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5372] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] exit_group(0) = ? [pid 5373] <... futex resumed>) = ? [pid 5372] <... futex resumed>) = ? [pid 5373] +++ exited with 0 +++ [pid 5372] +++ exited with 0 +++ [pid 5371] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5371, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5374 ./strace-static-x86_64: Process 5374 attached [pid 5374] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5374] chdir("./113") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5374] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5375 attached [pid 5375] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5374] <... clone3 resumed> => {parent_tid=[5375]}, 88) = 5375 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5375] <... rseq resumed>) = 0 [pid 5375] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5375] memfd_create("syzkaller", 0) = 3 [pid 5375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5375] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5375] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] close(3) = 0 [pid 5375] mkdir("./file2", 0777) = 0 [pid 5375] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5375] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5375] chdir("./file2") = 0 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5375] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5374] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... open resumed>) = 4 [pid 5375] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5374] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5374] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5375] <... mmap resumed>) = 0x20000000 [pid 5375] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5376 attached [pid 5374] <... clone3 resumed> => {parent_tid=[5376]}, 88) = 5376 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5376] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], [pid 5376] <... rseq resumed>) = 0 [pid 5374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5376] set_robust_list(0x7f8f94b099a0, 24 [pid 5374] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5376] <... set_robust_list resumed>) = 0 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] ftruncate(4, 2) = 0 [pid 5376] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] <... futex resumed>) = 0 [pid 5376] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5374] <... futex resumed>) = 1 [pid 5374] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5375] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5374] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... futex resumed>) = 0 [pid 5375] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5375] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5375] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] exit_group(0 [pid 5376] <... futex resumed>) = ? [pid 5375] <... futex resumed>) = ? [pid 5376] +++ exited with 0 +++ [pid 5375] +++ exited with 0 +++ [pid 5374] <... exit_group resumed>) = ? [pid 5374] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5374, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 [ 91.778777][ T5375] loop0: detected capacity change from 0 to 4096 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x555556ff86a0, 24 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5377 [pid 5377] <... set_robust_list resumed>) = 0 [pid 5377] chdir("./114") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5377] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5378 attached [pid 5378] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5378] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5377] <... clone3 resumed> => {parent_tid=[5378]}, 88) = 5378 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5378] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5377] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5378] memfd_create("syzkaller", 0 [pid 5377] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] <... memfd_create resumed>) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5378] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5378] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./file2", 0777) = 0 [pid 5378] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5378] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./file2") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5377] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... open resumed>) = 4 [pid 5378] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] <... futex resumed>) = 1 [pid 5377] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... mmap resumed>) = 0x20000000 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5378] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5377] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0}./strace-static-x86_64: Process 5379 attached [pid 5379] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5379] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5379] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... clone3 resumed> => {parent_tid=[5379]}, 88) = 5379 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5377] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5379] ftruncate(4, 2 [pid 5377] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... ftruncate resumed>) = 0 [pid 5379] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5379] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5377] <... futex resumed>) = 1 [pid 5378] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5377] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... open resumed>) = 5 [pid 5378] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5377] <... futex resumed>) = 0 [pid 5378] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5377] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5378] <... futex resumed>) = 0 [pid 5378] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] exit_group(0 [pid 5379] <... futex resumed>) = ? [pid 5377] <... exit_group resumed>) = ? [pid 5379] +++ exited with 0 +++ [pid 5378] <... futex resumed>) = ? [pid 5378] +++ exited with 0 +++ [pid 5377] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5377, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 91.917555][ T5378] loop0: detected capacity change from 0 to 4096 unlink("./114/binderfs") = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556ff8690) = 5380 ./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5380] chdir("./115") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5380] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5380] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5381 attached => {parent_tid=[5381]}, 88) = 5381 [pid 5381] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] <... set_robust_list resumed>) = 0 [pid 5380] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] <... futex resumed>) = 0 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5381] memfd_create("syzkaller", 0) = 3 [pid 5381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5381] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5381] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] close(3) = 0 [pid 5381] mkdir("./file2", 0777) = 0 [pid 5381] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5381] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5381] chdir("./file2") = 0 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [ 92.051556][ T5381] loop0: detected capacity change from 0 to 4096 [ 92.090174][ T28] kauditd_printk_skb: 98 callbacks suppressed [pid 5380] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... open resumed>) = 4 [pid 5381] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5381] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5382]}, 88) = 5382 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5380] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5382 attached [pid 5382] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5382] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5382] ftruncate(4, 2) = 0 [pid 5382] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [ 92.090188][ T28] audit: type=1800 audit(1697944384.907:345): pid=5381 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 92.117194][ T28] audit: type=1800 audit(1697944384.927:346): pid=5381 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5382] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5381] <... open resumed>) = 5 [pid 5381] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... futex resumed>) = 1 [pid 5380] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = 0 [pid 5381] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5381] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5381] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... futex resumed>) = 1 [pid 5380] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] exit_group(0 [pid 5381] <... futex resumed>) = ? [pid 5381] +++ exited with 0 +++ [pid 5380] <... exit_group resumed>) = ? [pid 5382] <... futex resumed>) = ? [pid 5382] +++ exited with 0 +++ [pid 5380] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5380, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 92.140829][ T28] audit: type=1800 audit(1697944384.957:347): pid=5381 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5383 attached , child_tidptr=0x555556ff8690) = 5383 [pid 5383] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5383] chdir("./116") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5383] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5384 attached [pid 5384] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5383] <... clone3 resumed> => {parent_tid=[5384]}, 88) = 5384 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5383] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] <... rseq resumed>) = 0 [pid 5384] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5384] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5384] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file2", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5384] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file2") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5384] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] <... futex resumed>) = 0 [pid 5384] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5383] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5383] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} [pid 5384] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... clone3 resumed> => {parent_tid=[5385]}, 88) = 5385 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5383] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 92.264012][ T5384] loop0: detected capacity change from 0 to 4096 [pid 5383] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5385 attached [pid 5385] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5385] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5385] ftruncate(4, 2) = 0 [pid 5385] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5385] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5384] <... futex resumed>) = 0 [pid 5383] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5384] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5383] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] exit_group(0 [pid 5384] <... futex resumed>) = 1 [pid 5385] <... futex resumed>) = ? [pid 5383] <... exit_group resumed>) = ? [pid 5385] +++ exited with 0 +++ [pid 5384] +++ exited with 0 +++ [pid 5383] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5383, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 [ 92.296514][ T28] audit: type=1800 audit(1697944385.117:348): pid=5384 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 92.333144][ T28] audit: type=1800 audit(1697944385.117:349): pid=5384 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5386 attached [pid 5386] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5386] chdir("./117" [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5386 [pid 5386] <... chdir resumed>) = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5386] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5387 attached => {parent_tid=[5387]}, 88) = 5387 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5386] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5387] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5387] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5387] memfd_create("syzkaller", 0) = 3 [pid 5387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [ 92.353476][ T28] audit: type=1800 audit(1697944385.147:350): pid=5384 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [pid 5387] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5387] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5387] close(3) = 0 [pid 5387] mkdir("./file2", 0777) = 0 [pid 