./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2689376217 <...> Warning: Permanently added '10.128.1.105' (ED25519) to the list of known hosts. execve("./syz-executor2689376217", ["./syz-executor2689376217"], 0x7fff5ccbb140 /* 10 vars */) = 0 brk(NULL) = 0x555594dc8000 brk(0x555594dc8d40) = 0x555594dc8d40 arch_prctl(ARCH_SET_FS, 0x555594dc83c0) = 0 set_tid_address(0x555594dc8690) = 391 set_robust_list(0x555594dc86a0, 24) = 0 rseq(0x555594dc8ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2689376217", 4096) = 28 getrandom("\x22\x16\xc0\x7d\xe8\x86\xd6\xf7", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555594dc8d40 brk(0x555594de9d40) = 0x555594de9d40 brk(0x555594dea000) = 0x555594dea000 mprotect(0x7fa7fb15f000, 16384, PROT_READ) = 0 mmap(0x1ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffffffff000 mmap(0x200000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000000000 mmap(0x200001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200001000000 mkdir("./syzkaller.X08D9Q", 0700) = 0 chmod("./syzkaller.X08D9Q", 0777) = 0 chdir("./syzkaller.X08D9Q") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 393 executing program ./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x555594dc86a0, 24) = 0 [pid 393] chdir("./0") = 0 [pid 393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 393] setpgid(0, 0) = 0 [pid 393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 393] write(3, "1000", 4) = 4 [pid 393] close(3) = 0 [pid 393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 393] write(1, "executing program\n", 18) = 18 [pid 393] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 393] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[394]}, 88) = 394 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 393] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[395]}, 88) = 395 [pid 393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 393] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 395] creat("./bus", 000) = 3 [pid 395] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 395] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 395] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 393] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 393] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 395] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 393] <... futex resumed>) = 0 [pid 395] <... futex resumed>) = 1 [pid 395] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 394] memfd_create("syzkaller", 0) = 5 [pid 394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 394] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 394] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 394] close(5) = 0 [ 118.071571][ T28] audit: type=1400 audit(1744812740.799:66): avc: denied { execmem } for pid=391 comm="syz-executor268" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 118.091273][ T28] audit: type=1400 audit(1744812740.799:67): avc: denied { read write } for pid=391 comm="syz-executor268" name="loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 118.110422][ T394] loop0: detected capacity change from 0 to 256 [pid 394] close(6) = 0 [pid 394] mkdir("./file0", 0777) = 0 [ 118.116148][ T28] audit: type=1400 audit(1744812740.799:68): avc: denied { open } for pid=391 comm="syz-executor268" path="/dev/loop0" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 118.145597][ T28] audit: type=1400 audit(1744812740.799:69): avc: denied { ioctl } for pid=391 comm="syz-executor268" path="/dev/loop0" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 118.146401][ T394] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.171307][ T28] audit: type=1400 audit(1744812740.819:70): avc: denied { mounton } for pid=393 comm="syz-executor268" path="/root/syzkaller.X08D9Q/0/bus" dev="sda1" ino=1930 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=file permissive=1 [ 118.181861][ T394] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 394] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 394] chdir("./file0") = 0 [pid 394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 394] ioctl(6, LOOP_CLR_FD) = 0 [pid 394] close(6) = 0 [pid 394] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.206057][ T28] audit: type=1400 audit(1744812740.859:71): avc: denied { mounton } for pid=393 comm="syz-executor268" path="/root/syzkaller.X08D9Q/0/file0" dev="sda1" ino=1931 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 118.217304][ T394] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 394] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 393] exit_group(0 [pid 395] <... futex resumed>) = ? [pid 393] <... exit_group resumed>) = ? [pid 395] +++ exited with 0 +++ [pid 394] <... futex resumed>) = ? [pid 394] +++ exited with 0 +++ [pid 393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=393, si_uid=0, si_status=0, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/bus") = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 396 ./strace-static-x86_64: Process 396 attached [pid 396] set_robust_list(0x555594dc86a0, 24) = 0 [pid 396] chdir("./1") = 0 [pid 396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 396] setpgid(0, 0) = 0 [pid 396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 396] write(3, "1000", 4) = 4 [pid 396] close(3) = 0 [pid 396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 396] write(1, "executing program\n", 18executing program ) = 18 [pid 396] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 396] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[397]}, 88) = 397 [pid 396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 396] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 396] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[398]}, 88) = 398 [pid 396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 396] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 397 attached [pid 397] set_robust_list(0x7fa7fb0989a0, 24) = 0 [ 118.251218][ T28] audit: type=1400 audit(1744812740.989:72): avc: denied { mount } for pid=393 comm="syz-executor268" name="/" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 118.286760][ T28] audit: type=1400 audit(1744812741.009:73): avc: denied { unmount } for pid=391 comm="syz-executor268" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] memfd_create("syzkaller", 0) = 3 [pid 397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 397] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 397] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 398 attached ) = 0 [pid 398] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 398] creat("./bus", 000) = 5 [pid 398] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 396] <... futex resumed>) = 0 [pid 398] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 396] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... mount resumed>) = 0 [pid 396] <... futex resumed>) = 0 [pid 398] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 398] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 396] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... open resumed>) = 6 [pid 396] <... futex resumed>) = 0 [pid 398] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 398] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 396] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 396] <... futex resumed>) = 0 [pid 398] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 0 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 398] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] close(3) = 0 [pid 397] close(4) = 0 [pid 397] mkdir("./file0", 0777) = 0 [ 118.306981][ T28] audit: type=1400 audit(1744812741.009:74): avc: denied { unmount } for pid=391 comm="syz-executor268" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 118.328372][ T397] loop0: detected capacity change from 0 to 256 [ 118.341545][ T397] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.352151][ T397] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 397] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 397] chdir("./file0") = 0 [pid 397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 397] ioctl(4, LOOP_CLR_FD) = 0 [pid 397] close(4) = 0 [pid 397] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] exit_group(0 [pid 398] <... futex resumed>) = ? [pid 396] <... exit_group resumed>) = ? [pid 398] +++ exited with 0 +++ [pid 397] +++ exited with 0 +++ [pid 396] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=396, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/bus") = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 399 ./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x555594dc86a0, 24) = 0 [pid 399] chdir("./2") = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 399] close(3) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] write(1, "executing program\n", 18) = 18 [pid 399] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 399] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[400]}, 88) = 400 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 399] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[401]}, 88) = 401 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 400] memfd_create("syzkaller", 0) = 3 [pid 400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 400] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 400] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 118.362485][ T397] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 400] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 401] creat("./bus", 000) = 5 [pid 401] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 0 [pid 401] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 401] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 1 [pid 401] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 401] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 401] <... futex resumed>) = 1 [pid 401] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 401] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 401] <... futex resumed>) = 1 [pid 401] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 400] <... ioctl resumed>) = 0 [pid 400] close(3) = 0 [pid 400] close(4) = 0 [pid 400] mkdir("./file0", 0777) = 0 [pid 400] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 400] chdir("./file0") = 0 [pid 400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 400] ioctl(4, LOOP_CLR_FD) = 0 [pid 400] close(4) = 0 [pid 400] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 400] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] exit_group(0) = ? [pid 400] <... futex resumed>) = ? [pid 400] +++ exited with 0 +++ [pid 401] <... futex resumed>) = ? [pid 401] +++ exited with 0 +++ [pid 399] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=399, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/bus") = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 402 ./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x555594dc86a0, 24) = 0 [pid 402] chdir("./3") = 0 [pid 402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 402] setpgid(0, 0) = 0 [pid 402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 402] write(3, "1000", 4) = 4 [pid 402] close(3) = 0 [pid 402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 402] write(1, "executing program\n", 18) = 18 [pid 402] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 402] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[403]}, 88) = 403 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 402] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[404]}, 88) = 404 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 403 attached [pid 403] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] memfd_create("syzkaller", 0) = 3 [pid 403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 404 attached [pid 404] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 404] creat("./bus", 000) = 4 [pid 404] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... write resumed>) = 131072 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 403] munmap(0x7fa7f2c57000, 138412032 [pid 404] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 403] <... munmap resumed>) = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 403] ioctl(5, LOOP_SET_FD, 3 [pid 404] <... mount resumed>) = 0 [pid 404] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.398038][ T400] loop0: detected capacity change from 0 to 256 [ 118.407117][ T400] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.417585][ T400] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.427946][ T400] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 402] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 404] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 402] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 404] <... futex resumed>) = 1 [pid 404] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 404] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 404] <... futex resumed>) = 1 [pid 404] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] <... ioctl resumed>) = 0 [pid 403] close(3) = 0 [pid 403] close(5) = 0 [pid 403] mkdir("./file0", 0777) = 0 [pid 403] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 403] chdir("./file0") = 0 [pid 403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 403] ioctl(5, LOOP_CLR_FD) = 0 [pid 403] close(5) = 0 [pid 403] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 402] exit_group(0 [pid 404] <... futex resumed>) = ? [pid 402] <... exit_group resumed>) = ? [pid 404] +++ exited with 0 +++ [pid 403] <... futex resumed>) = ? [pid 403] +++ exited with 0 +++ [pid 402] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=402, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./3/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/bus") = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 405 ./strace-static-x86_64: Process 405 attached [pid 405] set_robust_list(0x555594dc86a0, 24) = 0 [pid 405] chdir("./4") = 0 [pid 405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 405] setpgid(0, 0) = 0 [pid 405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 405] write(3, "1000", 4) = 4 [pid 405] close(3) = 0 [pid 405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 405] write(1, "executing program\n", 18) = 18 [pid 405] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 405] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[406]}, 88) = 406 ./strace-static-x86_64: Process 406 attached [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 405] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 406] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 405] <... mprotect resumed>) = 0 [pid 405] rt_sigprocmask(SIG_BLOCK, ~[], [pid 406] rt_sigprocmask(SIG_SETMASK, [], [pid 405] <... rt_sigprocmask resumed>[], 8) = 0 [pid 406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 407 attached [pid 406] memfd_create("syzkaller", 0) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 407] set_robust_list(0x7fa7fb0779a0, 24 [pid 405] <... clone3 resumed> => {parent_tid=[407]}, 88) = 407 [pid 407] <... set_robust_list resumed>) = 0 [pid 405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 405] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] creat("./bus", 000) = 4 [pid 407] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... futex resumed>) = 1 [pid 407] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 407] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... write resumed>) = 131072 [pid 406] munmap(0x7fa7f2c57000, 138412032 [pid 407] <... futex resumed>) = 1 [pid 405] <... futex resumed>) = 0 [pid 407] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 405] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] <... munmap resumed>) = 0 [pid 405] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 407] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 405] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 405] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 407] <... futex resumed>) = 1 [pid 407] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 407] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 405] <... futex resumed>) = 0 [pid 407] <... futex resumed>) = 1 [pid 407] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.468193][ T403] loop0: detected capacity change from 0 to 256 [ 118.475744][ T403] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.486317][ T403] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.496847][ T403] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 406] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 406] close(3) = 0 [pid 406] close(6) = 0 [pid 406] mkdir("./file0", 0777) = 0 [pid 406] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file0") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 406] ioctl(6, LOOP_CLR_FD) = 0 [pid 406] close(6) = 0 [pid 406] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 406] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 405] exit_group(0) = ? [pid 406] <... futex resumed>) = ? [pid 406] +++ exited with 0 +++ [pid 407] <... futex resumed>) = ? [pid 407] +++ exited with 0 +++ [pid 405] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=405, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/bus") = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x555594dc86a0, 24) = 0 [pid 408] chdir("./5") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] write(1, "executing program\n", 18) = 18 [pid 408] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 408] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[409]}, 88) = 409 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 408] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[410]}, 88) = 410 [pid 408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 408] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 410] creat("./bus", 000) = 3 [pid 410] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... futex resumed>) = 1 [pid 410] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 410] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... futex resumed>) = 1 [pid 410] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 410] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... futex resumed>) = 1 [pid 410] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 410] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 410] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] memfd_create("syzkaller", 0) = 5 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 409] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 409] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.535413][ T406] loop0: detected capacity change from 0 to 256 [ 118.543851][ T406] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.554469][ T406] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.564230][ T406] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 409] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 409] close(5) = 0 [pid 409] close(6) = 0 [pid 409] mkdir("./file0", 0777) = 0 [pid 409] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 409] chdir("./file0") = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 409] ioctl(6, LOOP_CLR_FD) = 0 [pid 409] close(6) = 0 [pid 409] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] exit_group(0 [pid 410] <... futex resumed>) = ? [pid 408] <... exit_group resumed>) = ? [pid 410] +++ exited with 0 +++ [pid 409] <... futex resumed>) = ? [pid 409] +++ exited with 0 +++ [pid 408] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=408, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/bus") = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 411 ./strace-static-x86_64: Process 411 attached [pid 411] set_robust_list(0x555594dc86a0, 24) = 0 [pid 411] chdir("./6") = 0 [pid 411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 411] setpgid(0, 0) = 0 [pid 411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 411] write(3, "1000", 4) = 4 [pid 411] close(3) = 0 [pid 411] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 411] write(1, "executing program\n", 18) = 18 [pid 411] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 411] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[412]}, 88) = 412 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 411] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[413]}, 88) = 413 [pid 411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 411] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 413] creat("./bus", 000) = 3 [pid 413] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 413] <... futex resumed>) = 1 [pid 413] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 413] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 413] <... futex resumed>) = 1 [pid 413] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 413] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 411] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 411] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 413] <... futex resumed>) = 1 [pid 413] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 413] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 411] <... futex resumed>) = 0 [pid 413] <... futex resumed>) = 1 [pid 413] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 412 attached [pid 412] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 412] memfd_create("syzkaller", 0) = 5 [pid 412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 412] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 412] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.601180][ T409] loop0: detected capacity change from 0 to 256 [ 118.609750][ T409] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.620730][ T409] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.631714][ T409] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 412] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 412] close(5) = 0 [pid 412] close(6) = 0 [pid 412] mkdir("./file0", 0777) = 0 [pid 412] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 412] chdir("./file0") = 0 [pid 412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 412] ioctl(6, LOOP_CLR_FD) = 0 [pid 412] close(6) = 0 [pid 412] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 412] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 411] exit_group(0 [pid 413] <... futex resumed>) = ? [pid 411] <... exit_group resumed>) = ? [pid 413] +++ exited with 0 +++ [pid 412] <... futex resumed>) = ? [pid 412] +++ exited with 0 +++ [pid 411] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=411, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/bus") = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 414 ./strace-static-x86_64: Process 414 attached [pid 414] set_robust_list(0x555594dc86a0, 24) = 0 [pid 414] chdir("./7") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] write(1, "executing program\n", 18executing program ) = 18 [pid 414] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 414] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[415]}, 88) = 415 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 414] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 414] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 415 attached [], 8) = 0 [pid 415] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 416 attached [pid 416] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 416] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... clone3 resumed> => {parent_tid=[416]}, 88) = 416 [pid 414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 415] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 414] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] creat("./bus", 000 [pid 415] <... write resumed>) = 131072 [pid 414] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] munmap(0x7fa7f2c57000, 138412032 [pid 416] <... creat resumed>) = 4 [pid 416] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... munmap resumed>) = 0 [pid 416] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] <... futex resumed>) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 414] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 416] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 414] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 416] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 414] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] <... futex resumed>) = 0 [pid 416] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 416] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 416] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 415] <... openat resumed>) = 6 [ 118.670292][ T412] loop0: detected capacity change from 0 to 256 [ 118.677858][ T412] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.688459][ T412] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.699373][ T412] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 415] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] close(6) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 415] chdir("./file0") = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 415] ioctl(6, LOOP_CLR_FD) = 0 [pid 415] close(6) = 0 [pid 415] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 414] exit_group(0 [pid 416] <... futex resumed>) = ? [pid 415] <... futex resumed>) = ? [pid 414] <... exit_group resumed>) = ? [pid 416] +++ exited with 0 +++ [pid 415] +++ exited with 0 +++ [pid 414] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=414, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/bus") = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 418 ./strace-static-x86_64: Process 418 attached [pid 418] set_robust_list(0x555594dc86a0, 24) = 0 [pid 418] chdir("./8") = 0 [pid 418] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 418] setpgid(0, 0) = 0 [pid 418] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 418] write(3, "1000", 4) = 4 [pid 418] close(3) = 0 [pid 418] symlink("/dev/binderfs", "./binderfs") = 0 [pid 418] write(1, "executing program\n", 18) = 18 [pid 418] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 418] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 418] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[419]}, 88) = 419 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 418] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 418] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 418] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[420]}, 88) = 420 [pid 418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 418] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 420] creat("./bus", 000) = 3 [pid 420] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 1 [pid 420] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 420] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 1 [pid 420] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 420] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 418] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 418] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 1 [pid 420] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 420] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 418] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = 1 [pid 420] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 419] memfd_create("syzkaller", 0) = 5 [pid 419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 419] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 419] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.743735][ T415] loop0: detected capacity change from 0 to 256 [ 118.751922][ T415] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.762543][ T415] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.772739][ T415] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 419] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 419] close(5) = 0 [pid 419] close(6) = 0 [pid 419] mkdir("./file0", 0777) = 0 [pid 419] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 419] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 419] chdir("./file0") = 0 [pid 419] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 419] ioctl(6, LOOP_CLR_FD) = 0 [pid 419] close(6) = 0 [pid 419] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 419] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 418] exit_group(0 [pid 420] <... futex resumed>) = ? [pid 418] <... exit_group resumed>) = ? [pid 420] +++ exited with 0 +++ [pid 419] <... futex resumed>) = ? [pid 419] +++ exited with 0 +++ [pid 418] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=418, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/bus") = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 421 ./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x555594dc86a0, 24) = 0 [pid 421] chdir("./9") = 0 [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 421] setpgid(0, 0) = 0 [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 421] write(3, "1000", 4) = 4 [pid 421] close(3) = 0 [pid 421] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 421] write(1, "executing program\n", 18) = 18 [pid 421] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 421] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[422]}, 88) = 422 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 421] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[423]}, 88) = 423 [pid 421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 421] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] creat("./bus", 000) = 3 [pid 423] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 423] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 423] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 421] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] <... futex resumed>) = 1 [pid 423] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 423] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 1 [pid 423] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 422 attached [pid 422] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] memfd_create("syzkaller", 0) = 5 [pid 422] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 422] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 422] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.822760][ T419] loop0: detected capacity change from 0 to 256 [ 118.831035][ T419] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.841699][ T419] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.852156][ T419] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 422] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 422] close(5) = 0 [pid 422] close(6) = 0 [pid 422] mkdir("./file0", 0777) = 0 [pid 422] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 422] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 422] chdir("./file0") = 0 [pid 422] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 422] ioctl(6, LOOP_CLR_FD) = 0 [pid 422] close(6) = 0 [pid 422] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] exit_group(0 [pid 423] <... futex resumed>) = ? [pid 421] <... exit_group resumed>) = ? [pid 423] +++ exited with 0 +++ [pid 422] <... futex resumed>) = ? [pid 422] +++ exited with 0 +++ [pid 421] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=421, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/bus") = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 424 ./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x555594dc86a0, 24) = 0 [pid 424] chdir("./10") = 0 [pid 424] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 424] setpgid(0, 0) = 0 [pid 424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] write(3, "1000", 4) = 4 [pid 424] close(3) = 0 [pid 424] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] write(1, "executing program\n", 18) = 18 [pid 424] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 424] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[425]}, 88) = 425 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 424] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 424] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[426]}, 88) = 426 [pid 424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 424] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 426 attached [pid 426] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 426] creat("./bus", 000) = 3 [pid 426] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 426] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 426] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 424] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 424] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 426] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] <... futex resumed>) = 0 [pid 426] <... futex resumed>) = 1 [pid 426] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 425] memfd_create("syzkaller", 0) = 5 [pid 425] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 425] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 425] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.888513][ T422] loop0: detected capacity change from 0 to 256 [ 118.896505][ T422] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.907012][ T422] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.917654][ T422] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 425] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 425] close(5) = 0 [pid 425] close(6) = 0 [pid 425] mkdir("./file0", 0777) = 0 [pid 425] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 425] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 425] chdir("./file0") = 0 [pid 425] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 425] ioctl(6, LOOP_CLR_FD) = 0 [pid 425] close(6) = 0 [pid 425] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 424] exit_group(0) = ? [pid 425] <... futex resumed>) = ? [pid 425] +++ exited with 0 +++ [pid 426] <... futex resumed>) = ? [pid 426] +++ exited with 0 +++ [pid 424] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=424, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/bus") = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x555594dc86a0, 24) = 0 [pid 427] chdir("./11") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] write(1, "executing program\n", 18) = 18 [pid 427] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 427] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[428]}, 88) = 428 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 427] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[429]}, 88) = 429 [pid 427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 427] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 429] creat("./bus", 000) = 3 [pid 429] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... futex resumed>) = 1 [pid 429] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 429] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... futex resumed>) = 1 [pid 429] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 429] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 429] <... futex resumed>) = 1 [pid 429] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 429] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... futex resumed>) = 0 [pid 429] <... futex resumed>) = 1 [pid 429] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] memfd_create("syzkaller", 0) = 5 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 428] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 428] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 118.953540][ T425] loop0: detected capacity change from 0 to 256 [ 118.961020][ T425] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 118.971571][ T425] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 118.981918][ T425] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 428] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 428] close(5) = 0 [pid 428] close(6) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 428] chdir("./file0") = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 428] ioctl(6, LOOP_CLR_FD) = 0 [pid 428] close(6) = 0 [pid 428] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 427] exit_group(0) = ? [pid 428] <... futex resumed>) = ? [pid 428] +++ exited with 0 +++ [pid 429] <... futex resumed>) = ? [pid 429] +++ exited with 0 +++ [pid 427] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=427, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/bus") = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x555594dc86a0, 24) = 0 [pid 430] chdir("./12") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] write(1, "executing program\n", 18) = 18 [pid 430] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 430] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[431]}, 88) = 431 [pid 430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 430] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 430] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[432]}, 88) = 432 [pid 430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 430] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 431 attached [pid 431] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 431] memfd_create("syzkaller", 0) = 3 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 431] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 431] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x7fa7fb0779a0, 24) = 0 [ 119.020226][ T428] loop0: detected capacity change from 0 to 256 [ 119.029434][ T428] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.039908][ T428] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.050541][ T428] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 432] creat("./bus", 000) = 5 [pid 432] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 432] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... futex resumed>) = 0 [pid 432] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 432] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... futex resumed>) = 1 [pid 432] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 432] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 432] <... futex resumed>) = 1 [pid 431] <... ioctl resumed>) = 0 [pid 432] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 431] close(3) = 0 [pid 432] <... write resumed>) = -1 EINVAL (Invalid argument) [pid 431] close(4 [pid 432] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... close resumed>) = 0 [pid 432] <... futex resumed>) = 1 [pid 432] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] mkdir("./file0", 0777) = 0 [pid 431] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 430] <... futex resumed>) = 0 [pid 431] <... mount resumed>) = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 431] chdir("./file0") = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_CLR_FD) = 0 [pid 431] close(4) = 0 [pid 431] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] exit_group(0 [pid 432] <... futex resumed>) = ? [pid 430] <... exit_group resumed>) = ? [pid 432] +++ exited with 0 +++ [pid 431] <... futex resumed>) = ? [pid 431] +++ exited with 0 +++ [pid 430] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=430, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./12/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/bus") = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 433 ./strace-static-x86_64: Process 433 attached [pid 433] set_robust_list(0x555594dc86a0, 24) = 0 [pid 433] chdir("./13") = 0 [pid 433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 433] setpgid(0, 0) = 0 [pid 433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 433] write(3, "1000", 4) = 4 [pid 433] close(3) = 0 [pid 433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 433] write(1, "executing program\n", 18) = 18 [pid 433] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 433] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[434]}, 88) = 434 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 433] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[435]}, 88) = 435 [pid 433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 433] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 434] memfd_create("syzkaller", 0) = 3 [pid 434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 434] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 434] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 119.085815][ T431] loop0: detected capacity