Reduced bug reproduction for https://github.com/termux/proot/issues/87 https://github.com/termux/proot/issues/84

proot-case-bug-repro.c

#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <sys/stat.h>
#include <unistd.h>
#include <dirent.h>

#define NAME1 "testfile"
#define NAME2 "TESTFILE"

int main() {
	struct stat statl = {};

	// Just setup, original file creation can happen in any process
	int fd = openat(AT_FDCWD, NAME1, O_WRONLY|O_CREAT|O_EXCL, 0600);
	if (fd < 0) {
		perror("open 1");
		printf("Run this program in new directory");
		return 1;
	}
	close(fd);

#if 1
	// All of these trigger bug, proot uses lstat
	//int status = stat(NAME2, &statl);
	//int status = lstat(NAME2, &statl);
	//int status = access(NAME2, F_OK);
	int status = openat(AT_FDCWD, NAME2, O_RDONLY, 0);
	if (status < 0) perror("lookup");
#else
	// This doesn't trigger bug
	DIR *d = opendir(".");
	struct dirent *de;
	while((de = readdir(d))!=NULL) {
		printf("- %s\n", de->d_name);
	}
#endif

	// Switch to another process
	// (file creation must happen in different process,
	// than one that performed initial lookup)
	if (fork() > 0) { wait(NULL); exit(0); }

	// Create file, this will fail on buggy device
	fd = openat(AT_FDCWD, NAME2, O_WRONLY|O_CREAT, 0600);
	if (fd < 0) {
		perror("open 2");
		printf("Bug triggered\n");
		return 1;
	} else {
		printf("Bug didn't occur\n");
		return 0;
	}
}