5387] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5387] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5387] chdir("./file2") = 0 [pid 5387] ioctl(4, LOOP_CLR_FD) = 0 [pid 5387] close(4) = 0 [pid 5387] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... futex resumed>) = 0 [ 92.448456][ T5387] loop0: detected capacity change from 0 to 4096 [pid 5387] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 4 [pid 5387] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5387] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5386] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5386] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5388]}, 88) = 5388 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5386] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5388 attached [pid 5388] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5388] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5388] ftruncate(4, 2) = 0 [pid 5388] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5388] <... futex resumed>) = 0 [pid 5388] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000) = 5 [pid 5386] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5388] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5388] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5388] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5387] <... mmap resumed>) = 0x20000000 [pid 5387] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5386] exit_group(0 [pid 5388] <... futex resumed>) = ? [pid 5386] <... exit_group resumed>) = ? [pid 5388] +++ exited with 0 +++ [pid 5387] <... futex resumed>) = ? [pid 5387] +++ exited with 0 +++ [pid 5386] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5386, si_uid=0, si_status=0, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 [ 92.485785][ T28] audit: type=1800 audit(1697944385.307:351): pid=5387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 92.508676][ T28] audit: type=1800 audit(1697944385.327:352): pid=5387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 [ 92.529147][ T28] audit: type=1800 audit(1697944385.327:353): pid=5388 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5389 attached , child_tidptr=0x555556ff8690) = 5389 [pid 5389] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5389] chdir("./118") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5389] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053 [pid 5389] <... clone3 resumed> => {parent_tid=[5390]}, 88) = 5390 [pid 5390] <... rseq resumed>) = 0 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], [pid 5390] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] <... set_robust_list resumed>) = 0 [pid 5389] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], [pid 5389] <... futex resumed>) = 0 [pid 5390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5390] memfd_create("syzkaller", 0 [pid 5389] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5390] <... memfd_create resumed>) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5390] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5390] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file2", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5390] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file2") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5389] <... futex resumed>) = 0 [ 92.655526][ T5390] loop0: detected capacity change from 0 to 4096 [pid 5389] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... open resumed>) = 4 [pid 5390] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] <... futex resumed>) = 0 [pid 5389] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5390] <... mmap resumed>) = 0x20000000 [pid 5389] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5389] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5390] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... mprotect resumed>) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5391]}, 88) = 5391 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5391 attached [pid 5391] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5391] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5391] ftruncate(4, 2) = 0 [pid 5391] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5391] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = 0 [pid 5389] <... futex resumed>) = 1 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5389] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... open resumed>) = 5 [pid 5390] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5389] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5390] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] <... futex resumed>) = 0 [pid 5390] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] exit_group(0) = ? [pid 5390] <... futex resumed>) = ? [pid 5390] +++ exited with 0 +++ [pid 5391] <... futex resumed>) = ? [pid 5391] +++ exited with 0 +++ [pid 5389] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5389, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 [ 92.688949][ T28] audit: type=1800 audit(1697944385.507:354): pid=5390 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor262" name="bus" dev="loop0" ino=33 res=0 errno=0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5392 attached , child_tidptr=0x555556ff8690) = 5392 [pid 5392] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5392] chdir("./119") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5392] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0} => {parent_tid=[5393]}, 88) = 5393 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5393 attached [pid 5392] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5393] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5393] set_robust_list(0x7f8f94b2a9a0, 24) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] memfd_create("syzkaller", 0) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5393] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5393] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] mkdir("./file2", 0777) = 0 [pid 5393] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5393] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./file2") = 0 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = 1 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5392] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... open resumed>) = 4 [pid 5393] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5392] <... futex resumed>) = 0 [pid 