change from 0 to 256 [ 119.094725][ T431] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.105251][ T431] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.115788][ T431] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 434] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 435 attached ) = 0 [pid 434] close(3) = 0 [pid 434] close(4) = 0 [pid 434] mkdir("./file0", 0777 [pid 435] set_robust_list(0x7fa7fb0779a0, 24 [pid 434] <... mkdir resumed>) = 0 [pid 434] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 435] <... set_robust_list resumed>) = 0 [pid 435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 435] creat("./bus", 000) = 3 [pid 435] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... futex resumed>) = 0 [pid 435] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 435] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 435] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [pid 433] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 433] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = 4096 [pid 435] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 433] <... futex resumed>) = 0 [ 119.152297][ T434] loop0: detected capacity change from 0 to 256 [ 119.160076][ T434] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.170577][ T434] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.178924][ T434] ================================================================================ [ 119.188216][ T434] UBSAN: shift-out-of-bounds in fs/exfat/super.c:529:38 [ 119.194921][ T434] shift exponent 185 is too large for 32-bit type 'int' [ 119.201776][ T434] CPU: 0 PID: 434 Comm: syz-executor268 Not tainted 6.1.129-syzkaller-00006-gefda22f3484c #0 [ 119.211656][ T434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 119.221581][ T434] Call Trace: [ 119.224674][ T434] [ 119.227453][ T434] dump_stack_lvl+0x151/0x1b7 [ 119.232062][ T434] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 119.237492][ T434] dump_stack+0x15/0x18 [ 119.241474][ T434] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 119.247727][ T434] exfat_fill_super+0x2b3a/0x2b80 [pid 435] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 433] exit_group(0 [pid 435] <... futex resumed>) = ? [pid 433] <... exit_group resumed>) = ? [pid 435] +++ exited with 0 +++ [ 119.252597][ T434] ? exfat_reconfigure+0x90/0x90 [ 119.257360][ T434] ? set_blocksize+0x1cb/0x360 [ 119.261965][ T434] ? sb_set_blocksize+0xa8/0xf0 [ 119.266644][ T434] get_tree_bdev+0x440/0x680 [ 119.271076][ T434] ? exfat_reconfigure+0x90/0x90 [ 119.275849][ T434] exfat_get_tree+0x1c/0x20 [ 119.280183][ T434] vfs_get_tree+0x88/0x290 [ 119.284438][ T434] do_new_mount+0x2ba/0xb30 [ 119.288776][ T434] ? do_move_mount_old+0x160/0x160 [ 119.293723][ T434] ? security_capable+0x87/0xb0 [ 119.298410][ T434] ? ns_capable+0x89/0xe0 [ 119.302574][ T434] path_mount+0x671/0x1070 [ 119.306827][ T434] ? user_path_at_empty+0x14e/0x1a0 [ 119.311864][ T434] __se_sys_mount+0x2c4/0x3b0 [ 119.316384][ T434] ? __x64_sys_mount+0xd0/0xd0 [ 119.320984][ T434] ? fpregs_restore_userregs+0x130/0x290 [ 119.326447][ T434] __x64_sys_mount+0xbf/0xd0 [ 119.330872][ T434] x64_sys_call+0x49d/0x9a0 [ 119.335209][ T434] do_syscall_64+0x3b/0xb0 [ 119.339461][ T434] ? clear_bhb_loop+0x55/0xb0 [ 119.343987][ T434] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 119.349826][ T434] RIP: 0033:0x7fa7fb0dcfea [ 119.354077][ T434] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 5e 04 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 119.373522][ T434] RSP: 002b:00007fa7fb098088 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 119.381761][ T434] RAX: ffffffffffffffda RBX: 00007fa7fb0980a0 RCX: 00007fa7fb0dcfea [ 119.389581][ T434] RDX: 0000200000000000 RSI: 0000200000000240 RDI: 00007fa7fb0980a0 [pid 434] <... mount resumed>) = ? [pid 434] +++ exited with 0 +++ [pid 433] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=433, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./13/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./13/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/bus") = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 119.397385][ T434] RBP: 0000200000000240 R08: 00007fa7fb0980e0 R09: 00000000000014f8 [ 119.405283][ T434] R10: 0000000000000000 R11: 0000000000000286 R12: 0000200000000000 [ 119.413093][ T434] R13: 00007fa7fb0980e0 R14: 0000000000000003 R15: 0000000000000000 [ 119.420913][ T434] [ 119.423876][ T434] ================================================================================ [ 119.432919][ T434] exFAT-fs (loop0): unable to set blocksize 33554432 [ 119.439439][ T434] exFAT-fs (loop0): failed to read boot sector [ 119.445489][ T434] exFAT-fs (loop0): failed to recognize exfat type ioctl(3, LOOP_CLR_FDexecuting program ) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 436 ./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x555594dc86a0, 24) = 0 [pid 436] chdir("./14") = 0 [pid 436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 436] setpgid(0, 0) = 0 [pid 436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 436] write(3, "1000", 4) = 4 [pid 436] close(3) = 0 [pid 436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 436] write(1, "executing program\n", 18) = 18 [pid 436] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 436] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[437]}, 88) = 437 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 436] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[438]}, 88) = 438 [pid 436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 436] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 438 attached [pid 438] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 438] creat("./bus", 000) = 3 [pid 438] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 438] <... futex resumed>) = 1 [pid 438] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 437 attached ) = 0 [pid 437] set_robust_list(0x7fa7fb0989a0, 24 [pid 438] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] <... futex resumed>) = 0 [pid 438] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 438] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 436] <... futex resumed>) = 0 [pid 438] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 436] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 438] <... open resumed>) = 4 [pid 438] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 438] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] <... futex resumed>) = 0 [pid 436] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... set_robust_list resumed>) = 0 [pid 436] <... futex resumed>) = 1 [pid 437] rt_sigprocmask(SIG_SETMASK, [], [pid 436] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 438] <... futex resumed>) = 0 [pid 437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 438] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 437] memfd_create("syzkaller", 0 [pid 438] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 438] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 436] <... futex resumed>) = 0 [pid 438] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] <... memfd_create resumed>) = 5 [pid 437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 437] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 437] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 437] close(5) = 0 [pid 437] close(6) = 0 [pid 437] mkdir("./file0", 0777) = 0 [pid 437] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 437] chdir("./file0") = 0 [pid 437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 437] ioctl(6, LOOP_CLR_FD) = 0 [pid 437] close(6) = 0 [pid 437] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 437] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 436] exit_group(0) = ? [pid 437] <... futex resumed>) = ? [pid 437] +++ exited with 0 +++ [pid 438] <... futex resumed>) = ? [pid 438] +++ exited with 0 +++ [pid 436] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=436, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./14/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/bus") = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 439 ./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x555594dc86a0, 24) = 0 [pid 439] chdir("./15") = 0 [pid 439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 439] setpgid(0, 0) = 0 [pid 439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 439] write(3, "1000", 4) = 4 [pid 439] close(3) = 0 [pid 439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 439] write(1, "executing program\n", 18executing program ) = 18 [pid 439] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 439] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[440]}, 88) = 440 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 439] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[441]}, 88) = 441 [pid 439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 439] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 439] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 440] memfd_create("syzkaller", 0./strace-static-x86_64: Process 441 attached ) = 3 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 441] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] creat("./bus", 000) = 4 [pid 441] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 441] <... futex resumed>) = 1 [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 439] <... futex resumed>) = 0 [pid 439] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 441] <... mount resumed>) = 0 [pid 441] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] <... futex resumed>) = 0 [pid 441] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 440] <... write resumed>) = 131072 [pid 439] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] <... open resumed>) = 5 [pid 441] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 440] munmap(0x7fa7f2c57000, 138412032 [pid 439] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... munmap resumed>) = 0 [pid 439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 439] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 439] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... openat resumed>) = 6 [pid 441] <... futex resumed>) = 0 [pid 440] ioctl(6, LOOP_SET_FD, 3 [ 119.518058][ T437] loop0: detected capacity change from 0 to 256 [ 119.525654][ T437] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.536241][ T437] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.546347][ T437] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 441] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 441] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 441] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] <... futex resumed>) = 0 [pid 440] <... ioctl resumed>) = 0 [pid 440] close(3) = 0 [pid 440] close(6) = 0 [pid 440] mkdir("./file0", 0777) = 0 [pid 440] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 440] ioctl(6, LOOP_CLR_FD) = 0 [pid 440] close(6) = 0 [pid 440] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 440] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 439] exit_group(0) = ? [pid 440] <... futex resumed>) = ? [pid 440] +++ exited with 0 +++ [pid 441] <... futex resumed>) = ? [pid 441] +++ exited with 0 +++ [pid 439] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=439, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./15/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/bus") = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 442 ./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x555594dc86a0, 24) = 0 [pid 442] chdir("./16") = 0 [pid 442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 442] setpgid(0, 0) = 0 [pid 442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 442] write(3, "1000", 4) = 4 [pid 442] close(3) = 0 [pid 442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 442] write(1, "executing program\n", 18executing program ) = 18 [pid 442] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 442] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[443]}, 88) = 443 [pid 442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 442] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 442] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[444]}, 88) = 444 [pid 442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 442] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 444 attached [pid 444] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 444] creat("./bus", 000) = 3 [pid 444] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] <... futex resumed>) = 0 [pid 442] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 444] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] <... futex resumed>) = 0 [pid 442] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 444] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] <... futex resumed>) = 0 [pid 442] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 444] <... futex resumed>) = 1 [pid 444] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 444] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] <... futex resumed>) = 0 [pid 444] <... futex resumed>) = 1 [pid 444] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 443] memfd_create("syzkaller", 0) = 5 [pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 443] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 443] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 119.590364][ T440] loop0: detected capacity change from 0 to 256 [ 119.600001][ T440] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.610507][ T440] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.620952][ T440] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 443] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 443] close(5) = 0 [pid 443] close(6) = 0 [pid 443] mkdir("./file0", 0777) = 0 [pid 443] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 443] chdir("./file0") = 0 [pid 443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 443] ioctl(6, LOOP_CLR_FD) = 0 [pid 443] close(6) = 0 [pid 443] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 443] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 442] exit_group(0 [pid 444] <... futex resumed>) = ? [pid 442] <... exit_group resumed>) = ? [pid 444] +++ exited with 0 +++ [pid 443] <... futex resumed>) = ? [pid 443] +++ exited with 0 +++ [pid 442] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=442, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./16/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./16/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/bus") = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 445 ./strace-static-x86_64: Process 445 attached [pid 445] set_robust_list(0x555594dc86a0, 24) = 0 [pid 445] chdir("./17") = 0 [pid 445] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 445] setpgid(0, 0) = 0 [pid 445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 445] write(3, "1000", 4) = 4 [pid 445] close(3) = 0 [pid 445] symlink("/dev/binderfs", "./binderfs") = 0 [pid 445] write(1, "executing program\n", 18) = 18 [pid 445] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 445] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[446]}, 88) = 446 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 445] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[447]}, 88) = 447 [pid 445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 445] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 447] creat("./bus", 000) = 3 [pid 447] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 447] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 447] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 445] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 445] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 447] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 445] <... futex resumed>) = 0 [pid 447] <... futex resumed>) = 1 [pid 447] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] memfd_create("syzkaller", 0) = 5 [pid 446] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 446] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 446] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 119.658518][ T443] loop0: detected capacity change from 0 to 256 [ 119.666554][ T443] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.677117][ T443] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.687900][ T443] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 446] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 446] close(5) = 0 [pid 446] close(6) = 0 [pid 446] mkdir("./file0", 0777) = 0 [pid 446] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 446] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 446] chdir("./file0") = 0 [pid 446] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 446] ioctl(6, LOOP_CLR_FD) = 0 [pid 446] close(6) = 0 [pid 446] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] exit_group(0 [pid 447] <... futex resumed>) = ? [pid 445] <... exit_group resumed>) = ? [pid 447] +++ exited with 0 +++ [pid 446] <... futex resumed>) = ? [pid 446] +++ exited with 0 +++ [pid 445] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=445, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./17/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/bus") = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./17/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 448 ./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x555594dc86a0, 24) = 0 [pid 448] chdir("./18") = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4) = 4 [pid 448] close(3) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 448] write(1, "executing program\n", 18) = 18 [pid 448] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 448] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[449]}, 88) = 449 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 448] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[450]}, 88) = 450 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 450] creat("./bus", 000) = 3 [pid 450] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 450] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 450] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... futex resumed>) = 0 [pid 448] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 450] <... futex resumed>) = 1 [pid 450] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 450] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... futex resumed>) = 0 [pid 450] <... futex resumed>) = 1 [pid 450] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 449 attached [pid 449] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 449] memfd_create("syzkaller", 0) = 5 [pid 449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 449] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 449] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 119.725329][ T446] loop0: detected capacity change from 0 to 256 [ 119.733359][ T446] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.744149][ T446] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.754115][ T446] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 449] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 449] close(5) = 0 [pid 449] close(6) = 0 [pid 449] mkdir("./file0", 0777) = 0 [pid 449] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 449] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 449] chdir("./file0") = 0 [pid 449] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 449] ioctl(6, LOOP_CLR_FD) = 0 [pid 449] close(6) = 0 [pid 449] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 449] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] exit_group(0 [pid 450] <... futex resumed>) = ? [pid 448] <... exit_group resumed>) = ? [pid 450] +++ exited with 0 +++ [pid 449] <... futex resumed>) = ? [pid 449] +++ exited with 0 +++ [pid 448] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=448, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./18/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/bus") = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 452 ./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x555594dc86a0, 24) = 0 [pid 452] chdir("./19") = 0 [pid 452] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 452] setpgid(0, 0) = 0 [pid 452] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 452] write(3, "1000", 4) = 4 [pid 452] close(3) = 0 [pid 452] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 452] write(1, "executing program\n", 18) = 18 [pid 452] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 452] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 452] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[453]}, 88) = 453 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 452] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 452] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 452] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[454]}, 88) = 454 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 454 attached [pid 454] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 454] creat("./bus", 000) = 3 [pid 454] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 454] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 454] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 452] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 452] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... futex resumed>) = 1 [pid 454] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 454] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 0 [pid 454] <... futex resumed>) = 1 [pid 454] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 453] memfd_create("syzkaller", 0) = 5 [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 453] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 453] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 119.792026][ T449] loop0: detected capacity change from 0 to 256 [ 119.799732][ T449] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.810406][ T449] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.821533][ T449] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 453] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 453] close(5) = 0 [pid 453] close(6) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 453] chdir("./file0") = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 453] ioctl(6, LOOP_CLR_FD) = 0 [pid 453] close(6) = 0 [pid 453] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] exit_group(0 [pid 454] <... futex resumed>) = ? [pid 452] <... exit_group resumed>) = ? [pid 454] +++ exited with 0 +++ [pid 453] <... futex resumed>) = ? [pid 453] +++ exited with 0 +++ [pid 452] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=452, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./19/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/bus") = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 455 ./strace-static-x86_64: Process 455 attached [pid 455] set_robust_list(0x555594dc86a0, 24) = 0 [pid 455] chdir("./20") = 0 [pid 455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 455] setpgid(0, 0) = 0 [pid 455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 455] write(3, "1000", 4) = 4 [pid 455] close(3) = 0 [pid 455] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 455] write(1, "executing program\n", 18) = 18 [pid 455] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 455] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 455] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 455] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[456]}, 88) = 456 [pid 455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 455] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 455] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 455] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[457]}, 88) = 457 [pid 455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 455] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 457 attached [pid 457] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 457] creat("./bus", 000./strace-static-x86_64: Process 456 attached [pid 456] set_robust_list(0x7fa7fb0989a0, 24 [pid 457] <... creat resumed>) = 3 [pid 456] <... set_robust_list resumed>) = 0 [pid 456] rt_sigprocmask(SIG_SETMASK, [], [pid 457] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 455] <... futex resumed>) = 0 [pid 455] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 456] memfd_create("syzkaller", 0 [pid 457] <... futex resumed>) = 1 [pid 457] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 456] <... memfd_create resumed>) = 4 [pid 457] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] <... futex resumed>) = 0 [pid 455] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] <... futex resumed>) = 1 [pid 457] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 456] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 457] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 456] <... mmap resumed>) = 0x7fa7f2c57000 [pid 457] <... futex resumed>) = 1 [pid 455] <... futex resumed>) = 0 [pid 455] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 455] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 457] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 457] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 455] <... futex resumed>) = 0 [pid 457] <... futex resumed>) = 1 [pid 456] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 457] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 456] <... write resumed>) = 131072 [pid 456] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 119.858132][ T453] loop0: detected capacity change from 0 to 256 [ 119.865905][ T453] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.876402][ T453] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.887324][ T453] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 456] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 456] close(4) = 0 [pid 456] close(6) = 0 [pid 456] mkdir("./file0", 0777) = 0 [pid 456] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 456] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 456] chdir("./file0") = 0 [pid 456] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 456] ioctl(6, LOOP_CLR_FD) = 0 [pid 456] close(6) = 0 [pid 456] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 456] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 455] exit_group(0 [pid 457] <... futex resumed>) = ? [pid 455] <... exit_group resumed>) = ? [pid 457] +++ exited with 0 +++ [pid 456] <... futex resumed>) = ? [pid 456] +++ exited with 0 +++ [pid 455] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=455, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./20/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/bus") = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 458 ./strace-static-x86_64: Process 458 attached [pid 458] set_robust_list(0x555594dc86a0, 24) = 0 [pid 458] chdir("./21") = 0 [pid 458] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 458] setpgid(0, 0) = 0 [pid 458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 458] write(3, "1000", 4) = 4 [pid 458] close(3) = 0 [pid 458] symlink("/dev/binderfs", "./binderfs") = 0 [pid 458] write(1, "executing program\n", 18) = 18 [pid 458] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 458] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[459]}, 88) = 459 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 458] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 458] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[460]}, 88) = 460 [pid 458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 458] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 460] creat("./bus", 000) = 3 [pid 460] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 460] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 460] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 458] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 458] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 460] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... futex resumed>) = 0 [pid 460] <... futex resumed>) = 1 [pid 460] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 459 attached [pid 459] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 459] memfd_create("syzkaller", 0) = 5 [pid 459] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 459] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 459] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 119.932987][ T456] loop0: detected capacity change from 0 to 256 [ 119.940515][ T456] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 119.951215][ T456] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 119.961713][ T456] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 459] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 459] close(5) = 0 [pid 459] close(6) = 0 [pid 459] mkdir("./file0", 0777) = 0 [pid 459] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 459] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 459] chdir("./file0") = 0 [pid 459] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 459] ioctl(6, LOOP_CLR_FD) = 0 [pid 459] close(6) = 0 [pid 459] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 458] exit_group(0 [pid 460] <... futex resumed>) = ? [pid 458] <... exit_group resumed>) = ? [pid 460] +++ exited with 0 +++ [pid 459] <... futex resumed>) = ? [pid 459] +++ exited with 0 +++ [pid 458] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=458, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./21/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/bus") = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 461 ./strace-static-x86_64: Process 461 attached [pid 461] set_robust_list(0x555594dc86a0, 24) = 0 [pid 461] chdir("./22") = 0 [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 461] setpgid(0, 0) = 0 [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 461] write(3, "1000", 4) = 4 [pid 461] close(3) = 0 [pid 461] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 461] write(1, "executing program\n", 18) = 18 [pid 461] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 461] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[462]}, 88) = 462 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 461] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[463]}, 88) = 463 [pid 461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 461] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 463 attached [pid 463] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 463] creat("./bus", 000) = 3 [pid 463] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 463] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 463] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 1 [pid 463] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 463] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = 0 [pid 463] <... futex resumed>) = 1 [pid 463] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 462 attached [pid 462] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 462] memfd_create("syzkaller", 0) = 5 [pid 462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 462] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 462] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.000251][ T459] loop0: detected capacity change from 0 to 256 [ 120.008526][ T459] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.019000][ T459] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.029305][ T459] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 462] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 462] close(5) = 0 [pid 462] close(6) = 0 [pid 462] mkdir("./file0", 0777) = 0 [pid 462] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 462] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 462] chdir("./file0") = 0 [pid 462] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 462] ioctl(6, LOOP_CLR_FD) = 0 [pid 462] close(6) = 0 [pid 462] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 462] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 461] exit_group(0) = ? [pid 462] <... futex resumed>) = ? [pid 462] +++ exited with 0 +++ [pid 463] <... futex resumed>) = ? [pid 463] +++ exited with 0 +++ [pid 461] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=461, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./22", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./22/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/bus") = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./22/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 464 ./strace-static-x86_64: Process 464 attached [pid 464] set_robust_list(0x555594dc86a0, 24) = 0 [pid 464] chdir("./23") = 0 [pid 464] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 464] setpgid(0, 0) = 0 [pid 464] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 464] write(3, "1000", 4) = 4 [pid 464] close(3) = 0 [pid 464] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 464] write(1, "executing program\n", 18) = 18 [pid 464] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 464] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 464] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[465]}, 88) = 465 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 464] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 464] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 464] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[466]}, 88) = 466 [pid 464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 464] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 466] creat("./bus", 000) = 3 [pid 466] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 466] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 466] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 464] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 464] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 466] <... futex resumed>) = 1 [pid 466] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 466] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = 0 [pid 466] <... futex resumed>) = 1 [pid 466] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] memfd_create("syzkaller", 0) = 5 [pid 465] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 465] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 465] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.067515][ T462] loop0: detected capacity change from 0 to 256 [ 120.075524][ T462] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.086105][ T462] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.096635][ T462] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 465] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 465] close(5) = 0 [pid 465] close(6) = 0 [pid 465] mkdir("./file0", 0777) = 0 [ 120.135172][ T465] loop0: detected capacity change from 0 to 256 [ 120.152886][ T465] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.163499][ T465] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 465] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 465] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 465] chdir("./file0") = 0 [pid 465] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 465] ioctl(6, LOOP_CLR_FD) = 0 [pid 465] close(6) = 0 [pid 465] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 464] exit_group(0) = ? [pid 465] <... futex resumed>) = ? [pid 465] +++ exited with 0 +++ [pid 466] <... futex resumed>) = ? [pid 466] +++ exited with 0 +++ [pid 464] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=464, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./23/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/bus") = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 467 ./strace-static-x86_64: Process 467 attached [pid 467] set_robust_list(0x555594dc86a0, 24) = 0 [pid 467] chdir("./24") = 0 [pid 467] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 467] setpgid(0, 0) = 0 [pid 467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 467] write(3, "1000", 4) = 4 [pid 467] close(3) = 0 [pid 467] symlink("/dev/binderfs", "./binderfs") = 0 [pid 467] write(1, "executing program\n", 18) = 18 [pid 467] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 467] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[468]}, 88) = 468 [pid 467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 467] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 467] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 467] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[469]}, 88) = 469 [pid 467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 467] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 469] creat("./bus", 000) = 3 [pid 469] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 469] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 469] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 467] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 467] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 469] <... futex resumed>) = 1 [pid 469] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 469] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 1 [pid 469] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 468 attached [pid 468] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 468] memfd_create("syzkaller", 0) = 5 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 468] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 468] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.174275][ T465] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 468] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 468] close(5) = 0 [pid 468] close(6) = 0 [pid 468] mkdir("./file0", 0777) = 0 [pid 468] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 468] chdir("./file0") = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 468] ioctl(6, LOOP_CLR_FD) = 0 [pid 468] close(6) = 0 [pid 468] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 468] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 467] exit_group(0) = ? [pid 468] <... futex resumed>) = ? [pid 468] +++ exited with 0 +++ [pid 469] <... futex resumed>) = ? [pid 469] +++ exited with 0 +++ [pid 467] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=467, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./24/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/bus") = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 470 ./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x555594dc86a0, 24) = 0 [pid 470] chdir("./25") = 0 [pid 470] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 470] setpgid(0, 0) = 0 [pid 470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 470] write(3, "1000", 4) = 4 [pid 470] close(3) = 0 [pid 470] symlink("/dev/binderfs", "./binderfs") = 0 [pid 470] write(1, "executing program\n", 18) = 18 [pid 470] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 470] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7fa7fb0989a0, 24 [pid 470] <... clone3 resumed> => {parent_tid=[471]}, 88) = 471 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 471] <... set_robust_list resumed>) = 0 [pid 470] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] rt_sigprocmask(SIG_SETMASK, [], [pid 470] <... futex resumed>) = 0 [pid 471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] memfd_create("syzkaller", 0 [pid 470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 471] <... memfd_create resumed>) = 3 [pid 471] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 470] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 470] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[472]}, 88) = 472 [pid 470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 472 attached [pid 471] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 470] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 472] rt_sigprocmask(SIG_SETMASK, [], [pid 471] <... write resumed>) = 131072 [pid 472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 472] creat("./bus", 000 [pid 471] munmap(0x7fa7f2c57000, 138412032 [pid 472] <... creat resumed>) = 4 [pid 472] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 471] <... munmap resumed>) = 0 [pid 470] <... futex resumed>) = 0 [pid 472] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 470] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 