5393] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5392] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... mmap resumed>) = 0x20000000 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5393] <... futex resumed>) = 0 [pid 5393] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] <... mmap resumed>) = 0x7f8f94ae9000 [pid 5392] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5394]}, 88) = 5394 ./strace-static-x86_64: Process 5394 attached [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5394] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5394] ftruncate(4, 2) = 0 [ 92.817614][ T5393] loop0: detected capacity change from 0 to 4096 [pid 5394] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... futex resumed>) = 0 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5392] <... futex resumed>) = 1 [pid 5392] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5393] <... open resumed>) = 5 [pid 5393] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5392] <... futex resumed>) = 0 [pid 5393] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} [pid 5392] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5393] <... ioctl resumed> => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5392] <... futex resumed>) = 0 [pid 5393] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 0 [pid 5392] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5393] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5392] exit_group(0 [pid 5394] <... futex resumed>) = ? [pid 5393] <... futex resumed>) = ? [pid 5392] <... exit_group resumed>) = ? [pid 5394] +++ exited with 0 +++ [pid 5393] +++ exited with 0 +++ [pid 5392] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5392, si_uid=0, si_status=0, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556ff9730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555557001770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555557001770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file2") = 0 getdents64(3, 0x555556ff9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5395 attached [pid 5395] set_robust_list(0x555556ff86a0, 24) = 0 [pid 5395] chdir("./120") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5395] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] rt_sigaction(SIGRT_1, {sa_handler=0x7f8f94b93ff0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f8f94b851a0}, NULL, 8) = 0 [pid 5395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94b0a000 [pid 5395] mprotect(0x7f8f94b0b000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b2a990, parent_tid=0x7f8f94b2a990, exit_signal=0, stack=0x7f8f94b0a000, stack_size=0x20300, tls=0x7f8f94b2a6c0}./strace-static-x86_64: Process 5396 attached => {parent_tid=[5396]}, 88) = 5396 [pid 5396] rseq(0x7f8f94b2afe0, 0x20, 0, 0x53053053) = 0 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], [pid 5396] set_robust_list(0x7f8f94b2a9a0, 24 [pid 5395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5396] <... set_robust_list resumed>) = 0 [pid 5395] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], [pid 5395] <... futex resumed>) = 0 [pid 5396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5395] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8f8c70a000 [pid 5034] <... clone resumed>, child_tidptr=0x555556ff8690) = 5395 [pid 5396] write(3, "\xeb\x52\x90\x4e\x54\x46\x53\x20\x20\x20\x20\x00\x02\x02\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x80\x00\xff\x0f\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\xff\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x04\x00\x00\x00\x8f\x24\x2d\x5f\x49\x6d\x50\x0b\x00\x00\x00\x00\x0e\x1f\xbe\x71\x7c\xac\x22\xc0\x74\x0b\x56\xb4\x0e\xbb\x07\x00"..., 2097152) = 2097152 [pid 5396] munmap(0x7f8f8c70a000, 138412032) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] mkdir("./file2", 0777) = 0 [pid 5396] mount("/dev/loop0", "./file2", "ntfs3", MS_POSIXACL|MS_LAZYTIME, "discard,nohidden,force,showmeta,sparse,iocharset=macceltic,iocharset=cp1250,gid=0x0000000000000000") = 0 [pid 5396] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./file2") = 0 [pid 5396] ioctl(4, LOOP_CLR_FD) = 0 [pid 5396] close(4) = 0 [pid 5396] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5395] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... open resumed>) = 4 [pid 5396] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f8f94ae9000 [pid 5396] <... futex resumed>) = 1 [pid 5395] mprotect(0x7f8f94aea000, 131072, PROT_READ|PROT_WRITE [pid 5396] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5395] <... mprotect resumed>) = 0 [pid 5396] <... mmap resumed>) = 0x20000000 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f8f94b09990, parent_tid=0x7f8f94b09990, exit_signal=0, stack=0x7f8f94ae9000, stack_size=0x20300, tls=0x7f8f94b096c0} => {parent_tid=[5397]}, 88) = 5397 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5395] futex(0x7f8f94c156d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f8f94c156dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5397 attached [pid 5397] rseq(0x7f8f94b09fe0, 0x20, 0, 0x53053053) = 0 [pid 5397] set_robust_list(0x7f8f94b099a0, 24) = 0 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5397] ftruncate(4, 2) = 0 [pid 5397] futex(0x7f8f94c156dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5397] futex(0x7f8f94c156d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5396] open("./bus", O_RDWR|O_CREAT|O_SYNC|O_DIRECT|O_NOATIME|0x3c, 000 [pid 5395] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... open resumed>) = 5 [pid 5396] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5395] <... futex resumed>) = 0 [pid 5395] futex(0x7f8f94c156c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] <... futex resumed>) = 1 [pid 5395] futex(0x7f8f94c156cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] ioctl(5, FS_IOC_FIEMAP, {fm_start=0, fm_length=63, fm_flags=0, fm_extent_count=6} => {fm_flags=0, fm_mapped_extents=0, ...}) = 0 [pid 5396] futex(0x7f8f94c156cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] futex(0x7f8f94c156c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... futex resumed>) = 0 [pid 5395] exit_group(0 [pid 5397] <... futex resumed>) = ? [pid 5395] <... exit_group resumed>) = ? [pid 5397] +++ exited with 0 +++ [pid 5396] <... futex resumed>) = ? [pid 5396] +++ exited with 0 +++ [pid 5395] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5395, si_uid=0, si_status=0, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0