471] <... openat resumed>) = 5 [pid 470] <... futex resumed>) = 0 [pid 471] ioctl(5, LOOP_SET_FD, 3 [pid 472] <... mount resumed>) = 0 [pid 472] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 120.209973][ T468] loop0: detected capacity change from 0 to 256 [ 120.219098][ T468] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.229595][ T468] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.240812][ T468] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 470] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 470] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] <... futex resumed>) = 0 [pid 472] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 472] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 470] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 470] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 472] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 472] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 470] <... futex resumed>) = 0 [pid 472] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 471] <... ioctl resumed>) = 0 [pid 471] close(3) = 0 [pid 471] close(5) = 0 [pid 471] mkdir("./file0", 0777) = 0 [pid 471] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 471] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 471] chdir("./file0") = 0 [pid 471] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 471] ioctl(5, LOOP_CLR_FD) = 0 [pid 471] close(5) = 0 [pid 471] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 471] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] exit_group(0 [pid 472] <... futex resumed>) = ? [pid 472] +++ exited with 0 +++ [pid 470] <... exit_group resumed>) = ? [pid 471] <... futex resumed>) = ? [pid 471] +++ exited with 0 +++ [pid 470] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=470, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./25/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/bus") = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 473 ./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x555594dc86a0, 24) = 0 [pid 473] chdir("./26") = 0 [pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 473] setpgid(0, 0) = 0 [pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 473] write(3, "1000", 4) = 4 [pid 473] close(3) = 0 [pid 473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 473] write(1, "executing program\n", 18) = 18 [pid 473] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 473] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 473] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[474]}, 88) = 474 [pid 473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 473] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 473] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 473] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[475]}, 88) = 475 [pid 473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 473] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 475 attached [pid 475] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 475] creat("./bus", 000) = 3 [pid 475] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... futex resumed>) = 1 [pid 475] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 475] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... futex resumed>) = 1 [pid 475] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 475] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 475] <... futex resumed>) = 1 [pid 475] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 475] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 475] <... futex resumed>) = 1 [pid 475] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 474 attached [pid 474] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 474] memfd_create("syzkaller", 0) = 5 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 474] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 474] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.280459][ T471] loop0: detected capacity change from 0 to 256 [ 120.289840][ T471] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.300538][ T471] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.311710][ T471] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 474] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 474] close(5) = 0 [pid 474] close(6) = 0 [pid 474] mkdir("./file0", 0777) = 0 [pid 474] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 474] chdir("./file0") = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 474] ioctl(6, LOOP_CLR_FD) = 0 [pid 474] close(6) = 0 [pid 474] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] exit_group(0) = ? [pid 475] <... futex resumed>) = ? [pid 474] <... futex resumed>) = ? [pid 474] +++ exited with 0 +++ [pid 475] +++ exited with 0 +++ [pid 473] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=473, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./26/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/bus") = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 476 ./strace-static-x86_64: Process 476 attached [pid 476] set_robust_list(0x555594dc86a0, 24) = 0 [pid 476] chdir("./27") = 0 [pid 476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 476] setpgid(0, 0) = 0 [pid 476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 476] write(3, "1000", 4) = 4 [pid 476] close(3) = 0 [pid 476] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 476] write(1, "executing program\n", 18) = 18 [pid 476] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 476] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[477]}, 88) = 477 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 476] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 476] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[478]}, 88) = 478 [pid 476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 476] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 478 attached [pid 478] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 478] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 478] creat("./bus", 000) = 3 [pid 478] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 478] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 478] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 476] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 476] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 478] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 478] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 476] <... futex resumed>) = 0 [pid 478] <... futex resumed>) = 1 [pid 478] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 477 attached [pid 477] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 477] memfd_create("syzkaller", 0) = 5 [pid 477] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 477] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 477] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.352402][ T474] loop0: detected capacity change from 0 to 256 [ 120.361889][ T474] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.372361][ T474] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.382619][ T474] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 477] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 477] close(5) = 0 [pid 477] close(6) = 0 [pid 477] mkdir("./file0", 0777) = 0 [pid 477] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 477] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 477] chdir("./file0") = 0 [pid 477] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 477] ioctl(6, LOOP_CLR_FD) = 0 [pid 477] close(6) = 0 [pid 477] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 477] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 476] exit_group(0 [pid 478] <... futex resumed>) = ? [pid 476] <... exit_group resumed>) = ? [pid 478] +++ exited with 0 +++ [pid 477] <... futex resumed>) = ? [pid 477] +++ exited with 0 +++ [pid 476] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=476, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./27", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./27/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/bus") = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 479 ./strace-static-x86_64: Process 479 attached [pid 479] set_robust_list(0x555594dc86a0, 24) = 0 [pid 479] chdir("./28") = 0 [pid 479] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 479] setpgid(0, 0) = 0 [pid 479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 479] write(3, "1000", 4) = 4 [pid 479] close(3) = 0 [pid 479] symlink("/dev/binderfs", "./binderfs") = 0 [pid 479] write(1, "executing program\n", 18executing program ) = 18 [pid 479] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 479] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[480]}, 88) = 480 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 479] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 479] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[481]}, 88) = 481 [pid 479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 479] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 481] creat("./bus", 000) = 3 [pid 481] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 481] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 481] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 479] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 479] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... futex resumed>) = 1 [pid 481] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 481] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 479] <... futex resumed>) = 0 [pid 481] <... futex resumed>) = 1 [pid 481] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 480] memfd_create("syzkaller", 0) = 5 [pid 480] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 480] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 480] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.418120][ T477] loop0: detected capacity change from 0 to 256 [ 120.425905][ T477] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.436547][ T477] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.447141][ T477] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 480] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 480] close(5) = 0 [pid 480] close(6) = 0 [pid 480] mkdir("./file0", 0777) = 0 [pid 480] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 480] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 480] chdir("./file0") = 0 [pid 480] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 480] ioctl(6, LOOP_CLR_FD) = 0 [pid 480] close(6) = 0 [pid 480] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] exit_group(0 [pid 481] <... futex resumed>) = ? [pid 479] <... exit_group resumed>) = ? [pid 481] +++ exited with 0 +++ [pid 480] <... futex resumed>) = ? [pid 480] +++ exited with 0 +++ [pid 479] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=479, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./28", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./28/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/bus") = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 482 ./strace-static-x86_64: Process 482 attached [pid 482] set_robust_list(0x555594dc86a0, 24) = 0 [pid 482] chdir("./29") = 0 [pid 482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 482] setpgid(0, 0) = 0 [pid 482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 482] write(3, "1000", 4) = 4 [pid 482] close(3) = 0 [pid 482] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 482] write(1, "executing program\n", 18) = 18 [pid 482] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 482] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[483]}, 88) = 483 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 482] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 482] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[484]}, 88) = 484 [pid 482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 482] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 483 attached [pid 483] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] memfd_create("syzkaller", 0) = 3 [pid 483] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 483] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 120.488093][ T480] loop0: detected capacity change from 0 to 256 [ 120.495625][ T480] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.506222][ T480] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.516591][ T480] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 483] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 483] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 484 attached [pid 484] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] creat("./bus", 000) = 5 [pid 484] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 484] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 484] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 484] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 482] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 1 [pid 484] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 483] <... ioctl resumed>) = 0 [pid 483] close(3) = 0 [pid 484] <... open resumed>) = 3 [pid 483] close(4) = 0 [pid 484] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] mkdir("./file0", 0777 [pid 484] <... futex resumed>) = 1 [pid 483] <... mkdir resumed>) = 0 [pid 484] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 482] <... futex resumed>) = 0 [pid 482] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 484] write(3, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = 4096 [pid 484] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 482] <... futex resumed>) = 0 [pid 484] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] <... mount resumed>) = 0 [pid 483] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 483] chdir("./file0") = 0 [pid 483] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 483] ioctl(6, LOOP_CLR_FD) = 0 [pid 483] close(6) = 0 [pid 483] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 482] exit_group(0 [pid 484] <... futex resumed>) = ? [pid 482] <... exit_group resumed>) = ? [pid 484] +++ exited with 0 +++ [pid 483] <... futex resumed>) = ? [pid 483] +++ exited with 0 +++ [pid 482] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=482, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./29/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/bus") = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 485 ./strace-static-x86_64: Process 485 attached [pid 485] set_robust_list(0x555594dc86a0, 24) = 0 executing program [pid 485] chdir("./30") = 0 [pid 485] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 485] setpgid(0, 0) = 0 [pid 485] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 485] write(3, "1000", 4) = 4 [pid 485] close(3) = 0 [pid 485] symlink("/dev/binderfs", "./binderfs") = 0 [pid 485] write(1, "executing program\n", 18) = 18 [pid 485] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 485] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 485] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[486]}, 88) = 486 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 485] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 485] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 485] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 485] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[487]}, 88) = 487 [pid 485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 485] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 486] memfd_create("syzkaller", 0) = 3 [pid 486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 486] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 486] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 120.544372][ T483] loop0: detected capacity change from 0 to 256 [ 120.552207][ T483] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.562981][ T483] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.573018][ T483] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 486] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] creat("./bus", 000) = 5 [pid 487] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 485] <... futex resumed>) = 0 [pid 486] <... ioctl resumed>) = 0 [pid 487] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 486] close(3 [pid 485] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] <... mount resumed>) = 0 [pid 486] <... close resumed>) = 0 [pid 485] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] close(4 [pid 487] <... futex resumed>) = 1 [pid 486] <... close resumed>) = 0 [pid 485] <... futex resumed>) = 0 [pid 485] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 486] mkdir("./file0", 0777 [pid 487] <... open resumed>) = 3 [pid 487] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] <... futex resumed>) = 0 [pid 487] <... futex resumed>) = 1 [pid 485] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 485] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] write(3, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 486] <... mkdir resumed>) = 0 [pid 487] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 487] <... futex resumed>) = 1 [pid 485] <... futex resumed>) = 0 [pid 487] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 486] <... mount resumed>) = 0 [pid 486] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 486] chdir("./file0") = 0 [pid 486] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 486] ioctl(6, LOOP_CLR_FD) = 0 [pid 486] close(6) = 0 [pid 486] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 485] exit_group(0) = ? [pid 486] <... futex resumed>) = ? [pid 486] +++ exited with 0 +++ [pid 487] <... futex resumed>) = ? [pid 487] +++ exited with 0 +++ [pid 485] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=485, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./30/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/bus") = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 488 ./strace-static-x86_64: Process 488 attached [pid 488] set_robust_list(0x555594dc86a0, 24) = 0 [pid 488] chdir("./31") = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 488] setpgid(0, 0) = 0 executing program [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 488] write(3, "1000", 4) = 4 [pid 488] close(3) = 0 [pid 488] symlink("/dev/binderfs", "./binderfs") = 0 [pid 488] write(1, "executing program\n", 18) = 18 [pid 488] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 488] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 489 attached => {parent_tid=[489]}, 88) = 489 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 489] set_robust_list(0x7fa7fb0989a0, 24 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 489] <... set_robust_list resumed>) = 0 [pid 488] <... mmap resumed>) = 0x7fa7fb057000 [pid 489] rt_sigprocmask(SIG_SETMASK, [], [pid 488] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 489] memfd_create("syzkaller", 0 [pid 488] <... clone3 resumed> => {parent_tid=[490]}, 88) = 490 [pid 488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 488] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 490 attached [pid 490] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 490] creat("./bus", 000 [pid 489] <... memfd_create resumed>) = 3 [pid 489] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 490] <... creat resumed>) = 4 [pid 489] <... mmap resumed>) = 0x7fa7f2c57000 [pid 490] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 490] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 489] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 490] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 488] <... futex resumed>) = 0 [pid 488] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 488] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 490] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 490] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] <... futex resumed>) = 0 [pid 489] <... write resumed>) = 131072 [pid 489] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.613832][ T486] loop0: detected capacity change from 0 to 256 [ 120.625103][ T486] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.635777][ T486] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.646792][ T486] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 489] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 489] close(3) = 0 [pid 489] close(6) = 0 [pid 489] mkdir("./file0", 0777) = 0 [pid 489] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 489] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 489] chdir("./file0") = 0 [pid 489] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 489] ioctl(6, LOOP_CLR_FD) = 0 [pid 489] close(6) = 0 [pid 489] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] exit_group(0 [pid 490] <... futex resumed>) = ? [pid 488] <... exit_group resumed>) = ? [pid 490] +++ exited with 0 +++ [pid 489] <... futex resumed>) = ? [pid 489] +++ exited with 0 +++ [pid 488] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=488, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./31/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/bus") = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 491 ./strace-static-x86_64: Process 491 attached [pid 491] set_robust_list(0x555594dc86a0, 24) = 0 [pid 491] chdir("./32") = 0 [pid 491] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 491] setpgid(0, 0) = 0 [pid 491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 491] write(3, "1000", 4) = 4 [pid 491] close(3) = 0 [pid 491] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 491] write(1, "executing program\n", 18) = 18 [pid 491] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 491] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[492]}, 88) = 492 [pid 491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 491] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 491] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[493]}, 88) = 493 [pid 491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 491] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 493] creat("./bus", 000) = 3 [pid 493] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = 0 [pid 491] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 493] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 493] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = 0 [pid 491] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 493] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 493] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = 0 [pid 491] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 491] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... futex resumed>) = 1 [pid 493] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 493] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] <... futex resumed>) = 0 [pid 493] <... futex resumed>) = 1 [pid 493] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 492 attached [pid 492] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 492] memfd_create("syzkaller", 0) = 5 [pid 492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 492] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 492] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.687138][ T489] loop0: detected capacity change from 0 to 256 [ 120.695337][ T489] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.705957][ T489] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.716746][ T489] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 492] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 492] close(5) = 0 [pid 492] close(6) = 0 [pid 492] mkdir("./file0", 0777) = 0 [pid 492] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 492] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 492] chdir("./file0") = 0 [pid 492] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 492] ioctl(6, LOOP_CLR_FD) = 0 [pid 492] close(6) = 0 [pid 492] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 492] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 491] exit_group(0 [pid 493] <... futex resumed>) = ? [pid 491] <... exit_group resumed>) = ? [pid 493] +++ exited with 0 +++ [pid 492] <... futex resumed>) = ? [pid 492] +++ exited with 0 +++ [pid 491] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=491, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./32", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./32/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/bus") = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 495 ./strace-static-x86_64: Process 495 attached [pid 495] set_robust_list(0x555594dc86a0, 24) = 0 [pid 495] chdir("./33") = 0 [pid 495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 495] setpgid(0, 0) = 0 [pid 495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 495] write(3, "1000", 4) = 4 [pid 495] close(3) = 0 [pid 495] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 495] write(1, "executing program\n", 18) = 18 [pid 495] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 495] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[496]}, 88) = 496 [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 495] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[497]}, 88) = 497 [pid 495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 495] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 497 attached [pid 497] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 497] creat("./bus", 000) = 3 [pid 497] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 497] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 497] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 495] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 497] <... futex resumed>) = 1 [pid 497] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 497] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 497] <... futex resumed>) = 1 [pid 497] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 496 attached [pid 496] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 496] memfd_create("syzkaller", 0) = 5 [pid 496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 496] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 496] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.753047][ T492] loop0: detected capacity change from 0 to 256 [ 120.761869][ T492] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.772655][ T492] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.783000][ T492] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 496] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 496] close(5) = 0 [pid 496] close(6) = 0 [pid 496] mkdir("./file0", 0777) = 0 [pid 496] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 496] chdir("./file0") = 0 [pid 496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 496] ioctl(6, LOOP_CLR_FD) = 0 [pid 496] close(6) = 0 [pid 496] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 496] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] exit_group(0 [pid 497] <... futex resumed>) = ? [pid 495] <... exit_group resumed>) = ? [pid 497] +++ exited with 0 +++ [pid 496] <... futex resumed>) = ? [pid 496] +++ exited with 0 +++ [pid 495] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=495, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./33", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./33/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/bus") = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 498 ./strace-static-x86_64: Process 498 attached [pid 498] set_robust_list(0x555594dc86a0, 24) = 0 [pid 498] chdir("./34") = 0 [pid 498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 498] setpgid(0, 0) = 0 [pid 498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 498] write(3, "1000", 4) = 4 [pid 498] close(3) = 0 [pid 498] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 498] write(1, "executing program\n", 18) = 18 [pid 498] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 498] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[499]}, 88) = 499 [pid 498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 498] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 498] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[500]}, 88) = 500 [pid 498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 498] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 500] creat("./bus", 000) = 3 [pid 500] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] <... futex resumed>) = 0 [pid 498] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 500] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] <... futex resumed>) = 0 [pid 498] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 500] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] <... futex resumed>) = 0 [pid 498] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 500] <... futex resumed>) = 1 [pid 500] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 500] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 498] <... futex resumed>) = 0 [pid 500] <... futex resumed>) = 1 [pid 500] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 499 attached [pid 499] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 499] memfd_create("syzkaller", 0) = 5 [pid 499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [ 120.823962][ T496] loop0: detected capacity change from 0 to 256 [ 120.832004][ T496] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.842803][ T496] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.853557][ T496] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 499] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 499] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 499] close(5) = 0 [pid 499] close(6) = 0 [pid 499] mkdir("./file0", 0777) = 0 [pid 499] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 499] chdir("./file0") = 0 [pid 499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 499] ioctl(6, LOOP_CLR_FD) = 0 [pid 499] close(6) = 0 [pid 499] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 498] exit_group(0 [pid 500] <... futex resumed>) = ? [pid 498] <... exit_group resumed>) = ? [pid 500] +++ exited with 0 +++ [pid 499] +++ exited with 0 +++ [pid 498] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=498, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./34", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./34/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/bus") = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 501 ./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x555594dc86a0, 24) = 0 [pid 501] chdir("./35") = 0 [pid 501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 501] setpgid(0, 0) = 0 [pid 501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 501] write(3, "1000", 4) = 4 [pid 501] close(3) = 0 [pid 501] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 501] write(1, "executing program\n", 18) = 18 [pid 501] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 501] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[502]}, 88) = 502 [pid 501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 501] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 ./strace-static-x86_64: Process 502 attached [pid 501] rt_sigprocmask(SIG_BLOCK, ~[], [pid 502] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 501] <... rt_sigprocmask resumed>[], 8) = 0 [pid 502] memfd_create("syzkaller", 0) = 3 [pid 501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 503 attached [pid 501] <... clone3 resumed> => {parent_tid=[503]}, 88) = 503 [pid 503] set_robust_list(0x7fa7fb0779a0, 24 [pid 501] rt_sigprocmask(SIG_SETMASK, [], [pid 503] <... set_robust_list resumed>) = 0 [pid 501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 503] rt_sigprocmask(SIG_SETMASK, [], [pid 501] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 501] <... futex resumed>) = 0 [pid 503] creat("./bus", 000 [pid 501] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... creat resumed>) = 4 [pid 502] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 503] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 503] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 501] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... futex resumed>) = 0 [pid 503] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 502] <... write resumed>) = 131072 [pid 503] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... futex resumed>) = 1 [pid 503] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 503] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 501] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 501] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 503] <... futex resumed>) = 1 [pid 503] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 503] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 501] <... futex resumed>) = 0 [pid 503] <... futex resumed>) = 1 [pid 503] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 120.891306][ T499] loop0: detected capacity change from 0 to 256 [ 120.898983][ T499] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.909963][ T499] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.920343][ T499] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 502] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 502] close(3) = 0 [pid 502] close(6) = 0 [pid 502] mkdir("./file0", 0777) = 0 [pid 502] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 502] chdir("./file0") = 0 [pid 502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 502] ioctl(6, LOOP_CLR_FD) = 0 [pid 502] close(6) = 0 [pid 502] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 501] exit_group(0) = ? [pid 502] <... futex resumed>) = ? [pid 502] +++ exited with 0 +++ [pid 503] <... futex resumed>) = ? [pid 503] +++ exited with 0 +++ [pid 501] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=501, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./35", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./35/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/bus") = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 504 ./strace-static-x86_64: Process 504 attached [pid 504] set_robust_list(0x555594dc86a0, 24) = 0 [pid 504] chdir("./36") = 0 [pid 504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 504] setpgid(0, 0) = 0 [pid 504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 504] write(3, "1000", 4) = 4 [pid 504] close(3) = 0 [pid 504] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 504] write(1, "executing program\n", 18) = 18 [pid 504] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 504] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[505]}, 88) = 505 [pid 504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 504] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 504] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[506]}, 88) = 506 [pid 504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 504] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 506 attached [pid 506] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 506] creat("./bus", 000) = 3 [pid 506] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... futex resumed>) = 1 [pid 506] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 506] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... futex resumed>) = 1 [pid 506] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 506] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 504] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 504] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... futex resumed>) = 1 [pid 506] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 506] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 1 [pid 506] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 505 attached [pid 505] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] memfd_create("syzkaller", 0) = 5 [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 505] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 505] munmap(0x7fa7f2c57000, 138412032) = 0 [ 120.960779][ T502] loop0: detected capacity change from 0 to 256 [ 120.968816][ T502] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 120.979337][ T502] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 120.990212][ T502] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 505] close(5) = 0 [pid 505] close(6) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 505] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 505] chdir("./file0") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 505] ioctl(6, LOOP_CLR_FD) = 0 [pid 505] close(6) = 0 [pid 505] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 504] exit_group(0) = ? [pid 506] <... futex resumed>) = ? [pid 506] +++ exited with 0 +++ [pid 505] <... futex resumed>) = ? [pid 505] +++ exited with 0 +++ [pid 504] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=504, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./36", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./36/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/bus") = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 508 ./strace-static-x86_64: Process 508 attached [pid 508] set_robust_list(0x555594dc86a0, 24) = 0 [pid 508] chdir("./37") = 0 [pid 508] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 508] setpgid(0, 0) = 0 [pid 508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 508] write(3, "1000", 4) = 4 [pid 508] close(3) = 0 [pid 508] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 508] write(1, "executing program\n", 18) = 18 [pid 508] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 508] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[509]}, 88) = 509 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 508] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 508] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[510]}, 88) = 510 [pid 508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 508] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 510 attached [pid 510] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 510] creat("./bus", 000) = 3 [pid 510] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 510] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 510] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 508] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 508] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] <... futex resumed>) = 1 [pid 510] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 510] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 508] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 1 [pid 510] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 509 attached [pid 509] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 509] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 509] memfd_create("syzkaller", 0) = 5 [pid 509] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 509] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 509] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.027668][ T505] loop0: detected capacity change from 0 to 256 [ 121.035156][ T505] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.045787][ T505] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.056512][ T505] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 509] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 509] close(5) = 0 [pid 509] close(6) = 0 [pid 509] mkdir("./file0", 0777) = 0 [pid 509] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 509] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 509] chdir("./file0") = 0 [pid 509] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 509] ioctl(6, LOOP_CLR_FD) = 0 [pid 509] close(6) = 0 [pid 509] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 509] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 508] exit_group(0 [pid 510] <... futex resumed>) = ? [pid 508] <... exit_group resumed>) = ? [pid 510] +++ exited with 0 +++ [pid 509] <... futex resumed>) = ? [pid 509] +++ exited with 0 +++ [pid 508] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=508, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./37/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/bus") = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 511 ./strace-static-x86_64: Process 511 attached [pid 511] set_robust_list(0x555594dc86a0, 24) = 0 [pid 511] chdir("./38") = 0 [pid 511] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 511] setpgid(0, 0) = 0 [pid 511] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 511] write(3, "1000", 4) = 4 [pid 511] close(3) = 0 [pid 511] symlink("/dev/binderfs", "./binderfs") = 0 [pid 511] write(1, "executing program\n", 18) = 18 [pid 511] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 511] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 511] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[512]}, 88) = 512 [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 511] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 511] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 511] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[513]}, 88) = 513 [pid 511] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 511] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] creat("./bus", 000) = 3 [pid 513] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 513] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 513] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 511] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 513] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 513] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = 0 [pid 513] <... futex resumed>) = 1 [pid 513] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 512 attached [pid 512] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 512] memfd_create("syzkaller", 0) = 5 [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 512] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 512] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.094941][ T509] loop0: detected capacity change from 0 to 256 [ 121.102538][ T509] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.113082][ T509] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.123562][ T509] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 512] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 512] close(5) = 0 [pid 512] close(6) = 0 [pid 512] mkdir("./file0", 0777) = 0 [pid 512] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 512] chdir("./file0") = 0 [pid 512] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 512] ioctl(6, LOOP_CLR_FD) = 0 [pid 512] close(6) = 0 [pid 512] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 512] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] exit_group(0 [pid 513] <... futex resumed>) = ? [pid 511] <... exit_group resumed>) = ? [pid 513] +++ exited with 0 +++ [pid 512] <... futex resumed>) = ? [pid 512] +++ exited with 0 +++ [pid 511] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=511, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./38", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./38/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/bus") = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 514 ./strace-static-x86_64: Process 514 attached [pid 514] set_robust_list(0x555594dc86a0, 24) = 0 [pid 514] chdir("./39") = 0 [pid 514] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 514] setpgid(0, 0) = 0 [pid 514] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 514] write(3, "1000", 4) = 4 [pid 514] close(3) = 0 [pid 514] symlink("/dev/binderfs", "./binderfs") = 0 [pid 514] write(1, "executing program\n", 18executing program ) = 18 [pid 514] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 514] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 514] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 515 attached => {parent_tid=[515]}, 88) = 515 [pid 515] set_robust_list(0x7fa7fb0989a0, 24 [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 514] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 514] rt_sigprocmask(SIG_BLOCK, ~[], [pid 515] <... set_robust_list resumed>) = 0 [pid 514] <... rt_sigprocmask resumed>[], 8) = 0 [pid 514] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[516]}, 88) = 516 [pid 515] rt_sigprocmask(SIG_SETMASK, [], [pid 514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 514] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 516 attached [pid 516] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 516] creat("./bus", 000 [pid 515] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 515] memfd_create("syzkaller", 0) = 4 [pid 516] <... creat resumed>) = 3 [pid 515] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 516] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 515] <... mmap resumed>) = 0x7fa7f2c57000 [pid 516] <... futex resumed>) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 514] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 516] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 514] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 516] <... futex resumed>) = 1 [pid 516] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 516] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 514] <... futex resumed>) = 0 [pid 515] <... write resumed>) = 131072 [pid 514] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 516] <... futex resumed>) = 1 [pid 514] <... futex resumed>) = 0 [pid 514] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 515] munmap(0x7fa7f2c57000, 138412032 [pid 516] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 515] <... munmap resumed>) = 0 [pid 516] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_SET_FD, 4 [pid 516] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 514] <... futex resumed>) = 0 [ 121.161855][ T512] loop0: detected capacity change from 0 to 256 [ 121.169964][ T512] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.180462][ T512] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.190745][ T512] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 516] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 515] <... ioctl resumed>) = 0 [pid 515] close(4) = 0 [pid 515] close(6) = 0 [pid 515] mkdir("./file0", 0777) = 0 [pid 515] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 515] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 515] chdir("./file0") = 0 [pid 515] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 515] ioctl(6, LOOP_CLR_FD) = 0 [pid 515] close(6) = 0 [pid 515] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 515] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 514] exit_group(0) = ? [pid 515] <... futex resumed>) = ? [pid 515] +++ exited with 0 +++ [pid 516] <... futex resumed>) = ? [pid 516] +++ exited with 0 +++ [pid 514] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=514, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./39", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./39/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/bus") = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 517 ./strace-static-x86_64: Process 517 attached [pid 517] set_robust_list(0x555594dc86a0, 24) = 0 [pid 517] chdir("./40") = 0 [pid 517] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 517] setpgid(0, 0) = 0 [pid 517] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 517] write(3, "1000", 4) = 4 [pid 517] close(3) = 0 [pid 517] symlink("/dev/binderfs", "./binderfs") = 0 [pid 517] write(1, "executing program\n", 18executing program ) = 18 [pid 517] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 517] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 517] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[518]}, 88) = 518 [pid 517] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 517] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 517] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 517] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 518 attached ./strace-static-x86_64: Process 519 attached [pid 519] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 519] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 518] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 517] <... clone3 resumed> => {parent_tid=[519]}, 88) = 519 [pid 518] memfd_create("syzkaller", 0 [pid 517] rt_sigprocmask(SIG_SETMASK, [], [pid 518] <... memfd_create resumed>) = 3 [pid 517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 517] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 517] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 519] <... futex resumed>) = 0 [pid 519] creat("./bus", 000 [pid 518] <... mmap resumed>) = 0x7fa7f2c57000 [pid 519] <... creat resumed>) = 4 [pid 519] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 519] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 519] <... futex resumed>) = 1 [pid 519] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 519] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 517] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 517] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 518] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 519] <... futex resumed>) = 1 [pid 519] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 519] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 517] <... futex resumed>) = 0 [pid 519] <... futex resumed>) = 1 [pid 519] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 518] <... write resumed>) = 131072 [pid 518] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.232394][ T515] loop0: detected capacity change from 0 to 256 [ 121.240554][ T515] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.251127][ T515] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.261869][ T515] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 518] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 518] close(3) = 0 [pid 518] close(6) = 0 [pid 518] mkdir("./file0", 0777) = 0 [pid 518] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 518] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 518] chdir("./file0") = 0 [pid 518] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 518] ioctl(6, LOOP_CLR_FD) = 0 [pid 518] close(6) = 0 [pid 518] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 518] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 517] exit_group(0) = ? [pid 518] <... futex resumed>) = ? [pid 518] +++ exited with 0 +++ [pid 519] <... futex resumed>) = ? [pid 519] +++ exited with 0 +++ [pid 517] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=517, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./40", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./40/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/bus") = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 520 ./strace-static-x86_64: Process 520 attached [pid 520] set_robust_list(0x555594dc86a0, 24) = 0 [pid 520] chdir("./41") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] write(1, "executing program\n", 18) = 18 [pid 520] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 520] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[521]}, 88) = 521 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 520] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[522]}, 88) = 522 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 522] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 522] creat("./bus", 000) = 3 [pid 522] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 522] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 522] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... futex resumed>) = 1 [pid 522] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 522] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] <... futex resumed>) = 0 [pid 522] <... futex resumed>) = 1 [pid 522] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 521 attached [pid 521] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 521] memfd_create("syzkaller", 0) = 5 [pid 521] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 521] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 521] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.304361][ T518] loop0: detected capacity change from 0 to 256 [ 121.311736][ T518] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.322242][ T518] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.332652][ T518] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 521] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 521] close(5) = 0 [pid 521] close(6) = 0 [pid 521] mkdir("./file0", 0777) = 0 [pid 521] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 521] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 521] chdir("./file0") = 0 [pid 521] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 521] ioctl(6, LOOP_CLR_FD) = 0 [pid 521] close(6) = 0 [pid 521] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 521] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] exit_group(0) = ? [pid 521] <... futex resumed>) = ? [pid 521] +++ exited with 0 +++ [pid 522] <... futex resumed>) = ? [pid 522] +++ exited with 0 +++ [pid 520] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=520, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./41", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./41/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/bus") = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 523 ./strace-static-x86_64: Process 523 attached [pid 523] set_robust_list(0x555594dc86a0, 24) = 0 [pid 523] chdir("./42") = 0 [pid 523] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 523] setpgid(0, 0) = 0 [pid 523] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 523] write(3, "1000", 4) = 4 [pid 523] close(3) = 0 [pid 523] symlink("/dev/binderfs", "./binderfs") = 0 [pid 523] write(1, "executing program\n", 18) = 18 [pid 523] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 523] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 523] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[524]}, 88) = 524 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 523] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 523] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 523] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[525]}, 88) = 525 [pid 523] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 523] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 525 attached [pid 525] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 525] creat("./bus", 000) = 3 [pid 525] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 525] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 525] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 523] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 523] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 525] <... futex resumed>) = 1 [pid 525] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 525] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 523] <... futex resumed>) = 0 [pid 525] <... futex resumed>) = 1 [pid 525] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] memfd_create("syzkaller", 0) = 5 [pid 524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 524] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 524] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.372000][ T521] loop0: detected capacity change from 0 to 256 [ 121.379694][ T521] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.390484][ T521] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.401212][ T521] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 524] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 524] close(5) = 0 [pid 524] close(6) = 0 [pid 524] mkdir("./file0", 0777) = 0 [pid 524] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 524] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 524] chdir("./file0") = 0 [pid 524] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 524] ioctl(6, LOOP_CLR_FD) = 0 [pid 524] close(6) = 0 [pid 524] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 523] exit_group(0 [pid 525] <... futex resumed>) = ? [pid 523] <... exit_group resumed>) = ? [pid 525] +++ exited with 0 +++ [pid 524] <... futex resumed>) = ? [pid 524] +++ exited with 0 +++ [pid 523] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=523, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./42/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/bus") = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 526 ./strace-static-x86_64: Process 526 attached [pid 526] set_robust_list(0x555594dc86a0, 24) = 0 [pid 526] chdir("./43") = 0 [pid 526] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 526] setpgid(0, 0executing program ) = 0 [pid 526] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 526] write(3, "1000", 4) = 4 [pid 526] close(3) = 0 [pid 526] symlink("/dev/binderfs", "./binderfs") = 0 [pid 526] write(1, "executing program\n", 18) = 18 [pid 526] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 526] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 526] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 526] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[527]}, 88) = 527 [pid 526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 526] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 526] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 526] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 526] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[528]}, 88) = 528 [pid 526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 526] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 528] creat("./bus", 000./strace-static-x86_64: Process 527 attached [pid 527] set_robust_list(0x7fa7fb0989a0, 24 [pid 528] <... creat resumed>) = 3 [pid 527] <... set_robust_list resumed>) = 0 [pid 528] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] <... futex resumed>) = 1 [pid 528] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 527] rt_sigprocmask(SIG_SETMASK, [], [pid 528] <... mount resumed>) = 0 [pid 528] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] <... futex resumed>) = 1 [pid 528] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 528] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 526] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 526] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] <... futex resumed>) = 1 [pid 528] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 528] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 526] <... futex resumed>) = 0 [pid 527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 528] <... futex resumed>) = 1 [pid 527] memfd_create("syzkaller", 0) = 5 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 528] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 527] <... mmap resumed>) = 0x7fa7f2c57000 [pid 527] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 527] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.441026][ T524] loop0: detected capacity change from 0 to 256 [ 121.448864][ T524] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.459443][ T524] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.469823][ T524] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 527] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 527] close(5) = 0 [pid 527] close(6) = 0 [pid 527] mkdir("./file0", 0777) = 0 [pid 527] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 527] chdir("./file0") = 0 [pid 527] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 527] ioctl(6, LOOP_CLR_FD) = 0 [pid 527] close(6) = 0 [pid 527] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 527] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 526] exit_group(0) = ? [pid 527] <... futex resumed>) = ? [pid 527] +++ exited with 0 +++ [pid 528] <... futex resumed>) = ? [pid 528] +++ exited with 0 +++ [pid 526] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=526, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/bus") = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 529 ./strace-static-x86_64: Process 529 attached [pid 529] set_robust_list(0x555594dc86a0, 24) = 0 [pid 529] chdir("./44") = 0 [pid 529] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 529] setpgid(0, 0) = 0 [pid 529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 529] write(3, "1000", 4) = 4 [pid 529] close(3) = 0 [pid 529] symlink("/dev/binderfs", "./binderfs") = 0 [pid 529] write(1, "executing program\n", 18) = 18 [pid 529] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 529] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[530]}, 88) = 530 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 529] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 529] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[531]}, 88) = 531 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 531 attached [pid 531] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 531] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 531] creat("./bus", 000) = 3 [pid 531] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 531] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 531] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 529] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 529] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 531] <... futex resumed>) = 1 [pid 531] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 531] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 531] <... futex resumed>) = 1 [pid 531] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 530 attached [pid 530] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 530] memfd_create("syzkaller", 0) = 5 [pid 530] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 530] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 530] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.505779][ T527] loop0: detected capacity change from 0 to 256 [ 121.514370][ T527] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.524964][ T527] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.535637][ T527] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 530] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 530] close(5) = 0 [pid 530] close(6) = 0 [pid 530] mkdir("./file0", 0777) = 0 [pid 530] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 530] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 530] chdir("./file0") = 0 [pid 530] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 530] ioctl(6, LOOP_CLR_FD) = 0 [pid 530] close(6) = 0 [pid 530] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 530] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 529] exit_group(0 [pid 531] <... futex resumed>) = ? [pid 529] <... exit_group resumed>) = ? [pid 531] +++ exited with 0 +++ [pid 530] <... futex resumed>) = ? [pid 530] +++ exited with 0 +++ [pid 529] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=529, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/bus") = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./44/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 532 ./strace-static-x86_64: Process 532 attached [pid 532] set_robust_list(0x555594dc86a0, 24) = 0 [pid 532] chdir("./45") = 0 [pid 532] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 532] setpgid(0, 0) = 0 [pid 532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 532] write(3, "1000", 4) = 4 [pid 532] close(3) = 0 [pid 532] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 532] write(1, "executing program\n", 18) = 18 [pid 532] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 532] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[533]}, 88) = 533 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 532] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 532] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[534]}, 88) = 534 [pid 532] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 532] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 534 attached [pid 534] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 534] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 534] creat("./bus", 000) = 3 [pid 534] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 534] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 534] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 532] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 532] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 534] <... futex resumed>) = 1 [pid 534] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 534] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 532] <... futex resumed>) = 0 [pid 534] <... futex resumed>) = 1 [pid 534] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 533 attached [pid 533] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 533] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 533] memfd_create("syzkaller", 0) = 5 [pid 533] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 533] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 533] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.575706][ T530] loop0: detected capacity change from 0 to 256 [ 121.584588][ T530] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.595304][ T530] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.606174][ T530] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 533] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 533] close(5) = 0 [pid 533] close(6) = 0 [pid 533] mkdir("./file0", 0777) = 0 [pid 533] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 533] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 533] chdir("./file0") = 0 [pid 533] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 533] ioctl(6, LOOP_CLR_FD) = 0 [pid 533] close(6) = 0 [pid 533] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 533] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 532] exit_group(0 [pid 534] <... futex resumed>) = ? [pid 532] <... exit_group resumed>) = ? [pid 534] +++ exited with 0 +++ [pid 533] <... futex resumed>) = ? [pid 533] +++ exited with 0 +++ [pid 532] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=532, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/bus") = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 535 ./strace-static-x86_64: Process 535 attached [pid 535] set_robust_list(0x555594dc86a0, 24) = 0 [pid 535] chdir("./46") = 0 [pid 535] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 535] setpgid(0, 0) = 0 [pid 535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 535] write(3, "1000", 4) = 4 [pid 535] close(3) = 0 [pid 535] symlink("/dev/binderfs", "./binderfs") = 0 [pid 535] write(1, "executing program\n", 18executing program ) = 18 [pid 535] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 535] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[536]}, 88) = 536 [pid 535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 535] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 535] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 535] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[537]}, 88) = 537 [pid 535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 535] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] memfd_create("syzkaller", 0) = 3 [pid 536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 536] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 ./strace-static-x86_64: Process 537 attached [pid 536] munmap(0x7fa7f2c57000, 138412032 [pid 537] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 537] creat("./bus", 000) = 4 [pid 537] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 537] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 537] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 535] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 535] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 1 [pid 537] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 537] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 535] <... futex resumed>) = 0 [pid 537] <... futex resumed>) = 1 [pid 537] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] <... munmap resumed>) = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.642274][ T533] loop0: detected capacity change from 0 to 256 [ 121.650478][ T533] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.660957][ T533] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.671439][ T533] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 536] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 536] close(3) = 0 [pid 536] close(6) = 0 [pid 536] mkdir("./file0", 0777) = 0 [pid 536] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 536] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 536] chdir("./file0") = 0 [pid 536] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 536] ioctl(6, LOOP_CLR_FD) = 0 [pid 536] close(6) = 0 [pid 536] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 535] exit_group(0 [pid 537] <... futex resumed>) = ? [pid 535] <... exit_group resumed>) = ? [pid 537] +++ exited with 0 +++ [pid 536] <... futex resumed>) = ? [pid 536] +++ exited with 0 +++ [pid 535] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=535, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/bus") = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./46/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 538 ./strace-static-x86_64: Process 538 attached [pid 538] set_robust_list(0x555594dc86a0, 24) = 0 [pid 538] chdir("./47") = 0 [pid 538] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 538] setpgid(0, 0) = 0 [pid 538] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 538] write(3, "1000", 4) = 4 [pid 538] close(3) = 0 [pid 538] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 538] write(1, "executing program\n", 18) = 18 [pid 538] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 538] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 538] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[539]}, 88) = 539 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 538] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 538] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 538] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[540]}, 88) = 540 [pid 538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 538] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 540] creat("./bus", 000) = 3 [pid 540] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... futex resumed>) = 1 [pid 540] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 540] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... futex resumed>) = 1 [pid 540] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 540] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 538] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 538] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 540] <... futex resumed>) = 1 [pid 540] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 540] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 538] <... futex resumed>) = 0 [pid 540] <... futex resumed>) = 1 [pid 540] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 539 attached [pid 539] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 539] memfd_create("syzkaller", 0) = 5 [pid 539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 539] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 539] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.714807][ T536] loop0: detected capacity change from 0 to 256 [ 121.722959][ T536] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.733544][ T536] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.743753][ T536] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 539] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 539] close(5) = 0 [pid 539] close(6) = 0 [pid 539] mkdir("./file0", 0777) = 0 [pid 539] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 539] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 539] chdir("./file0") = 0 [pid 539] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 539] ioctl(6, LOOP_CLR_FD) = 0 [pid 539] close(6) = 0 [pid 539] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 539] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 538] exit_group(0) = ? [pid 539] <... futex resumed>) = ? [pid 539] +++ exited with 0 +++ [pid 540] <... futex resumed>) = ? [pid 540] +++ exited with 0 +++ [pid 538] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=538, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/bus") = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 542 ./strace-static-x86_64: Process 542 attached [pid 542] set_robust_list(0x555594dc86a0, 24) = 0 [pid 542] chdir("./48") = 0 [pid 542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 542] setpgid(0, 0) = 0 [pid 542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 542] write(3, "1000", 4) = 4 [pid 542] close(3) = 0 [pid 542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 542] write(1, "executing program\n", 18) = 18 [pid 542] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 542] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[543]}, 88) = 543 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 542] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[544]}, 88) = 544 [pid 542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 542] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 544] creat("./bus", 000) = 3 [pid 544] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 544] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 544] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 542] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 542] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 544] <... futex resumed>) = 1 [pid 544] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 544] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 542] <... futex resumed>) = 0 [pid 544] <... futex resumed>) = 1 [pid 544] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 543 attached [pid 543] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 543] memfd_create("syzkaller", 0) = 5 [pid 543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 543] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 543] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.785364][ T539] loop0: detected capacity change from 0 to 256 [ 121.792958][ T539] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.803553][ T539] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.813926][ T539] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 543] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 543] close(5) = 0 [pid 543] close(6) = 0 [pid 543] mkdir("./file0", 0777) = 0 [pid 543] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 543] chdir("./file0") = 0 [pid 543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 543] ioctl(6, LOOP_CLR_FD) = 0 [pid 543] close(6) = 0 [pid 543] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 543] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 542] exit_group(0) = ? [pid 543] <... futex resumed>) = ? [pid 543] +++ exited with 0 +++ [pid 544] <... futex resumed>) = ? [pid 544] +++ exited with 0 +++ [pid 542] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=542, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/bus") = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 545 ./strace-static-x86_64: Process 545 attached [pid 545] set_robust_list(0x555594dc86a0, 24) = 0 [pid 545] chdir("./49") = 0 [pid 545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 545] setpgid(0, 0) = 0 [pid 545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 545] write(3, "1000", 4) = 4 [pid 545] close(3) = 0 [pid 545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 545] write(1, "executing program\n", 18) = 18 [pid 545] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 545] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[546]}, 88) = 546 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 545] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[547]}, 88) = 547 [pid 545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 545] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 547 attached [pid 547] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 547] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 547] creat("./bus", 000) = 3 [pid 547] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 547] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 547] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 545] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 545] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] <... futex resumed>) = 1 [pid 547] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 547] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 545] <... futex resumed>) = 0 [pid 547] <... futex resumed>) = 1 [pid 547] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 546 attached [pid 546] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 546] memfd_create("syzkaller", 0) = 5 [pid 546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 546] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 546] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 121.850131][ T543] loop0: detected capacity change from 0 to 256 [ 121.858855][ T543] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.869336][ T543] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.879941][ T543] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 546] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 546] close(5) = 0 [pid 546] close(6) = 0 [pid 546] mkdir("./file0", 0777) = 0 [pid 546] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 546] chdir("./file0") = 0 [pid 546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 546] ioctl(6, LOOP_CLR_FD) = 0 [pid 546] close(6) = 0 [pid 546] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 546] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 545] exit_group(0) = ? [pid 546] <... futex resumed>) = ? [pid 546] +++ exited with 0 +++ [pid 547] <... futex resumed>) = ? [pid 547] +++ exited with 0 +++ [pid 545] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=545, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/bus") = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 548 executing program ./strace-static-x86_64: Process 548 attached [pid 548] set_robust_list(0x555594dc86a0, 24) = 0 [pid 548] chdir("./50") = 0 [pid 548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 548] setpgid(0, 0) = 0 [pid 548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 548] write(3, "1000", 4) = 4 [pid 548] close(3) = 0 [pid 548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 548] write(1, "executing program\n", 18) = 18 [pid 548] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 548] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 549 attached => {parent_tid=[549]}, 88) = 549 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 548] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 548] rt_sigprocmask(SIG_BLOCK, ~[], [pid 549] set_robust_list(0x7fa7fb0989a0, 24 [pid 548] <... rt_sigprocmask resumed>[], 8) = 0 [pid 548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[550]}, 88) = 550 ./strace-static-x86_64: Process 550 attached [pid 549] <... set_robust_list resumed>) = 0 [pid 548] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 548] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 550] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 550] creat("./bus", 000 [pid 549] rt_sigprocmask(SIG_SETMASK, [], [pid 550] <... creat resumed>) = 3 [pid 549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 549] memfd_create("syzkaller", 0) = 4 [pid 549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 550] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 549] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 550] <... mount resumed>) = 0 [pid 550] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 550] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] <... write resumed>) = 131072 [pid 548] <... futex resumed>) = 0 [pid 549] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 549] ioctl(5, LOOP_SET_FD, 4 [pid 548] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] <... futex resumed>) = 0 [ 121.917890][ T546] loop0: detected capacity change from 0 to 256 [ 121.925677][ T546] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 121.936266][ T546] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 121.946659][ T546] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 550] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 550] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 548] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 548] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 550] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 550] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 548] <... futex resumed>) = 0 [pid 550] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 549] <... ioctl resumed>) = 0 [pid 549] close(4) = 0 [pid 549] close(5) = 0 [pid 549] mkdir("./file0", 0777) = 0 [pid 549] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 549] chdir("./file0") = 0 [pid 549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 549] ioctl(5, LOOP_CLR_FD) = 0 [pid 549] close(5) = 0 [pid 549] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 549] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 548] exit_group(0) = ? [pid 549] <... futex resumed>) = ? [pid 549] +++ exited with 0 +++ [pid 550] <... futex resumed>) = ? [pid 550] +++ exited with 0 +++ [pid 548] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=548, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/bus") = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 551 ./strace-static-x86_64: Process 551 attached [pid 551] set_robust_list(0x555594dc86a0, 24) = 0 [pid 551] chdir("./51") = 0 [pid 551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 551] setpgid(0, 0) = 0 [pid 551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 551] write(3, "1000", 4) = 4 [pid 551] close(3) = 0 [pid 551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 551] write(1, "executing program\n", 18) = 18 [pid 551] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 551] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[552]}, 88) = 552 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 551] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 121.984916][ T549] loop0: detected capacity change from 0 to 256 [ 121.993040][ T549] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.003574][ T549] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.014125][ T549] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[553]}, 88) = 553 [pid 551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 551] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 553 attached [pid 553] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 553] creat("./bus", 000) = 3 [pid 553] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 553] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 553] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 551] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 551] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 553] <... futex resumed>) = 1 [pid 553] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 553] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 551] <... futex resumed>) = 0 [pid 553] <... futex resumed>) = 1 [pid 553] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 552 attached [pid 552] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 552] memfd_create("syzkaller", 0) = 5 [pid 552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 552] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 552] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 552] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 552] close(5) = 0 [pid 552] close(6) = 0 [pid 552] mkdir("./file0", 0777) = 0 [pid 552] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 552] chdir("./file0") = 0 [pid 552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 552] ioctl(6, LOOP_CLR_FD) = 0 [pid 552] close(6) = 0 [pid 552] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 552] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 551] exit_group(0 [pid 553] <... futex resumed>) = ? [pid 551] <... exit_group resumed>) = ? [pid 553] +++ exited with 0 +++ [pid 552] <... futex resumed>) = ? [pid 552] +++ exited with 0 +++ [pid 551] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=551, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/bus") = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 554 ./strace-static-x86_64: Process 554 attached [pid 554] set_robust_list(0x555594dc86a0, 24) = 0 [pid 554] chdir("./52") = 0 [pid 554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 554] setpgid(0, 0) = 0 [pid 554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 554] write(3, "1000", 4) = 4 [pid 554] close(3) = 0 [pid 554] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 554] write(1, "executing program\n", 18) = 18 [pid 554] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 554] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[555]}, 88) = 555 [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 554] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 554] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[556]}, 88) = 556 [pid 554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 554] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 556 attached [pid 556] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 556] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 556] creat("./bus", 000) = 3 [pid 556] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 556] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 556] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 [pid 554] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 554] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 556] <... futex resumed>) = 1 [pid 556] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 556] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 554] <... futex resumed>) = 0 ./strace-static-x86_64: Process 555 attached [pid 556] <... futex resumed>) = 1 [pid 556] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 555] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 555] memfd_create("syzkaller", 0) = 5 [pid 555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 555] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 555] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.051514][ T552] loop0: detected capacity change from 0 to 256 [ 122.060071][ T552] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.070550][ T552] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.081773][ T552] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 555] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 555] close(5) = 0 [pid 555] close(6) = 0 [pid 555] mkdir("./file0", 0777) = 0 [pid 555] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 555] chdir("./file0") = 0 [pid 555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 555] ioctl(6, LOOP_CLR_FD) = 0 [pid 555] close(6) = 0 [pid 555] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 555] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 554] exit_group(0 [pid 556] <... futex resumed>) = ? [pid 554] <... exit_group resumed>) = ? [pid 556] +++ exited with 0 +++ [pid 555] <... futex resumed>) = ? [pid 555] +++ exited with 0 +++ [pid 554] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=554, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/binderfs") = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./52/bus") = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 557 ./strace-static-x86_64: Process 557 attached [pid 557] set_robust_list(0x555594dc86a0, 24) = 0 [pid 557] chdir("./53") = 0 [pid 557] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 557] setpgid(0, 0) = 0 [pid 557] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 557] write(3, "1000", 4) = 4 [pid 557] close(3) = 0 [pid 557] symlink("/dev/binderfs", "./binderfs") = 0 [pid 557] write(1, "executing program\n", 18) = 18 [pid 557] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 557] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 557] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[558]}, 88) = 558 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 557] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 557] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 557] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[559]}, 88) = 559 [pid 557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 557] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 559 attached [pid 559] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 559] creat("./bus", 000) = 3 [pid 559] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... futex resumed>) = 1 [pid 559] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 559] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... futex resumed>) = 1 [pid 559] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 559] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 557] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 557] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 559] <... futex resumed>) = 1 [pid 559] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 559] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 557] <... futex resumed>) = 0 [pid 559] <... futex resumed>) = 1 [pid 559] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 558 attached [pid 558] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 558] memfd_create("syzkaller", 0) = 5 [pid 558] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 558] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 558] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.120757][ T555] loop0: detected capacity change from 0 to 256 [ 122.128603][ T555] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.139146][ T555] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.150022][ T555] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 558] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 558] close(5) = 0 [pid 558] close(6) = 0 [pid 558] mkdir("./file0", 0777) = 0 [pid 558] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 558] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 558] chdir("./file0") = 0 [pid 558] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 558] ioctl(6, LOOP_CLR_FD) = 0 [pid 558] close(6) = 0 [pid 558] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 558] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 557] exit_group(0 [pid 559] <... futex resumed>) = ? [pid 557] <... exit_group resumed>) = ? [pid 559] +++ exited with 0 +++ [pid 558] <... futex resumed>) = ? [pid 558] +++ exited with 0 +++ [pid 557] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=557, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/bus") = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 560 ./strace-static-x86_64: Process 560 attached [pid 560] set_robust_list(0x555594dc86a0, 24) = 0 [pid 560] chdir("./54") = 0 [pid 560] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 560] setpgid(0, 0) = 0 [pid 560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 560] write(3, "1000", 4) = 4 [pid 560] close(3) = 0 [pid 560] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 560] write(1, "executing program\n", 18) = 18 [pid 560] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 560] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[561]}, 88) = 561 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 560] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 560] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[562]}, 88) = 562 [pid 560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 560] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 561 attached [pid 561] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 561] memfd_create("syzkaller", 0) = 3 [pid 561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 561] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 561] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 561] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 562 attached [ 122.188997][ T558] loop0: detected capacity change from 0 to 256 [ 122.196472][ T558] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.207000][ T558] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.217141][ T558] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 562] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 562] creat("./bus", 000) = 5 [pid 562] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 562] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 560] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 0 [pid 562] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 562] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 562] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 560] <... futex resumed>) = 0 [pid 560] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 560] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 562] <... futex resumed>) = 1 [pid 562] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 561] <... ioctl resumed>) = 0 [pid 562] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 561] close(3) = 0 [pid 561] close(4 [pid 562] <... futex resumed>) = 1 [pid 561] <... close resumed>) = 0 [pid 560] <... futex resumed>) = 0 [pid 562] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 561] mkdir("./file0", 0777) = 0 [pid 561] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 561] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 561] chdir("./file0") = 0 [pid 561] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 561] ioctl(4, LOOP_CLR_FD) = 0 [pid 561] close(4) = 0 [pid 561] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 561] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 560] exit_group(0 [pid 562] <... futex resumed>) = ? [pid 560] <... exit_group resumed>) = ? [pid 562] +++ exited with 0 +++ [pid 561] <... futex resumed>) = ? [pid 561] +++ exited with 0 +++ [pid 560] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=560, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/bus") = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 563 ./strace-static-x86_64: Process 563 attached [pid 563] set_robust_list(0x555594dc86a0, 24) = 0 [pid 563] chdir("./55") = 0 [pid 563] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 563] setpgid(0, 0) = 0 [pid 563] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 563] write(3, "1000", 4) = 4 [pid 563] close(3) = 0 [pid 563] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 563] write(1, "executing program\n", 18) = 18 [pid 563] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 563] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 563] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[564]}, 88) = 564 [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 563] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 563] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 563] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[565]}, 88) = 565 [pid 563] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 563] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 564 attached [pid 564] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 564] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 564] memfd_create("syzkaller", 0) = 3 [pid 564] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 564] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 564] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 564] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 565 attached [pid 565] set_robust_list(0x7fa7fb0779a0, 24) = 0 [ 122.253385][ T561] loop0: detected capacity change from 0 to 256 [ 122.261799][ T561] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.272457][ T561] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.282898][ T561] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 565] creat("./bus", 000) = 5 [pid 565] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 565] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 563] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... futex resumed>) = 0 [pid 565] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 565] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... futex resumed>) = 1 [pid 565] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 565] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 563] <... futex resumed>) = 0 [pid 563] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 563] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 565] <... futex resumed>) = 1 [pid 565] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 564] <... ioctl resumed>) = 0 [pid 565] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 564] close(3 [pid 565] <... futex resumed>) = 1 [pid 564] <... close resumed>) = 0 [pid 563] <... futex resumed>) = 0 [pid 565] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 564] close(4) = 0 [pid 564] mkdir("./file0", 0777) = 0 [pid 564] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 564] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 564] chdir("./file0") = 0 [pid 564] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 564] ioctl(4, LOOP_CLR_FD) = 0 [pid 564] close(4) = 0 [pid 564] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 564] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 563] exit_group(0) = ? [pid 564] <... futex resumed>) = ? [pid 564] +++ exited with 0 +++ [pid 565] <... futex resumed>) = ? [pid 565] +++ exited with 0 +++ [pid 563] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=563, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/bus") = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 566 ./strace-static-x86_64: Process 566 attached [pid 566] set_robust_list(0x555594dc86a0, 24) = 0 [pid 566] chdir("./56") = 0 [pid 566] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 566] setpgid(0, 0) = 0 [pid 566] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 566] write(3, "1000", 4) = 4 [pid 566] close(3) = 0 [pid 566] symlink("/dev/binderfs", "./binderfs") = 0 [pid 566] write(1, "executing program\n", 18executing program ) = 18 [pid 566] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 566] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 566] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[567]}, 88) = 567 [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 566] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 566] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 566] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[568]}, 88) = 568 ./strace-static-x86_64: Process 568 attached ./strace-static-x86_64: Process 567 attached [pid 566] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 566] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 568] creat("./bus", 000) = 3 [pid 567] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 567] memfd_create("syzkaller", 0 [pid 568] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 567] <... memfd_create resumed>) = 4 [pid 568] <... futex resumed>) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 568] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 568] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 566] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 566] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 568] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 568] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 566] <... futex resumed>) = 0 [pid 568] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 567] <... mmap resumed>) = 0x7fa7f2c57000 [pid 567] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 567] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.318458][ T564] loop0: detected capacity change from 0 to 256 [ 122.326774][ T564] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.337487][ T564] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.348095][ T564] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 567] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 567] close(4) = 0 [pid 567] close(6) = 0 [pid 567] mkdir("./file0", 0777) = 0 [pid 567] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 567] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 567] chdir("./file0") = 0 [pid 567] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 567] ioctl(6, LOOP_CLR_FD) = 0 [pid 567] close(6) = 0 [pid 567] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 567] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 566] exit_group(0 [pid 568] <... futex resumed>) = ? [pid 566] <... exit_group resumed>) = ? [pid 568] +++ exited with 0 +++ [pid 567] <... futex resumed>) = ? [pid 567] +++ exited with 0 +++ [pid 566] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=566, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/bus") = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./56/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 569 ./strace-static-x86_64: Process 569 attached [pid 569] set_robust_list(0x555594dc86a0, 24) = 0 [pid 569] chdir("./57") = 0 [pid 569] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 569] setpgid(0, 0) = 0 [pid 569] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 569] write(3, "1000", 4) = 4 [pid 569] close(3) = 0 [pid 569] symlink("/dev/binderfs", "./binderfs") = 0 [pid 569] write(1, "executing program\n", 18executing program ) = 18 [pid 569] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 569] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 569] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[570]}, 88) = 570 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 570 attached ) = 0 [pid 569] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 569] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 569] rt_sigprocmask(SIG_BLOCK, ~[], [pid 570] set_robust_list(0x7fa7fb0989a0, 24 [pid 569] <... rt_sigprocmask resumed>[], 8) = 0 [pid 569] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[571]}, 88) = 571 [pid 569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 569] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 570] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 571 attached [pid 571] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 571] creat("./bus", 000 [pid 570] rt_sigprocmask(SIG_SETMASK, [], [pid 571] <... creat resumed>) = 3 [pid 570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 571] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 1 [pid 571] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 571] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 1 [pid 571] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 571] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 570] memfd_create("syzkaller", 0 [pid 569] <... futex resumed>) = 0 [pid 569] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 569] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 571] <... futex resumed>) = 1 [pid 571] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 571] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 569] <... futex resumed>) = 0 [pid 571] <... futex resumed>) = 1 [pid 571] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 570] <... memfd_create resumed>) = 5 [pid 570] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [ 122.388675][ T567] loop0: detected capacity change from 0 to 256 [ 122.396732][ T567] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.407453][ T567] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.417862][ T567] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 570] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 570] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 570] close(5) = 0 [pid 570] close(6) = 0 [pid 570] mkdir("./file0", 0777) = 0 [pid 570] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 570] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 570] chdir("./file0") = 0 [pid 570] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 570] ioctl(6, LOOP_CLR_FD) = 0 [pid 570] close(6) = 0 [pid 570] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 570] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 569] exit_group(0 [pid 571] <... futex resumed>) = ? [pid 569] <... exit_group resumed>) = ? [pid 571] +++ exited with 0 +++ [pid 570] <... futex resumed>) = ? [pid 570] +++ exited with 0 +++ [pid 569] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=569, si_uid=0, si_status=0, si_utime=0, si_stime=6} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/bus") = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 572 ./strace-static-x86_64: Process 572 attached [pid 572] set_robust_list(0x555594dc86a0, 24) = 0 [pid 572] chdir("./58") = 0 [pid 572] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 572] setpgid(0, 0) = 0 [pid 572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 572] write(3, "1000", 4) = 4 [pid 572] close(3) = 0 [pid 572] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 572] write(1, "executing program\n", 18) = 18 [pid 572] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 572] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[573]}, 88) = 573 [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 572] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[574]}, 88) = 574 ./strace-static-x86_64: Process 573 attached [pid 572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 572] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 574 attached [pid 574] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 574] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 574] creat("./bus", 000) = 3 [pid 573] set_robust_list(0x7fa7fb0989a0, 24 [pid 574] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 574] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 574] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 572] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 572] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 574] <... futex resumed>) = 1 [pid 574] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 574] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 572] <... futex resumed>) = 0 [pid 574] <... futex resumed>) = 1 [pid 574] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 573] <... set_robust_list resumed>) = 0 [pid 573] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 573] memfd_create("syzkaller", 0) = 5 [pid 573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 573] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 573] munmap(0x7fa7f2c57000, 138412032) = 0 [ 122.458138][ T570] loop0: detected capacity change from 0 to 256 [ 122.465764][ T570] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.476546][ T570] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.486861][ T570] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 573] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 573] close(5) = 0 [pid 573] close(6) = 0 [pid 573] mkdir("./file0", 0777) = 0 [pid 573] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 573] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 573] chdir("./file0") = 0 [pid 573] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 573] ioctl(6, LOOP_CLR_FD) = 0 [pid 573] close(6) = 0 [pid 573] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 573] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 572] exit_group(0 [pid 574] <... futex resumed>) = ? [pid 572] <... exit_group resumed>) = ? [pid 574] +++ exited with 0 +++ [pid 573] <... futex resumed>) = ? [pid 573] +++ exited with 0 +++ [pid 572] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=572, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/bus") = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 575 ./strace-static-x86_64: Process 575 attached [pid 575] set_robust_list(0x555594dc86a0, 24) = 0 [pid 575] chdir("./59") = 0 [pid 575] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 575] setpgid(0, 0) = 0 [pid 575] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 575] write(3, "1000", 4) = 4 [pid 575] close(3) = 0 [pid 575] symlink("/dev/binderfs", "./binderfs") = 0 [pid 575] write(1, "executing program\n", 18executing program ) = 18 [pid 575] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 575] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 575] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 576 attached => {parent_tid=[576]}, 88) = 576 [pid 576] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 576] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 575] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 575] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 576] <... futex resumed>) = 0 [pid 576] memfd_create("syzkaller", 0 [pid 575] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 576] <... memfd_create resumed>) = 3 [pid 576] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c78000 [pid 575] <... futex resumed>) = 0 [pid 575] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7f2c57000 [pid 575] mprotect(0x7fa7f2c58000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 575] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 576] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 575] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7f2c77990, parent_tid=0x7fa7f2c77990, exit_signal=0, stack=0x7fa7f2c57000, stack_size=0x20300, tls=0x7fa7f2c776c0}./strace-static-x86_64: Process 577 attached => {parent_tid=[577]}, 88) = 577 [pid 577] set_robust_list(0x7fa7f2c779a0, 24 [pid 576] <... write resumed>) = 131072 [pid 575] rt_sigprocmask(SIG_SETMASK, [], [pid 577] <... set_robust_list resumed>) = 0 [pid 577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 577] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] munmap(0x7fa7f2c78000, 138412032 [pid 575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 576] <... munmap resumed>) = 0 [pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 576] ioctl(4, LOOP_SET_FD, 3 [pid 575] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 575] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 0 [ 122.537638][ T573] loop0: detected capacity change from 0 to 256 [ 122.545468][ T573] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.555956][ T573] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.566474][ T573] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 577] creat("./bus", 000) = 5 [pid 577] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 1 [pid 577] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 577] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 1 [pid 577] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 577] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] <... futex resumed>) = 0 [pid 575] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 575] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 577] <... futex resumed>) = 1 [pid 577] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 577] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 575] <... futex resumed>) = 0 [pid 577] <... futex resumed>) = 1 [pid 577] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 576] <... ioctl resumed>) = 0 [pid 576] close(3) = 0 [pid 576] close(4) = 0 [pid 576] mkdir("./file0", 0777) = 0 [pid 576] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 576] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 576] chdir("./file0") = 0 [pid 576] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 576] ioctl(4, LOOP_CLR_FD) = 0 [pid 576] close(4) = 0 [pid 576] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 576] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 575] exit_group(0) = ? [pid 576] <... futex resumed>) = ? [pid 576] +++ exited with 0 +++ [pid 577] <... futex resumed>) = ? [pid 577] +++ exited with 0 +++ [pid 575] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=575, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/bus") = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 578 ./strace-static-x86_64: Process 578 attached [pid 578] set_robust_list(0x555594dc86a0, 24) = 0 executing program [pid 578] chdir("./60") = 0 [pid 578] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 578] setpgid(0, 0) = 0 [pid 578] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 578] write(3, "1000", 4) = 4 [pid 578] close(3) = 0 [pid 578] symlink("/dev/binderfs", "./binderfs") = 0 [pid 578] write(1, "executing program\n", 18) = 18 [pid 578] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 578] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 578] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[579]}, 88) = 579 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 578] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 578] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 578] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[580]}, 88) = 580 [pid 578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 578] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 579 attached [pid 579] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 579] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 579] memfd_create("syzkaller", 0) = 3 [pid 579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 579] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 580 attached [pid 580] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 580] creat("./bus", 000 [pid 579] <... write resumed>) = 131072 [pid 579] munmap(0x7fa7f2c57000, 138412032 [pid 580] <... creat resumed>) = 4 [pid 580] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 1 [pid 580] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 580] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 1 [pid 580] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 580] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 578] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 578] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 580] <... futex resumed>) = 1 [pid 580] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 580] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 578] <... futex resumed>) = 0 [pid 580] <... futex resumed>) = 1 [pid 580] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 579] <... munmap resumed>) = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.606622][ T576] loop0: detected capacity change from 0 to 256 [ 122.615373][ T576] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.626121][ T576] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.636885][ T576] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 579] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 579] close(3) = 0 [pid 579] close(6) = 0 [pid 579] mkdir("./file0", 0777) = 0 [pid 579] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 579] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 579] chdir("./file0") = 0 [pid 579] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 579] ioctl(6, LOOP_CLR_FD) = 0 [pid 579] close(6) = 0 [pid 579] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 579] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 578] exit_group(0 [pid 580] <... futex resumed>) = ? [pid 578] <... exit_group resumed>) = ? [pid 580] +++ exited with 0 +++ [pid 579] <... futex resumed>) = ? [pid 579] +++ exited with 0 +++ [pid 578] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=578, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/bus") = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 581 ./strace-static-x86_64: Process 581 attached [pid 581] set_robust_list(0x555594dc86a0, 24) = 0 [pid 581] chdir("./61") = 0 [pid 581] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 581] setpgid(0, 0) = 0 [pid 581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 581] write(3, "1000", 4) = 4 [pid 581] close(3) = 0 [pid 581] symlink("/dev/binderfs", "./binderfs") = 0 [pid 581] write(1, "executing program\n", 18executing program ) = 18 [pid 581] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 581] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[582]}, 88) = 582 [pid 581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 581] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 581] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 581] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[583]}, 88) = 583 ./strace-static-x86_64: Process 582 attached [pid 581] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 581] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 583 attached [pid 583] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 583] creat("./bus", 000 [pid 582] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 583] <... creat resumed>) = 3 [pid 583] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... futex resumed>) = 1 [pid 583] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 583] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... futex resumed>) = 1 [pid 583] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 583] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 581] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 581] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 583] <... futex resumed>) = 1 [pid 583] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 583] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 581] <... futex resumed>) = 0 [pid 583] <... futex resumed>) = 1 [pid 583] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 582] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 582] memfd_create("syzkaller", 0) = 5 [pid 582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 582] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 582] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.681546][ T579] loop0: detected capacity change from 0 to 256 [ 122.689875][ T579] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.700573][ T579] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.710639][ T579] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 582] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 582] close(5) = 0 [pid 582] close(6) = 0 [pid 582] mkdir("./file0", 0777) = 0 [pid 582] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 582] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 582] chdir("./file0") = 0 [pid 582] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 582] ioctl(6, LOOP_CLR_FD) = 0 [pid 582] close(6) = 0 [pid 582] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 582] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 581] exit_group(0) = ? [pid 582] <... futex resumed>) = ? [pid 582] +++ exited with 0 +++ [pid 583] <... futex resumed>) = ? [pid 583] +++ exited with 0 +++ [pid 581] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=581, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/bus") = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 585 ./strace-static-x86_64: Process 585 attached [pid 585] set_robust_list(0x555594dc86a0, 24) = 0 [pid 585] chdir("./62") = 0 [pid 585] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 585] setpgid(0, 0) = 0 [pid 585] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 585] write(3, "1000", 4) = 4 [pid 585] close(3) = 0 [pid 585] symlink("/dev/binderfs", "./binderfs") = 0 [pid 585] write(1, "executing program\n", 18) = 18 [pid 585] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 585] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 585] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[586]}, 88) = 586 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 585] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 585] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 585] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[587]}, 88) = 587 [pid 585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 585] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 586 attached [pid 586] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 586] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 586] memfd_create("syzkaller", 0) = 3 ./strace-static-x86_64: Process 587 attached [pid 586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 587] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 587] creat("./bus", 000) = 4 [pid 587] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 586] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 587] <... futex resumed>) = 1 [pid 587] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 586] <... write resumed>) = 131072 [pid 586] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 586] ioctl(5, LOOP_SET_FD, 3 [pid 587] <... mount resumed>) = 0 [pid 587] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 122.752461][ T582] loop0: detected capacity change from 0 to 256 [ 122.760224][ T582] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.771062][ T582] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.781859][ T582] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 587] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 585] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 587] <... futex resumed>) = 0 [pid 587] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 587] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 585] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 585] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 587] <... futex resumed>) = 1 [pid 587] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 587] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 585] <... futex resumed>) = 0 [pid 587] <... futex resumed>) = 1 [pid 587] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 586] <... ioctl resumed>) = 0 [pid 586] close(3) = 0 [pid 586] close(5) = 0 [pid 586] mkdir("./file0", 0777) = 0 [pid 586] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 586] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 586] chdir("./file0") = 0 [pid 586] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 586] ioctl(5, LOOP_CLR_FD) = 0 [pid 586] close(5) = 0 [pid 586] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 586] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 585] exit_group(0) = ? [pid 586] <... futex resumed>) = ? [pid 586] +++ exited with 0 +++ [pid 587] <... futex resumed>) = ? [pid 587] +++ exited with 0 +++ [pid 585] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=585, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/bus") = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 588 ./strace-static-x86_64: Process 588 attached [pid 588] set_robust_list(0x555594dc86a0, 24) = 0 [pid 588] chdir("./63") = 0 [pid 588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 588] setpgid(0, 0) = 0 [pid 588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 588] write(3, "1000", 4) = 4 [pid 588] close(3) = 0 [pid 588] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 588] write(1, "executing program\n", 18) = 18 [pid 588] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 588] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 589 attached => {parent_tid=[589]}, 88) = 589 [pid 588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 588] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 588] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 588] rt_sigprocmask(SIG_BLOCK, ~[], [pid 589] set_robust_list(0x7fa7fb0989a0, 24 [pid 588] <... rt_sigprocmask resumed>[], 8) = 0 [pid 588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 590 attached [pid 589] <... set_robust_list resumed>) = 0 [pid 588] <... clone3 resumed> => {parent_tid=[590]}, 88) = 590 [pid 588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 588] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] set_robust_list(0x7fa7fb0779a0, 24 [pid 589] rt_sigprocmask(SIG_SETMASK, [], [pid 590] <... set_robust_list resumed>) = 0 [pid 590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 590] creat("./bus", 000 [pid 589] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 589] memfd_create("syzkaller", 0 [pid 590] <... creat resumed>) = 3 [pid 589] <... memfd_create resumed>) = 4 [pid 589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 590] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 590] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] <... futex resumed>) = 0 [pid 590] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 590] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 589] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 590] <... futex resumed>) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 590] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 588] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 588] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 590] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 590] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 588] <... futex resumed>) = 0 [pid 590] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 589] <... write resumed>) = 131072 [pid 589] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.817529][ T586] loop0: detected capacity change from 0 to 256 [ 122.826345][ T586] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.837173][ T586] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.848044][ T586] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 589] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 589] close(4) = 0 [pid 589] close(6) = 0 [pid 589] mkdir("./file0", 0777) = 0 [pid 589] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 589] chdir("./file0") = 0 [pid 589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 589] ioctl(6, LOOP_CLR_FD) = 0 [pid 589] close(6) = 0 [pid 589] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 589] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 588] exit_group(0) = ? [pid 589] <... futex resumed>) = ? [pid 589] +++ exited with 0 +++ [pid 590] <... futex resumed>) = ? [pid 590] +++ exited with 0 +++ [pid 588] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=588, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/bus") = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 591 ./strace-static-x86_64: Process 591 attached [pid 591] set_robust_list(0x555594dc86a0, 24) = 0 [pid 591] chdir("./64") = 0 [pid 591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 591] setpgid(0, 0) = 0 [pid 591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 591] write(3, "1000", 4) = 4 [pid 591] close(3) = 0 [pid 591] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 591] write(1, "executing program\n", 18) = 18 [pid 591] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 591] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[592]}, 88) = 592 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 591] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[593]}, 88) = 593 [pid 591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 591] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 593 attached [pid 593] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 593] creat("./bus", 000) = 3 [pid 593] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 593] <... futex resumed>) = 1 [pid 593] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 593] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 593] <... futex resumed>) = 1 [pid 593] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 593] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 591] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 591] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 593] <... futex resumed>) = 1 [pid 593] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 593] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 591] <... futex resumed>) = 0 [pid 593] <... futex resumed>) = 1 [pid 593] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 592 attached [pid 592] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 592] memfd_create("syzkaller", 0) = 5 [pid 592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 592] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 592] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.884530][ T589] loop0: detected capacity change from 0 to 256 [ 122.892123][ T589] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.902787][ T589] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.913114][ T589] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 592] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 592] close(5) = 0 [pid 592] close(6) = 0 [pid 592] mkdir("./file0", 0777) = 0 [pid 592] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 592] chdir("./file0") = 0 [pid 592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 592] ioctl(6, LOOP_CLR_FD) = 0 [pid 592] close(6) = 0 [pid 592] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 592] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 591] exit_group(0 [pid 593] <... futex resumed>) = ? [pid 591] <... exit_group resumed>) = ? [pid 593] +++ exited with 0 +++ [pid 592] <... futex resumed>) = ? [pid 592] +++ exited with 0 +++ [pid 591] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=591, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./64/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/bus") = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program ) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 594 ./strace-static-x86_64: Process 594 attached [pid 594] set_robust_list(0x555594dc86a0, 24) = 0 [pid 594] chdir("./65") = 0 [pid 594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 594] setpgid(0, 0) = 0 [pid 594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 594] write(3, "1000", 4) = 4 [pid 594] close(3) = 0 [pid 594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 594] write(1, "executing program\n", 18) = 18 [pid 594] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 594] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[595]}, 88) = 595 [pid 594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 594] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 594] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[596]}, 88) = 596 [pid 594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 594] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 596 attached [pid 596] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 596] creat("./bus", 000) = 3 [pid 596] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 596] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 596] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 594] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 594] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 596] <... futex resumed>) = 1 [pid 596] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 596] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 594] <... futex resumed>) = 0 [pid 596] <... futex resumed>) = 1 [pid 596] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 595 attached [pid 595] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 595] memfd_create("syzkaller", 0) = 5 [pid 595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 595] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 595] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 122.949860][ T592] loop0: detected capacity change from 0 to 256 [ 122.957360][ T592] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 122.967877][ T592] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 122.978303][ T592] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 595] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 595] close(5) = 0 [pid 595] close(6) = 0 [pid 595] mkdir("./file0", 0777) = 0 [pid 595] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 595] chdir("./file0") = 0 [pid 595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 595] ioctl(6, LOOP_CLR_FD) = 0 [pid 595] close(6) = 0 [pid 595] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 595] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 594] exit_group(0) = ? [pid 595] <... futex resumed>) = ? [pid 595] +++ exited with 0 +++ [pid 596] <... futex resumed>) = ? [pid 596] +++ exited with 0 +++ [pid 594] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=594, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/bus") = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 597 ./strace-static-x86_64: Process 597 attached [pid 597] set_robust_list(0x555594dc86a0, 24) = 0 [pid 597] chdir("./66") = 0 [pid 597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 597] setpgid(0, 0) = 0 [pid 597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 597] write(3, "1000", 4) = 4 [pid 597] close(3) = 0 [pid 597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 597] write(1, "executing program\n", 18) = 18 [pid 597] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 597] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[598]}, 88) = 598 [pid 597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 597] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 597] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 598 attached [pid 597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 598] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 598] memfd_create("syzkaller", 0) = 3 [pid 597] <... clone3 resumed> => {parent_tid=[599]}, 88) = 599 ./strace-static-x86_64: Process 599 attached [pid 598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 599] set_robust_list(0x7fa7fb0779a0, 24 [pid 598] <... mmap resumed>) = 0x7fa7f2c57000 [pid 597] rt_sigprocmask(SIG_SETMASK, [], [pid 599] <... set_robust_list resumed>) = 0 [pid 599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 599] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 597] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 599] <... futex resumed>) = 0 [pid 599] creat("./bus", 000 [pid 597] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] <... creat resumed>) = 4 [pid 598] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [ 123.015534][ T595] loop0: detected capacity change from 0 to 256 [ 123.024084][ T595] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.034639][ T595] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.044716][ T595] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 599] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 599] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 597] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 598] <... write resumed>) = 131072 [pid 598] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 598] ioctl(5, LOOP_SET_FD, 3 [pid 599] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 597] <... futex resumed>) = 0 [pid 599] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 597] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 599] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 597] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 597] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 599] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 599] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 597] <... futex resumed>) = 0 [pid 599] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 598] <... ioctl resumed>) = 0 [pid 598] close(3) = 0 [pid 598] close(5) = 0 [pid 598] mkdir("./file0", 0777) = 0 [pid 598] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 598] chdir("./file0") = 0 [pid 598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 598] ioctl(5, LOOP_CLR_FD) = 0 [pid 598] close(5) = 0 [pid 598] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 597] exit_group(0) = ? [pid 599] <... futex resumed>) = ? [pid 598] <... futex resumed>) = ? [pid 599] +++ exited with 0 +++ [pid 598] +++ exited with 0 +++ [pid 597] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=597, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/bus") = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 600 ./strace-static-x86_64: Process 600 attached [pid 600] set_robust_list(0x555594dc86a0, 24) = 0 [pid 600] chdir("./67") = 0 [pid 600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 600] setpgid(0, 0) = 0 [pid 600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 600] write(3, "1000", 4) = 4 [pid 600] close(3) = 0 [pid 600] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 600] write(1, "executing program\n", 18) = 18 [pid 600] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 600] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[601]}, 88) = 601 ./strace-static-x86_64: Process 601 attached [pid 600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 600] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 600] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 601] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 600] <... mprotect resumed>) = 0 [pid 600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 601] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 602 attached NULL, 8) = 0 [pid 602] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 601] memfd_create("syzkaller", 0 [pid 600] <... clone3 resumed> => {parent_tid=[602]}, 88) = 602 [pid 601] <... memfd_create resumed>) = 3 [pid 601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 600] rt_sigprocmask(SIG_SETMASK, [], [pid 602] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 600] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] <... futex resumed>) = 0 [pid 602] creat("./bus", 000 [pid 601] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 602] <... creat resumed>) = 4 [pid 600] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 602] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... write resumed>) = 131072 [pid 600] <... futex resumed>) = 0 [pid 601] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 601] ioctl(5, LOOP_SET_FD, 3 [pid 600] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] <... futex resumed>) = 0 [ 123.097570][ T598] loop0: detected capacity change from 0 to 256 [ 123.105840][ T598] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.116307][ T598] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.126561][ T598] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 602] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 602] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 602] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] <... futex resumed>) = 0 [pid 600] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 600] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 602] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 602] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 600] <... futex resumed>) = 0 [pid 602] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 601] <... ioctl resumed>) = 0 [pid 601] close(3) = 0 [pid 601] close(5) = 0 [pid 601] mkdir("./file0", 0777) = 0 [pid 601] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 601] chdir("./file0") = 0 [pid 601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 601] ioctl(5, LOOP_CLR_FD) = 0 [pid 601] close(5) = 0 [pid 601] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 601] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 600] exit_group(0) = ? [pid 602] <... futex resumed>) = ? [pid 601] <... futex resumed>) = ? [pid 602] +++ exited with 0 +++ [pid 601] +++ exited with 0 +++ [pid 600] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=600, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/bus") = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 603 ./strace-static-x86_64: Process 603 attached [pid 603] set_robust_list(0x555594dc86a0, 24) = 0 [pid 603] chdir("./68") = 0 [pid 603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 603] setpgid(0, 0) = 0 [pid 603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 603] write(3, "1000", 4) = 4 [pid 603] close(3) = 0 [pid 603] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 603] write(1, "executing program\n", 18) = 18 [pid 603] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 603] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[604]}, 88) = 604 [pid 603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 603] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 603] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[605]}, 88) = 605 [pid 603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 603] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 605 attached [pid 605] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 605] creat("./bus", 000) = 3 [pid 605] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 605] <... futex resumed>) = 1 [pid 605] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 605] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 605] <... futex resumed>) = 1 [pid 605] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 605] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 603] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 603] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 605] <... futex resumed>) = 1 [pid 605] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 605] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 603] <... futex resumed>) = 0 [pid 605] <... futex resumed>) = 1 [pid 605] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 604 attached [pid 604] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 604] memfd_create("syzkaller", 0) = 5 [pid 604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 604] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 604] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.165027][ T601] loop0: detected capacity change from 0 to 256 [ 123.173312][ T601] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.183926][ T601] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.194583][ T601] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 604] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 604] close(5) = 0 [pid 604] close(6) = 0 [pid 604] mkdir("./file0", 0777) = 0 [pid 604] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 604] chdir("./file0") = 0 [pid 604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 604] ioctl(6, LOOP_CLR_FD) = 0 [pid 604] close(6) = 0 [pid 604] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 604] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 603] exit_group(0) = ? [pid 604] <... futex resumed>) = ? [pid 604] +++ exited with 0 +++ [pid 605] <... futex resumed>) = ? [pid 605] +++ exited with 0 +++ [pid 603] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=603, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/bus") = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 606 ./strace-static-x86_64: Process 606 attached [pid 606] set_robust_list(0x555594dc86a0, 24) = 0 [pid 606] chdir("./69") = 0 [pid 606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 606] setpgid(0, 0) = 0 [pid 606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 606] write(3, "1000", 4) = 4 [pid 606] close(3) = 0 [pid 606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 606] write(1, "executing program\n", 18executing program ) = 18 [pid 606] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 606] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[607]}, 88) = 607 [pid 606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 606] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 606] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 607 attached [pid 607] set_robust_list(0x7fa7fb0989a0, 24) = 0 ./strace-static-x86_64: Process 608 attached [pid 607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 607] memfd_create("syzkaller", 0) = 3 [pid 607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 606] <... clone3 resumed> => {parent_tid=[608]}, 88) = 608 [pid 608] set_robust_list(0x7fa7fb0779a0, 24 [pid 606] rt_sigprocmask(SIG_SETMASK, [], [pid 608] <... set_robust_list resumed>) = 0 [pid 606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 608] rt_sigprocmask(SIG_SETMASK, [], [pid 606] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 606] <... futex resumed>) = 0 [pid 608] creat("./bus", 000 [pid 606] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 607] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 608] <... creat resumed>) = 4 [pid 608] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... write resumed>) = 131072 [pid 607] munmap(0x7fa7f2c57000, 138412032 [pid 606] <... futex resumed>) = 0 [pid 608] <... futex resumed>) = 1 [pid 608] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 606] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 607] <... munmap resumed>) = 0 [pid 608] <... mount resumed>) = 0 [pid 608] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 608] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] <... futex resumed>) = 1 [pid 606] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 606] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 0 [pid 608] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 608] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 [pid 606] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 606] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 608] <... futex resumed>) = 1 [pid 608] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 608] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 606] <... futex resumed>) = 0 [pid 608] <... futex resumed>) = 1 [pid 608] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.235799][ T604] loop0: detected capacity change from 0 to 256 [ 123.244160][ T604] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.254721][ T604] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.264903][ T604] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 607] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 607] close(3) = 0 [pid 607] close(6) = 0 [pid 607] mkdir("./file0", 0777) = 0 [pid 607] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 607] chdir("./file0") = 0 [pid 607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 607] ioctl(6, LOOP_CLR_FD) = 0 [pid 607] close(6) = 0 [pid 607] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 607] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 606] exit_group(0 [pid 608] <... futex resumed>) = ? [pid 606] <... exit_group resumed>) = ? [pid 608] +++ exited with 0 +++ [pid 607] <... futex resumed>) = ? [pid 607] +++ exited with 0 +++ [pid 606] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=606, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/bus") = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 609 ./strace-static-x86_64: Process 609 attached [pid 609] set_robust_list(0x555594dc86a0, 24) = 0 [pid 609] chdir("./70") = 0 [pid 609] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 609] setpgid(0, 0) = 0 [pid 609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 609] write(3, "1000", 4) = 4 [pid 609] close(3) = 0 [pid 609] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 609] write(1, "executing program\n", 18) = 18 [pid 609] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 609] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 610 attached => {parent_tid=[610]}, 88) = 610 [pid 610] set_robust_list(0x7fa7fb0989a0, 24 [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 609] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 609] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 610] <... set_robust_list resumed>) = 0 [pid 609] <... clone3 resumed> => {parent_tid=[611]}, 88) = 611 ./strace-static-x86_64: Process 611 attached [pid 610] rt_sigprocmask(SIG_SETMASK, [], [pid 609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 609] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 611] creat("./bus", 000 [pid 610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 610] memfd_create("syzkaller", 0) = 4 [pid 611] <... creat resumed>) = 3 [pid 610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 611] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 611] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 610] <... mmap resumed>) = 0x7fa7f2c57000 [pid 609] <... futex resumed>) = 0 [pid 611] <... mount resumed>) = 0 [pid 609] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 610] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 611] <... open resumed>) = 5 [pid 611] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 610] <... write resumed>) = 131072 [pid 610] munmap(0x7fa7f2c57000, 138412032 [pid 611] <... futex resumed>) = 1 [pid 609] <... futex resumed>) = 0 [pid 609] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 609] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 611] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 610] <... munmap resumed>) = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_SET_FD, 4 [pid 611] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 611] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 123.305604][ T607] loop0: detected capacity change from 0 to 256 [ 123.313443][ T607] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.324477][ T607] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.335049][ T607] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 609] <... futex resumed>) = 0 [pid 611] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 610] <... ioctl resumed>) = 0 [pid 610] close(4) = 0 [pid 610] close(6) = 0 [pid 610] mkdir("./file0", 0777) = 0 [pid 610] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 610] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 610] chdir("./file0") = 0 [pid 610] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 610] ioctl(6, LOOP_CLR_FD) = 0 [pid 610] close(6) = 0 [pid 610] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 610] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 609] exit_group(0 [pid 611] <... futex resumed>) = ? [pid 609] <... exit_group resumed>) = ? [pid 611] +++ exited with 0 +++ [pid 610] <... futex resumed>) = ? [pid 610] +++ exited with 0 +++ [pid 609] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=609, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/bus") = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 612 ./strace-static-x86_64: Process 612 attached [pid 612] set_robust_list(0x555594dc86a0, 24) = 0 [pid 612] chdir("./71") = 0 [pid 612] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 612] setpgid(0, 0) = 0 [pid 612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 612] write(3, "1000", 4) = 4 [pid 612] close(3) = 0 [pid 612] symlink("/dev/binderfs", "./binderfs") = 0 [pid 612] write(1, "executing program\n", 18executing program ) = 18 [pid 612] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 612] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 613 attached [pid 613] set_robust_list(0x7fa7fb0989a0, 24 [pid 612] <... clone3 resumed> => {parent_tid=[613]}, 88) = 613 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 612] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 613] <... set_robust_list resumed>) = 0 [pid 612] <... mprotect resumed>) = 0 [pid 612] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 613] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 614 attached NULL, 8) = 0 [pid 612] <... clone3 resumed> => {parent_tid=[614]}, 88) = 614 [pid 612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 612] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 614] creat("./bus", 000 [pid 613] memfd_create("syzkaller", 0 [pid 614] <... creat resumed>) = 3 [pid 613] <... memfd_create resumed>) = 4 [pid 614] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 613] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 614] <... mount resumed>) = 0 [pid 614] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 614] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 612] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 612] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 614] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 614] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 612] <... futex resumed>) = 0 [pid 614] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 613] <... mmap resumed>) = 0x7fa7f2c57000 [pid 613] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 613] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.373777][ T610] loop0: detected capacity change from 0 to 256 [ 123.381297][ T610] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.391983][ T610] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.402671][ T610] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 613] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 613] close(4) = 0 [pid 613] close(6) = 0 [pid 613] mkdir("./file0", 0777) = 0 [pid 613] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 613] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 613] chdir("./file0") = 0 [pid 613] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 613] ioctl(6, LOOP_CLR_FD) = 0 [pid 613] close(6) = 0 [pid 613] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 613] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 612] exit_group(0) = ? [pid 613] <... futex resumed>) = ? [pid 613] +++ exited with 0 +++ [pid 614] <... futex resumed>) = ? [pid 614] +++ exited with 0 +++ [pid 612] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=612, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/bus") = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 615 ./strace-static-x86_64: Process 615 attached [pid 615] set_robust_list(0x555594dc86a0, 24) = 0 [pid 615] chdir("./72") = 0 [pid 615] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 615] setpgid(0, 0) = 0 [pid 615] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 615] write(3, "1000", 4) = 4 [pid 615] close(3) = 0 [pid 615] symlink("/dev/binderfs", "./binderfs") = 0 [pid 615] write(1, "executing program\n", 18executing program ) = 18 [pid 615] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 615] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 615] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[616]}, 88) = 616 [pid 615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 615] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 615] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 615] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 615] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[617]}, 88) = 617 [pid 615] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 615] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 616 attached ./strace-static-x86_64: Process 617 attached [pid 617] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 617] creat("./bus", 000 [pid 616] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 616] rt_sigprocmask(SIG_SETMASK, [], [pid 617] <... creat resumed>) = 3 [pid 616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 617] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 616] memfd_create("syzkaller", 0) = 4 [pid 616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 617] <... futex resumed>) = 1 [pid 615] <... futex resumed>) = 0 [pid 615] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 617] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 616] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 617] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 616] <... write resumed>) = 131072 [pid 617] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 615] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 616] munmap(0x7fa7f2c57000, 138412032 [pid 617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 617] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 616] <... munmap resumed>) = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 616] ioctl(5, LOOP_SET_FD, 4 [pid 617] <... open resumed>) = 6 [pid 617] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 617] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] <... futex resumed>) = 0 [ 123.446542][ T613] loop0: detected capacity change from 0 to 256 [ 123.454478][ T613] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.465633][ T613] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.476120][ T613] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 615] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 617] <... futex resumed>) = 0 [pid 617] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 617] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 615] <... futex resumed>) = 0 [pid 617] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 616] <... ioctl resumed>) = 0 [pid 616] close(4) = 0 [pid 616] close(5) = 0 [pid 616] mkdir("./file0", 0777) = 0 [pid 616] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 616] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 616] chdir("./file0") = 0 [pid 616] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 616] ioctl(5, LOOP_CLR_FD) = 0 [pid 616] close(5) = 0 [pid 616] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 616] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 615] exit_group(0 [pid 617] <... futex resumed>) = ? [pid 617] +++ exited with 0 +++ [pid 615] <... exit_group resumed>) = ? [pid 616] <... futex resumed>) = ? [pid 616] +++ exited with 0 +++ [pid 615] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=615, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/bus") = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 618 ./strace-static-x86_64: Process 618 attached [pid 618] set_robust_list(0x555594dc86a0, 24) = 0 [pid 618] chdir("./73") = 0 [pid 618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 618] setpgid(0, 0) = 0 [pid 618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 618] write(3, "1000", 4) = 4 [pid 618] close(3) = 0 [pid 618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 618] write(1, "executing program\n", 18executing program ) = 18 [pid 618] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 618] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[619]}, 88) = 619 [pid 618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 618] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 618] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[620]}, 88) = 620 [pid 618] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 618] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 620 attached [pid 620] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] creat("./bus", 000) = 3 [pid 620] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 620] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 620] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 618] <... futex resumed>) = 0 [pid 618] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 618] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 620] <... futex resumed>) = 1 [pid 620] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 620] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 618] <... futex resumed>) = 0 ./strace-static-x86_64: Process 619 attached [pid 620] <... futex resumed>) = 1 [pid 619] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 620] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 619] memfd_create("syzkaller", 0) = 5 [pid 619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 619] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 619] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.521015][ T616] loop0: detected capacity change from 0 to 256 [ 123.529653][ T616] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.540353][ T616] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.550984][ T616] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 619] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 619] close(5) = 0 [pid 619] close(6) = 0 [pid 619] mkdir("./file0", 0777) = 0 [pid 619] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 619] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 619] chdir("./file0") = 0 [pid 619] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 619] ioctl(6, LOOP_CLR_FD) = 0 [pid 619] close(6) = 0 [pid 619] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 619] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 618] exit_group(0 [pid 620] <... futex resumed>) = ? [pid 618] <... exit_group resumed>) = ? [pid 620] +++ exited with 0 +++ [pid 619] <... futex resumed>) = ? [pid 619] +++ exited with 0 +++ [pid 618] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=618, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/bus") = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 621 ./strace-static-x86_64: Process 621 attached [pid 621] set_robust_list(0x555594dc86a0, 24) = 0 [pid 621] chdir("./74") = 0 [pid 621] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 621] setpgid(0, 0) = 0 [pid 621] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 621] write(3, "1000", 4) = 4 [pid 621] close(3) = 0 [pid 621] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 621] write(1, "executing program\n", 18) = 18 [pid 621] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 621] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 621] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[622]}, 88) = 622 [pid 621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 621] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 621] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 621] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 622 attached [pid 621] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 622] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 622] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 622] memfd_create("syzkaller", 0) = 3 [pid 622] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 623 attached [pid 621] <... clone3 resumed> => {parent_tid=[623]}, 88) = 623 [pid 623] set_robust_list(0x7fa7fb0779a0, 24 [pid 621] rt_sigprocmask(SIG_SETMASK, [], [pid 623] <... set_robust_list resumed>) = 0 [pid 621] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 623] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 621] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 623] creat("./bus", 000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 623] <... creat resumed>) = 4 [pid 623] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 623] <... futex resumed>) = 1 [pid 623] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 622] <... write resumed>) = 131072 [pid 621] <... futex resumed>) = 1 [pid 623] <... futex resumed>) = 0 [pid 622] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 621] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 623] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [ 123.592188][ T619] loop0: detected capacity change from 0 to 256 [ 123.599679][ T619] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.610338][ T619] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.620660][ T619] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 622] ioctl(5, LOOP_SET_FD, 3 [pid 623] <... mount resumed>) = 0 [pid 623] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 623] <... futex resumed>) = 1 [pid 623] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 623] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 621] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 621] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 623] <... futex resumed>) = 1 [pid 623] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 623] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 621] <... futex resumed>) = 0 [pid 623] <... futex resumed>) = 1 [pid 623] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 622] <... ioctl resumed>) = 0 [pid 622] close(3) = 0 [pid 622] close(5) = 0 [pid 622] mkdir("./file0", 0777) = 0 [pid 622] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 622] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 622] chdir("./file0") = 0 [pid 622] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 622] ioctl(5, LOOP_CLR_FD) = 0 [pid 622] close(5) = 0 [pid 622] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 622] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 621] exit_group(0 [pid 623] <... futex resumed>) = ? [pid 621] <... exit_group resumed>) = ? [pid 623] +++ exited with 0 +++ [pid 622] <... futex resumed>) = ? [pid 622] +++ exited with 0 +++ [pid 621] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=621, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/bus") = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 624 ./strace-static-x86_64: Process 624 attached [pid 624] set_robust_list(0x555594dc86a0, 24) = 0 [pid 624] chdir("./75") = 0 [pid 624] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 624] setpgid(0, 0) = 0 [pid 624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 624] write(3, "1000", 4) = 4 [pid 624] close(3executing program ) = 0 [pid 624] symlink("/dev/binderfs", "./binderfs") = 0 [pid 624] write(1, "executing program\n", 18) = 18 [pid 624] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 624] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[625]}, 88) = 625 [pid 624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 624] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 624] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 624] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[626]}, 88) = 626 [pid 624] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 624] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 626 attached [pid 626] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 626] creat("./bus", 000) = 3 [pid 626] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 624] <... futex resumed>) = 0 [pid 624] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 626] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 624] <... futex resumed>) = 0 [pid 624] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 626] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 624] <... futex resumed>) = 0 [pid 624] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 626] <... futex resumed>) = 1 [pid 626] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 626] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 624] <... futex resumed>) = 0 [pid 626] <... futex resumed>) = 1 [pid 626] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 625 attached [pid 625] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 625] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 625] memfd_create("syzkaller", 0) = 5 [pid 625] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 625] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 625] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.659195][ T622] loop0: detected capacity change from 0 to 256 [ 123.666871][ T622] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.677367][ T622] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.688166][ T622] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 625] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 625] close(5) = 0 [pid 625] close(6) = 0 [pid 625] mkdir("./file0", 0777) = 0 [pid 625] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 625] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 625] chdir("./file0") = 0 [pid 625] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 625] ioctl(6, LOOP_CLR_FD) = 0 [pid 625] close(6) = 0 [pid 625] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 624] exit_group(0 [pid 626] <... futex resumed>) = ? [pid 624] <... exit_group resumed>) = ? [pid 626] +++ exited with 0 +++ [pid 625] +++ exited with 0 +++ [pid 624] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=624, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/binderfs") = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./75/bus") = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 627 ./strace-static-x86_64: Process 627 attached [pid 627] set_robust_list(0x555594dc86a0, 24) = 0 [pid 627] chdir("./76") = 0 [pid 627] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 627] setpgid(0, 0) = 0 [pid 627] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 627] write(3, "1000", 4) = 4 [pid 627] close(3) = 0 [pid 627] symlink("/dev/binderfs", "./binderfs") = 0 [pid 627] write(1, "executing program\n", 18executing program ) = 18 [pid 627] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 627] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 627] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[628]}, 88) = 628 ./strace-static-x86_64: Process 628 attached [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 627] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 627] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 627] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[629]}, 88) = 629 [pid 627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 627] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 628] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 628] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 628] memfd_create("syzkaller", 0./strace-static-x86_64: Process 629 attached ) = 3 [pid 628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 629] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 629] creat("./bus", 000 [pid 628] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 629] <... creat resumed>) = 4 [pid 629] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 629] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 628] <... write resumed>) = 131072 [pid 628] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 628] ioctl(5, LOOP_SET_FD, 3 [pid 629] <... mount resumed>) = 0 [pid 629] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 123.727178][ T625] loop0: detected capacity change from 0 to 256 [ 123.735367][ T625] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.745994][ T625] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.756454][ T625] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 629] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 627] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 629] <... futex resumed>) = 0 [pid 629] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 629] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 627] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 627] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 629] <... futex resumed>) = 1 [pid 629] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 629] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 627] <... futex resumed>) = 0 [pid 629] <... futex resumed>) = 1 [pid 629] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 628] <... ioctl resumed>) = 0 [pid 628] close(3) = 0 [pid 628] close(5) = 0 [pid 628] mkdir("./file0", 0777) = 0 [pid 628] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 628] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 628] chdir("./file0") = 0 [pid 628] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 628] ioctl(5, LOOP_CLR_FD) = 0 [pid 628] close(5) = 0 [pid 628] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 628] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 627] exit_group(0 [pid 629] <... futex resumed>) = ? [pid 627] <... exit_group resumed>) = ? [pid 629] +++ exited with 0 +++ [pid 628] <... futex resumed>) = ? [pid 628] +++ exited with 0 +++ [pid 627] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=627, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/bus") = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 631 ./strace-static-x86_64: Process 631 attached [pid 631] set_robust_list(0x555594dc86a0, 24) = 0 [pid 631] chdir("./77") = 0 [pid 631] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 631] setpgid(0, 0) = 0 [pid 631] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 631] write(3, "1000", 4) = 4 [pid 631] close(3) = 0 [pid 631] symlink("/dev/binderfs", "./binderfs") = 0 [pid 631] write(1, "executing program\n", 18) = 18 [pid 631] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 631] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 631] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[632]}, 88) = 632 [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 631] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 631] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 631] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 631] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[633]}, 88) = 633 [pid 631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 631] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 633 attached [pid 633] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 633] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 633] creat("./bus", 000) = 3 [pid 633] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 633] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 633] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 631] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 631] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 633] <... futex resumed>) = 1 [pid 633] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 633] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 631] <... futex resumed>) = 0 [pid 633] <... futex resumed>) = 1 [pid 633] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 632 attached [pid 632] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 632] memfd_create("syzkaller", 0) = 5 [pid 632] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 632] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 632] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.793206][ T628] loop0: detected capacity change from 0 to 256 [ 123.801651][ T628] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.812342][ T628] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.822366][ T628] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 632] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 632] close(5) = 0 [pid 632] close(6) = 0 [pid 632] mkdir("./file0", 0777) = 0 [pid 632] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 632] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 632] chdir("./file0") = 0 [pid 632] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 632] ioctl(6, LOOP_CLR_FD) = 0 [pid 632] close(6) = 0 [pid 632] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 632] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 631] exit_group(0) = ? [pid 632] <... futex resumed>) = ? [pid 632] +++ exited with 0 +++ [pid 633] <... futex resumed>) = ? [pid 633] +++ exited with 0 +++ [pid 631] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=631, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/bus") = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 634 ./strace-static-x86_64: Process 634 attached [pid 634] set_robust_list(0x555594dc86a0, 24) = 0 [pid 634] chdir("./78") = 0 [pid 634] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 634] setpgid(0, 0) = 0 executing program [pid 634] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 634] write(3, "1000", 4) = 4 [pid 634] close(3) = 0 [pid 634] symlink("/dev/binderfs", "./binderfs") = 0 [pid 634] write(1, "executing program\n", 18) = 18 [pid 634] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 634] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 634] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[635]}, 88) = 635 [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 634] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 634] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 634] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[636]}, 88) = 636 [pid 634] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 634] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 636 attached [pid 636] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 636] creat("./bus", 000) = 3 [pid 636] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 636] <... futex resumed>) = 1 [pid 636] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 636] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 636] <... futex resumed>) = 1 [pid 636] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 636] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 634] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 634] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 636] <... futex resumed>) = 1 [pid 636] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 636] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 634] <... futex resumed>) = 0 [pid 636] <... futex resumed>) = 1 [pid 636] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 635 attached [pid 635] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 635] memfd_create("syzkaller", 0) = 5 [pid 635] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 635] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 635] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.860910][ T632] loop0: detected capacity change from 0 to 256 [ 123.869444][ T632] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.880143][ T632] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 123.890834][ T632] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 635] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 635] close(5) = 0 [pid 635] close(6) = 0 [pid 635] mkdir("./file0", 0777) = 0 [ 123.929373][ T635] loop0: detected capacity change from 0 to 256 [ 123.948433][ T635] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.958871][ T635] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 635] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 635] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 635] chdir("./file0") = 0 [pid 635] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 635] ioctl(6, LOOP_CLR_FD) = 0 [pid 635] close(6) = 0 [pid 635] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 635] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 634] exit_group(0 [pid 636] <... futex resumed>) = ? [pid 634] <... exit_group resumed>) = ? [pid 636] +++ exited with 0 +++ [pid 635] <... futex resumed>) = ? [pid 635] +++ exited with 0 +++ [pid 634] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=634, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/bus") = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 637 ./strace-static-x86_64: Process 637 attached [pid 637] set_robust_list(0x555594dc86a0, 24) = 0 [pid 637] chdir("./79") = 0 [pid 637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 637] setpgid(0, 0) = 0 [pid 637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 637] write(3, "1000", 4) = 4 [pid 637] close(3) = 0 [pid 637] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 637] write(1, "executing program\n", 18) = 18 [pid 637] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 637] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[638]}, 88) = 638 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 637] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 637] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[639]}, 88) = 639 [pid 637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 637] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 639 attached [pid 639] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 639] creat("./bus", 000) = 3 [pid 639] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] <... futex resumed>) = 1 [pid 639] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 639] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] <... futex resumed>) = 1 [pid 639] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 639] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 637] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 637] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 639] <... futex resumed>) = 1 [pid 639] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 639] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 637] <... futex resumed>) = 0 [pid 639] <... futex resumed>) = 1 [pid 639] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 638 attached [pid 638] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 638] memfd_create("syzkaller", 0) = 5 [pid 638] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 638] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 638] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 123.969729][ T635] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 638] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 638] close(5) = 0 [pid 638] close(6) = 0 [pid 638] mkdir("./file0", 0777) = 0 [pid 638] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 638] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 638] chdir("./file0") = 0 [pid 638] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 638] ioctl(6, LOOP_CLR_FD) = 0 [pid 638] close(6) = 0 [pid 638] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 638] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 637] exit_group(0 [pid 639] <... futex resumed>) = ? [pid 637] <... exit_group resumed>) = ? [pid 639] +++ exited with 0 +++ [pid 638] <... futex resumed>) = ? [pid 638] +++ exited with 0 +++ [pid 637] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=637, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/bus") = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 640 ./strace-static-x86_64: Process 640 attached [pid 640] set_robust_list(0x555594dc86a0, 24) = 0 [pid 640] chdir("./80") = 0 [pid 640] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 640] setpgid(0, 0) = 0 [pid 640] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 640] write(3, "1000", 4) = 4 [pid 640] close(3) = 0 [pid 640] symlink("/dev/binderfs", "./binderfs") = 0 [pid 640] write(1, "executing program\n", 18executing program ) = 18 [pid 640] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 640] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 640] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[641]}, 88) = 641 [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 640] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 640] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 640] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[642]}, 88) = 642 [pid 640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 640] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 642 attached [pid 642] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 642] creat("./bus", 000) = 3 [pid 642] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 640] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] <... futex resumed>) = 1 [pid 642] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 642] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 640] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] <... futex resumed>) = 1 [pid 642] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 642] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 640] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 640] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 642] <... futex resumed>) = 1 [pid 642] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 642] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 640] <... futex resumed>) = 0 [pid 642] <... futex resumed>) = 1 [pid 642] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 641 attached [pid 641] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 641] memfd_create("syzkaller", 0) = 5 [pid 641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 641] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 641] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.008605][ T638] loop0: detected capacity change from 0 to 256 [ 124.016413][ T638] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.026949][ T638] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.037356][ T638] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 641] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 641] close(5) = 0 [pid 641] close(6) = 0 [pid 641] mkdir("./file0", 0777) = 0 [pid 641] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 641] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 641] chdir("./file0") = 0 [pid 641] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 641] ioctl(6, LOOP_CLR_FD) = 0 [pid 641] close(6) = 0 [pid 641] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 641] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 640] exit_group(0) = ? [pid 641] <... futex resumed>) = ? [pid 641] +++ exited with 0 +++ [pid 642] <... futex resumed>) = ? [pid 642] +++ exited with 0 +++ [pid 640] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=640, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/bus") = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./80/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 643 ./strace-static-x86_64: Process 643 attached [pid 643] set_robust_list(0x555594dc86a0, 24) = 0 [pid 643] chdir("./81") = 0 [pid 643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 643] setpgid(0, 0) = 0 executing program [pid 643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 643] write(3, "1000", 4) = 4 [pid 643] close(3) = 0 [pid 643] symlink("/dev/binderfs", "./binderfs") = 0 [pid 643] write(1, "executing program\n", 18) = 18 [pid 643] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 643] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[644]}, 88) = 644 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 643] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 643] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[645]}, 88) = 645 [pid 643] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 643] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 645 attached [pid 645] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 645] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 645] creat("./bus", 000) = 3 [pid 645] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... futex resumed>) = 1 [pid 645] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 645] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... futex resumed>) = 1 [pid 645] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 645] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 643] <... futex resumed>) = 0 [pid 643] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 645] <... futex resumed>) = 1 [pid 645] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 645] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 644 attached [pid 643] <... futex resumed>) = 0 [pid 645] <... futex resumed>) = 1 [pid 644] set_robust_list(0x7fa7fb0989a0, 24 [pid 645] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 644] <... set_robust_list resumed>) = 0 [pid 644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 644] memfd_create("syzkaller", 0) = 5 [pid 644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 644] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 644] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.074237][ T641] loop0: detected capacity change from 0 to 256 [ 124.082087][ T641] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.092763][ T641] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.103113][ T641] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 644] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 644] close(5) = 0 [pid 644] close(6) = 0 [pid 644] mkdir("./file0", 0777) = 0 [pid 644] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 644] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 644] chdir("./file0") = 0 [pid 644] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 644] ioctl(6, LOOP_CLR_FD) = 0 [pid 644] close(6) = 0 [pid 644] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 643] exit_group(0 [pid 645] <... futex resumed>) = ? [pid 643] <... exit_group resumed>) = ? [pid 645] +++ exited with 0 +++ [pid 644] +++ exited with 0 +++ [pid 643] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=643, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/bus") = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 646 ./strace-static-x86_64: Process 646 attached [pid 646] set_robust_list(0x555594dc86a0, 24) = 0 [pid 646] chdir("./82") = 0 [pid 646] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 646] setpgid(0, 0) = 0 [pid 646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 646] write(3, "1000", 4) = 4 [pid 646] close(3) = 0 [pid 646] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 646] write(1, "executing program\n", 18) = 18 [pid 646] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 646] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[647]}, 88) = 647 [pid 646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 646] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 646] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 646] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[648]}, 88) = 648 [pid 646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 646] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 648 attached [pid 648] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 648] creat("./bus", 000) = 3 [pid 648] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 0 [pid 646] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... futex resumed>) = 1 [pid 648] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 648] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 0 [pid 646] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... futex resumed>) = 1 [pid 648] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 648] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 0 [pid 646] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 646] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 648] <... futex resumed>) = 1 [pid 648] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 648] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 646] <... futex resumed>) = 0 [pid 648] <... futex resumed>) = 1 ./strace-static-x86_64: Process 647 attached [pid 648] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 647] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 647] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 647] memfd_create("syzkaller", 0) = 5 [pid 647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [ 124.139608][ T644] loop0: detected capacity change from 0 to 256 [ 124.147370][ T644] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.157839][ T644] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.168387][ T644] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 647] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 647] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 647] close(5) = 0 [pid 647] close(6) = 0 [pid 647] mkdir("./file0", 0777) = 0 [pid 647] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 647] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 647] chdir("./file0") = 0 [pid 647] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 647] ioctl(6, LOOP_CLR_FD) = 0 [pid 647] close(6) = 0 [pid 647] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 647] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 646] exit_group(0 [pid 648] <... futex resumed>) = ? [pid 646] <... exit_group resumed>) = ? [pid 648] +++ exited with 0 +++ [pid 647] <... futex resumed>) = ? [pid 647] +++ exited with 0 +++ [pid 646] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=646, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/bus") = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 649 ./strace-static-x86_64: Process 649 attached [pid 649] set_robust_list(0x555594dc86a0, 24) = 0 [pid 649] chdir("./83") = 0 [pid 649] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 649] setpgid(0, 0) = 0 [pid 649] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 649] write(3, "1000", 4) = 4 [pid 649] close(3) = 0 [pid 649] symlink("/dev/binderfs", "./binderfs") = 0 [pid 649] write(1, "executing program\n", 18executing program ) = 18 [pid 649] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 649] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 649] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[650]}, 88) = 650 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 649] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 649] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 649] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[651]}, 88) = 651 [pid 649] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 649] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 651 attached [pid 651] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 651] creat("./bus", 000) = 3 [pid 651] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 1 [pid 651] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 651] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 1 [pid 651] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 651] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 649] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 649] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 651] <... futex resumed>) = 1 [pid 651] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 651] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 649] <... futex resumed>) = 0 [pid 651] <... futex resumed>) = 1 [pid 651] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 650 attached [pid 650] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 650] memfd_create("syzkaller", 0) = 5 [pid 650] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 650] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 650] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.205246][ T647] loop0: detected capacity change from 0 to 256 [ 124.212665][ T647] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.223387][ T647] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.233908][ T647] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 650] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 650] close(5) = 0 [pid 650] close(6) = 0 [pid 650] mkdir("./file0", 0777) = 0 [pid 650] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 650] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 650] chdir("./file0") = 0 [pid 650] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 650] ioctl(6, LOOP_CLR_FD) = 0 [pid 650] close(6) = 0 [pid 650] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 650] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 649] exit_group(0) = ? [pid 650] <... futex resumed>) = ? [pid 650] +++ exited with 0 +++ [pid 651] <... futex resumed>) = ? [pid 651] +++ exited with 0 +++ [pid 649] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=649, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/bus") = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 652 ./strace-static-x86_64: Process 652 attached [pid 652] set_robust_list(0x555594dc86a0, 24) = 0 [pid 652] chdir("./84") = 0 [pid 652] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 652] setpgid(0, 0) = 0 [pid 652] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 652] write(3, "1000", 4) = 4 [pid 652] close(3) = 0 [pid 652] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 652] write(1, "executing program\n", 18) = 18 [pid 652] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 652] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 652] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[653]}, 88) = 653 [pid 652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 652] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 652] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 652] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 652] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[654]}, 88) = 654 [pid 652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 652] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 654 attached [pid 654] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 654] creat("./bus", 000) = 3 [pid 654] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 654] <... futex resumed>) = 1 [pid 654] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 654] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 654] <... futex resumed>) = 1 [pid 654] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 654] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 652] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 652] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 654] <... futex resumed>) = 1 [pid 654] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 654] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] <... futex resumed>) = 0 [pid 654] <... futex resumed>) = 1 [pid 654] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 653 attached [pid 653] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 653] memfd_create("syzkaller", 0) = 5 [pid 653] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 653] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 653] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.269525][ T650] loop0: detected capacity change from 0 to 256 [ 124.277075][ T650] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.287559][ T650] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.298164][ T650] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 653] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 653] close(5) = 0 [pid 653] close(6) = 0 [pid 653] mkdir("./file0", 0777) = 0 [pid 653] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 653] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 653] chdir("./file0") = 0 [pid 653] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 653] ioctl(6, LOOP_CLR_FD) = 0 [pid 653] close(6) = 0 [pid 653] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 652] exit_group(0) = ? [pid 653] <... futex resumed>) = ? [pid 653] +++ exited with 0 +++ [pid 654] <... futex resumed>) = ? [pid 654] +++ exited with 0 +++ [pid 652] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=652, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/bus") = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 655 ./strace-static-x86_64: Process 655 attached [pid 655] set_robust_list(0x555594dc86a0, 24) = 0 [pid 655] chdir("./85") = 0 [pid 655] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 655] setpgid(0, 0) = 0 [pid 655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 655] write(3, "1000", 4) = 4 [pid 655] close(3) = 0 [pid 655] symlink("/dev/binderfs", "./binderfs") = 0 [pid 655] write(1, "executing program\n", 18) = 18 [pid 655] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 655] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[656]}, 88) = 656 [pid 655] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 655] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 656 attached [pid 656] set_robust_list(0x7fa7fb0989a0, 24 [pid 655] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 656] <... set_robust_list resumed>) = 0 [pid 656] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 656] memfd_create("syzkaller", 0 [pid 655] <... futex resumed>) = 0 [pid 656] <... memfd_create resumed>) = 3 [pid 655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 656] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c78000 [pid 655] <... mmap resumed>) = 0x7fa7f2c57000 [pid 655] mprotect(0x7fa7f2c58000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 655] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 656] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7f2c77990, parent_tid=0x7fa7f2c77990, exit_signal=0, stack=0x7fa7f2c57000, stack_size=0x20300, tls=0x7fa7f2c776c0} => {parent_tid=[657]}, 88) = 657 [pid 655] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 657 attached [pid 656] <... write resumed>) = 131072 [pid 656] munmap(0x7fa7f2c78000, 138412032 [pid 655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 655] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] set_robust_list(0x7fa7f2c779a0, 24 [pid 656] <... munmap resumed>) = 0 [pid 657] <... set_robust_list resumed>) = 0 [ 124.336739][ T653] loop0: detected capacity change from 0 to 256 [ 124.344785][ T653] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.355513][ T653] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.365599][ T653] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 657] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 656] <... openat resumed>) = 4 [pid 657] creat("./bus", 000 [pid 656] ioctl(4, LOOP_SET_FD, 3 [pid 657] <... creat resumed>) = 5 [pid 657] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 657] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 657] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 655] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 657] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 657] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 655] <... futex resumed>) = 0 [pid 657] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 656] <... ioctl resumed>) = 0 [pid 656] close(3) = 0 [pid 656] close(4) = 0 [pid 656] mkdir("./file0", 0777) = 0 [pid 656] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 656] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 656] chdir("./file0") = 0 [pid 656] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 656] ioctl(4, LOOP_CLR_FD) = 0 [pid 656] close(4) = 0 [pid 656] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 655] exit_group(0 [pid 657] <... futex resumed>) = ? [pid 655] <... exit_group resumed>) = ? [pid 657] +++ exited with 0 +++ [pid 656] +++ exited with 0 +++ [pid 655] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=655, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/bus") = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 658 ./strace-static-x86_64: Process 658 attached [pid 658] set_robust_list(0x555594dc86a0, 24) = 0 [pid 658] chdir("./86") = 0 [pid 658] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 658] setpgid(0, 0) = 0 [pid 658] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 658] write(3, "1000", 4) = 4 [pid 658] close(3) = 0 [pid 658] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 658] write(1, "executing program\n", 18) = 18 [pid 658] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 658] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 658] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 658] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[659]}, 88) = 659 [pid 658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 658] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 658] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 658] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 659 attached [], 8) = 0 [pid 659] set_robust_list(0x7fa7fb0989a0, 24 [pid 658] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 660 attached [pid 659] <... set_robust_list resumed>) = 0 [pid 659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 660] set_robust_list(0x7fa7fb0779a0, 24 [pid 658] <... clone3 resumed> => {parent_tid=[660]}, 88) = 660 [pid 659] memfd_create("syzkaller", 0 [pid 658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 660] <... set_robust_list resumed>) = 0 [pid 658] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 660] rt_sigprocmask(SIG_SETMASK, [], [pid 659] <... memfd_create resumed>) = 3 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 660] creat("./bus", 000 [pid 659] <... mmap resumed>) = 0x7fa7f2c57000 [pid 660] <... creat resumed>) = 4 [pid 660] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 660] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 659] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 658] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] <... mount resumed>) = 0 [pid 660] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 659] <... write resumed>) = 131072 [pid 659] munmap(0x7fa7f2c57000, 138412032 [pid 660] <... futex resumed>) = 1 [pid 659] <... munmap resumed>) = 0 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 660] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 658] <... futex resumed>) = 0 [pid 658] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 658] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 660] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 660] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 658] <... futex resumed>) = 0 [ 124.400797][ T656] loop0: detected capacity change from 0 to 256 [ 124.409002][ T656] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.419521][ T656] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.430182][ T656] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 660] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 659] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 659] close(3) = 0 [pid 659] close(6) = 0 [pid 659] mkdir("./file0", 0777) = 0 [pid 659] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 659] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 659] chdir("./file0") = 0 [pid 659] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 659] ioctl(6, LOOP_CLR_FD) = 0 [pid 659] close(6) = 0 [pid 659] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 659] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 658] exit_group(0 [pid 660] <... futex resumed>) = ? [pid 658] <... exit_group resumed>) = ? [pid 660] +++ exited with 0 +++ [pid 659] <... futex resumed>) = ? [pid 659] +++ exited with 0 +++ [pid 658] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=658, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/bus") = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 661 ./strace-static-x86_64: Process 661 attached [pid 661] set_robust_list(0x555594dc86a0, 24) = 0 [pid 661] chdir("./87") = 0 [pid 661] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 661] setpgid(0, 0) = 0 [pid 661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 661] write(3, "1000", 4) = 4 [pid 661] close(3) = 0 [pid 661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 661] write(1, "executing program\n", 18executing program ) = 18 [pid 661] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 661] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 662 attached => {parent_tid=[662]}, 88) = 662 [pid 662] set_robust_list(0x7fa7fb0989a0, 24 [pid 661] rt_sigprocmask(SIG_SETMASK, [], [pid 662] <... set_robust_list resumed>) = 0 [pid 661] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 662] rt_sigprocmask(SIG_SETMASK, [], [pid 661] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 662] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] memfd_create("syzkaller", 0 [pid 661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 662] <... memfd_create resumed>) = 3 [pid 661] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 661] rt_sigprocmask(SIG_BLOCK, ~[], [pid 662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 661] <... rt_sigprocmask resumed>[], 8) = 0 [pid 661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 662] <... mmap resumed>) = 0x7fa7f2c57000 [pid 661] <... clone3 resumed> => {parent_tid=[663]}, 88) = 663 [pid 661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 661] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 663 attached [pid 663] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 663] creat("./bus", 000) = 4 [pid 663] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 663] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 663] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 661] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 661] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 663] <... futex resumed>) = 1 [pid 663] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 663] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 661] <... futex resumed>) = 0 [pid 663] <... futex resumed>) = 1 [pid 663] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 124.468833][ T659] loop0: detected capacity change from 0 to 256 [ 124.476157][ T659] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.486837][ T659] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.497166][ T659] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 662] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 662] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 662] close(3) = 0 [pid 662] close(6) = 0 [pid 662] mkdir("./file0", 0777) = 0 [ 124.558124][ T662] loop0: detected capacity change from 0 to 256 [ 124.576571][ T662] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.587121][ T662] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 662] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 662] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 662] chdir("./file0") = 0 [pid 662] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 662] ioctl(6, LOOP_CLR_FD) = 0 [pid 662] close(6) = 0 [pid 662] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 662] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 661] exit_group(0 [pid 663] <... futex resumed>) = ? [pid 661] <... exit_group resumed>) = ? [pid 663] +++ exited with 0 +++ [pid 662] <... futex resumed>) = ? [pid 662] +++ exited with 0 +++ [pid 661] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=661, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/bus") = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 664 ./strace-static-x86_64: Process 664 attached [pid 664] set_robust_list(0x555594dc86a0, 24) = 0 [pid 664] chdir("./88") = 0 [pid 664] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 664] setpgid(0, 0) = 0 [pid 664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 664] write(3, "1000", 4) = 4 [pid 664] close(3) = 0 [pid 664] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 664] write(1, "executing program\n", 18) = 18 [pid 664] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 664] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[665]}, 88) = 665 [pid 664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 664] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 664] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[666]}, 88) = 666 [pid 664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 664] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 666 attached [pid 666] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 666] creat("./bus", 000) = 3 [pid 666] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 666] <... futex resumed>) = 1 [pid 666] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 666] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 666] <... futex resumed>) = 1 [pid 666] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 666] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... futex resumed>) = 0 [pid 664] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 664] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 666] <... futex resumed>) = 1 [pid 666] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 666] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 664] <... futex resumed>) = 0 [pid 666] <... futex resumed>) = 1 [pid 666] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 665 attached [pid 665] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 665] memfd_create("syzkaller", 0) = 5 [pid 665] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 665] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 665] munmap(0x7fa7f2c57000, 138412032) = 0 [ 124.597561][ T662] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 665] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 665] close(5) = 0 [pid 665] close(6) = 0 [pid 665] mkdir("./file0", 0777) = 0 [pid 665] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 665] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 665] chdir("./file0") = 0 [pid 665] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 665] ioctl(6, LOOP_CLR_FD) = 0 [pid 665] close(6) = 0 [pid 665] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 665] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 664] exit_group(0 [pid 666] <... futex resumed>) = ? [pid 664] <... exit_group resumed>) = ? [pid 666] +++ exited with 0 +++ [pid 665] <... futex resumed>) = ? [pid 665] +++ exited with 0 +++ [pid 664] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=664, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/bus") = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88"executing program ) = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 667 ./strace-static-x86_64: Process 667 attached [pid 667] set_robust_list(0x555594dc86a0, 24) = 0 [pid 667] chdir("./89") = 0 [pid 667] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 667] setpgid(0, 0) = 0 [pid 667] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 667] write(3, "1000", 4) = 4 [pid 667] close(3) = 0 [pid 667] symlink("/dev/binderfs", "./binderfs") = 0 [pid 667] write(1, "executing program\n", 18) = 18 [pid 667] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 667] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 667] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[668]}, 88) = 668 [pid 667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 667] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 667] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 667] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 667] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[669]}, 88) = 669 [pid 667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 667] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 669 attached [pid 669] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 669] creat("./bus", 000) = 3 [pid 669] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] <... futex resumed>) = 1 [pid 669] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 669] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] <... futex resumed>) = 1 [pid 669] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 669] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 667] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 667] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 669] <... futex resumed>) = 1 [pid 669] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 669] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 667] <... futex resumed>) = 0 [pid 669] <... futex resumed>) = 1 [pid 669] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 668 attached [pid 668] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 668] memfd_create("syzkaller", 0) = 5 [pid 668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 668] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 668] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.633597][ T665] loop0: detected capacity change from 0 to 256 [ 124.641587][ T665] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.652215][ T665] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.662954][ T665] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 668] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 668] close(5) = 0 [pid 668] close(6) = 0 [pid 668] mkdir("./file0", 0777) = 0 [pid 668] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 668] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 668] chdir("./file0") = 0 [pid 668] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 668] ioctl(6, LOOP_CLR_FD) = 0 [pid 668] close(6) = 0 [pid 668] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 668] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 667] exit_group(0 [pid 669] <... futex resumed>) = ? [pid 667] <... exit_group resumed>) = ? [pid 669] +++ exited with 0 +++ [pid 668] <... futex resumed>) = ? [pid 668] +++ exited with 0 +++ [pid 667] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=667, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/bus") = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 670 ./strace-static-x86_64: Process 670 attached [pid 670] set_robust_list(0x555594dc86a0, 24) = 0 [pid 670] chdir("./90") = 0 [pid 670] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 670] setpgid(0, 0) = 0 [pid 670] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 670] write(3, "1000", 4) = 4 [pid 670] close(3) = 0 [pid 670] symlink("/dev/binderfs", "./binderfs") = 0 [pid 670] write(1, "executing program\n", 18) = 18 [pid 670] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 670] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 670] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[671]}, 88) = 671 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 670] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 670] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 670] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[672]}, 88) = 672 [pid 670] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 670] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 672 attached [pid 672] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 672] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 672] creat("./bus", 000) = 3 [pid 672] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 672] <... futex resumed>) = 1 [pid 672] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 672] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 672] <... futex resumed>) = 1 [pid 672] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 672] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] <... futex resumed>) = 0 [pid 670] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 670] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 672] <... futex resumed>) = 1 [pid 672] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 672] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 670] <... futex resumed>) = 0 [pid 672] <... futex resumed>) = 1 [pid 672] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 671 attached [pid 671] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 671] memfd_create("syzkaller", 0) = 5 [pid 671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 671] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 671] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.699851][ T668] loop0: detected capacity change from 0 to 256 [ 124.707658][ T668] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.718220][ T668] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.729082][ T668] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 671] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 671] close(5) = 0 [pid 671] close(6) = 0 [pid 671] mkdir("./file0", 0777) = 0 [pid 671] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 671] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 671] chdir("./file0") = 0 [pid 671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 671] ioctl(6, LOOP_CLR_FD) = 0 [pid 671] close(6) = 0 [pid 671] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 671] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 670] exit_group(0 [pid 672] <... futex resumed>) = ? [pid 670] <... exit_group resumed>) = ? [pid 672] +++ exited with 0 +++ [pid 671] <... futex resumed>) = ? [pid 671] +++ exited with 0 +++ [pid 670] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=670, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/bus") = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 674 ./strace-static-x86_64: Process 674 attached [pid 674] set_robust_list(0x555594dc86a0, 24) = 0 [pid 674] chdir("./91") = 0 [pid 674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 674] setpgid(0, 0) = 0 [pid 674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 674] write(3, "1000", 4) = 4 [pid 674] close(3) = 0 [pid 674] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 674] write(1, "executing program\n", 18) = 18 [pid 674] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 674] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[675]}, 88) = 675 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 674] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[676]}, 88) = 676 [pid 674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 674] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 676 attached [pid 676] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 676] creat("./bus", 000) = 3 [pid 676] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 676] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 676] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 674] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 674] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 676] <... futex resumed>) = 1 [pid 676] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 676] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 674] <... futex resumed>) = 0 [pid 676] <... futex resumed>) = 1 [pid 676] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 675 attached [pid 675] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 675] memfd_create("syzkaller", 0) = 5 [pid 675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 675] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [ 124.766712][ T671] loop0: detected capacity change from 0 to 256 [ 124.774251][ T671] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.784987][ T671] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.795574][ T671] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 675] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 675] close(5) = 0 [pid 675] close(6) = 0 [pid 675] mkdir("./file0", 0777) = 0 [pid 675] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 675] chdir("./file0") = 0 [pid 675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 675] ioctl(6, LOOP_CLR_FD) = 0 [pid 675] close(6) = 0 [pid 675] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 675] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 674] exit_group(0) = ? [pid 675] <... futex resumed>) = ? [pid 675] +++ exited with 0 +++ [pid 676] <... futex resumed>) = ? [pid 676] +++ exited with 0 +++ [pid 674] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=674, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/bus") = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 677 ./strace-static-x86_64: Process 677 attached [pid 677] set_robust_list(0x555594dc86a0, 24) = 0 [pid 677] chdir("./92") = 0 [pid 677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 677] setpgid(0, 0executing program ) = 0 [pid 677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 677] write(3, "1000", 4) = 4 [pid 677] close(3) = 0 [pid 677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 677] write(1, "executing program\n", 18) = 18 [pid 677] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 677] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 678 attached => {parent_tid=[678]}, 88) = 678 [pid 677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 677] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 677] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[679]}, 88) = 679 [pid 677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 677] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 678] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 678] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 678] memfd_create("syzkaller", 0) = 3 [pid 678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 679 attached [ 124.846415][ T675] loop0: detected capacity change from 0 to 256 [ 124.853990][ T675] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.864621][ T675] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.875186][ T675] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 679] set_robust_list(0x7fa7fb0779a0, 24 [pid 678] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 678] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 678] ioctl(4, LOOP_SET_FD, 3 [pid 679] <... set_robust_list resumed>) = 0 [pid 679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 679] creat("./bus", 000) = 5 [pid 679] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 679] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] <... futex resumed>) = 0 [pid 677] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 677] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 0 [pid 679] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 678] <... ioctl resumed>) = 0 [pid 679] <... mount resumed>) = 0 [pid 678] close(3 [pid 679] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 677] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 1 [pid 679] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 679] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 677] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 677] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 679] <... futex resumed>) = 1 [pid 679] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 679] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 677] <... futex resumed>) = 0 [pid 678] <... close resumed>) = 0 [pid 679] <... futex resumed>) = 1 [pid 678] close(4) = 0 [pid 678] mkdir("./file0", 0777) = 0 [pid 678] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 679] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 678] <... mount resumed>) = 0 [pid 678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 678] chdir("./file0") = 0 [pid 678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 678] ioctl(4, LOOP_CLR_FD) = 0 [pid 678] close(4) = 0 [pid 678] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 678] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 677] exit_group(0 [pid 679] <... futex resumed>) = ? [pid 677] <... exit_group resumed>) = ? [pid 679] +++ exited with 0 +++ [pid 678] <... futex resumed>) = ? [pid 678] +++ exited with 0 +++ [pid 677] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=677, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/bus") = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 680 attached , child_tidptr=0x555594dc8690) = 680 [pid 680] set_robust_list(0x555594dc86a0, 24) = 0 [pid 680] chdir("./93") = 0 [pid 680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 680] setpgid(0, 0) = 0 [pid 680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 680] write(3, "1000", 4) = 4 [pid 680] close(3) = 0 [pid 680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 680] write(1, "executing program\n", 18executing program ) = 18 [pid 680] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 680] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 681 attached => {parent_tid=[681]}, 88) = 681 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 680] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[682]}, 88) = 682 ./strace-static-x86_64: Process 682 attached [pid 681] set_robust_list(0x7fa7fb0989a0, 24 [pid 680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 680] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 682] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 682] creat("./bus", 000 [pid 681] <... set_robust_list resumed>) = 0 [pid 681] rt_sigprocmask(SIG_SETMASK, [], [pid 682] <... creat resumed>) = 3 [pid 682] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 682] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 681] memfd_create("syzkaller", 0 [pid 682] <... futex resumed>) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 681] <... memfd_create resumed>) = 4 [pid 682] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 680] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 680] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 682] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 682] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 680] <... futex resumed>) = 0 [pid 682] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 681] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 681] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.909113][ T678] loop0: detected capacity change from 0 to 256 [ 124.918833][ T678] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.929313][ T678] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 124.939939][ T678] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 681] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 681] close(4) = 0 [pid 681] close(6) = 0 [pid 681] mkdir("./file0", 0777) = 0 [pid 681] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 681] chdir("./file0") = 0 [pid 681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 681] ioctl(6, LOOP_CLR_FD) = 0 [pid 681] close(6) = 0 [pid 681] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 681] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 680] exit_group(0) = ? [pid 681] <... futex resumed>) = ? [pid 681] +++ exited with 0 +++ [pid 682] <... futex resumed>) = ? [pid 682] +++ exited with 0 +++ [pid 680] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=680, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/bus") = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 683 ./strace-static-x86_64: Process 683 attached [pid 683] set_robust_list(0x555594dc86a0, 24) = 0 [pid 683] chdir("./94") = 0 [pid 683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 683] setpgid(0, 0) = 0 [pid 683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 683] write(3, "1000", 4) = 4 [pid 683] close(3) = 0 [pid 683] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 683] write(1, "executing program\n", 18) = 18 [pid 683] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 683] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[684]}, 88) = 684 [pid 683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 683] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 683] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[685]}, 88) = 685 [pid 683] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 683] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 685 attached [pid 685] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 685] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 685] creat("./bus", 000) = 3 [pid 685] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 683] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 685] <... futex resumed>) = 1 [pid 685] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 685] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 683] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 685] <... futex resumed>) = 1 [pid 685] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 685] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 683] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 683] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 685] <... futex resumed>) = 1 [pid 685] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 685] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 683] <... futex resumed>) = 0 [pid 685] <... futex resumed>) = 1 [pid 685] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 684 attached [pid 684] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 684] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 684] memfd_create("syzkaller", 0) = 5 [pid 684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 684] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 684] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 124.980720][ T681] loop0: detected capacity change from 0 to 256 [ 124.988513][ T681] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.999038][ T681] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.009715][ T681] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 684] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 684] close(5) = 0 [pid 684] close(6) = 0 [pid 684] mkdir("./file0", 0777) = 0 [pid 684] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 684] chdir("./file0") = 0 [pid 684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 684] ioctl(6, LOOP_CLR_FD) = 0 [pid 684] close(6) = 0 [pid 684] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 684] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 683] exit_group(0 [pid 685] <... futex resumed>) = ? [pid 683] <... exit_group resumed>) = ? [pid 685] +++ exited with 0 +++ [pid 684] <... futex resumed>) = ? [pid 684] +++ exited with 0 +++ [pid 683] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=683, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/bus") = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 686 ./strace-static-x86_64: Process 686 attached [pid 686] set_robust_list(0x555594dc86a0, 24) = 0 [pid 686] chdir("./95") = 0 [pid 686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 686] setpgid(0, 0) = 0 [pid 686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 686] write(3, "1000", 4) = 4 [pid 686] close(3) = 0 [pid 686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 686] write(1, "executing program\n", 18) = 18 [pid 686] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 686] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[687]}, 88) = 687 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 686] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[688]}, 88) = 688 [pid 686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 686] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 688 attached [pid 688] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 688] creat("./bus", 000) = 3 [pid 688] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 688] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 688] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 686] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 686] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 688] <... futex resumed>) = 1 [pid 688] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 688] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 686] <... futex resumed>) = 0 [pid 688] <... futex resumed>) = 1 [pid 688] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 687 attached [pid 687] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 687] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 687] memfd_create("syzkaller", 0) = 5 [pid 687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 687] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 687] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.048816][ T684] loop0: detected capacity change from 0 to 256 [ 125.056213][ T684] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.066791][ T684] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.077448][ T684] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 687] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 687] close(5) = 0 [pid 687] close(6) = 0 [pid 687] mkdir("./file0", 0777) = 0 [pid 687] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 687] chdir("./file0") = 0 [pid 687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 687] ioctl(6, LOOP_CLR_FD) = 0 [pid 687] close(6) = 0 [pid 687] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 687] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 686] exit_group(0 [pid 688] <... futex resumed>) = ? [pid 686] <... exit_group resumed>) = ? [pid 688] +++ exited with 0 +++ [pid 687] <... futex resumed>) = ? [pid 687] +++ exited with 0 +++ [pid 686] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=686, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/bus") = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 689 ./strace-static-x86_64: Process 689 attached [pid 689] set_robust_list(0x555594dc86a0, 24) = 0 [pid 689] chdir("./96") = 0 [pid 689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 689] setpgid(0, 0) = 0 executing program [pid 689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 689] write(3, "1000", 4) = 4 [pid 689] close(3) = 0 [pid 689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 689] write(1, "executing program\n", 18) = 18 [pid 689] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 689] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[690]}, 88) = 690 [pid 689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 689] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 689] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[691]}, 88) = 691 [pid 689] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 689] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 691 attached [pid 691] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 691] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 691] creat("./bus", 000) = 3 [pid 691] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 691] <... futex resumed>) = 1 [pid 691] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 691] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 691] <... futex resumed>) = 1 [pid 691] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 691] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 689] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 689] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 691] <... futex resumed>) = 1 [pid 691] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 691] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = 1 [pid 691] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 690 attached [pid 690] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 690] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 690] memfd_create("syzkaller", 0) = 5 [pid 690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 690] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 690] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.113276][ T687] loop0: detected capacity change from 0 to 256 [ 125.120998][ T687] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.131528][ T687] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.142127][ T687] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 690] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 690] close(5) = 0 [pid 690] close(6) = 0 [pid 690] mkdir("./file0", 0777) = 0 [pid 690] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 690] chdir("./file0") = 0 [pid 690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 690] ioctl(6, LOOP_CLR_FD) = 0 [pid 690] close(6) = 0 [pid 690] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 689] exit_group(0 [pid 690] <... futex resumed>) = 0 [pid 691] <... futex resumed>) = ? [pid 689] <... exit_group resumed>) = ? [pid 691] +++ exited with 0 +++ [pid 690] +++ exited with 0 +++ [pid 689] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=689, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/bus") = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 692 ./strace-static-x86_64: Process 692 attached [pid 692] set_robust_list(0x555594dc86a0, 24) = 0 [pid 692] chdir("./97") = 0 [pid 692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 692] setpgid(0, 0) = 0 [pid 692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 692] write(3, "1000", 4) = 4 [pid 692] close(3) = 0 [pid 692] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 692] write(1, "executing program\n", 18) = 18 [pid 692] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 692] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[693]}, 88) = 693 [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [ 125.178960][ T690] loop0: detected capacity change from 0 to 256 [ 125.186506][ T690] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.197040][ T690] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.207593][ T690] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 692] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 693 attached ) = 0 [pid 693] set_robust_list(0x7fa7fb0989a0, 24 [pid 692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 694 attached [pid 693] <... set_robust_list resumed>) = 0 [pid 693] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] <... clone3 resumed> => {parent_tid=[694]}, 88) = 694 [pid 692] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 692] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 693] memfd_create("syzkaller", 0) = 3 [pid 693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 694] set_robust_list(0x7fa7fb0779a0, 24 [pid 693] <... mmap resumed>) = 0x7fa7f2c57000 [pid 694] <... set_robust_list resumed>) = 0 [pid 694] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 694] creat("./bus", 000) = 4 [pid 694] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 692] <... futex resumed>) = 0 [pid 694] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 692] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... mount resumed>) = 0 [pid 694] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 692] <... futex resumed>) = 0 [pid 694] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 692] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 692] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... open resumed>) = 5 [pid 694] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 692] <... futex resumed>) = 0 [pid 692] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 694] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 694] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 692] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 694] <... futex resumed>) = 0 [pid 692] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 694] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 693] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 693] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 693] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 693] close(3) = 0 [pid 693] close(6) = 0 [pid 693] mkdir("./file0", 0777) = 0 [ 125.270442][ T693] loop0: detected capacity change from 0 to 256 [ 125.279004][ T693] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.289570][ T693] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.298312][ T28] audit: type=1400 audit(1744812748.029:75): avc: denied { remove_name } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [pid 693] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 693] chdir("./file0") = 0 [pid 693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 693] ioctl(6, LOOP_CLR_FD) = 0 [pid 693] close(6) = 0 [pid 693] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 693] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 692] exit_group(0) = ? [pid 693] <... futex resumed>) = ? [pid 693] +++ exited with 0 +++ [pid 694] <... futex resumed>) = ? [pid 694] +++ exited with 0 +++ [pid 692] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=692, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/bus") = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./97/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 695 ./strace-static-x86_64: Process 695 attached [pid 695] set_robust_list(0x555594dc86a0, 24) = 0 [pid 695] chdir("./98") = 0 [pid 695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 695] setpgid(0, 0) = 0 [pid 695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 695] write(3, "1000", 4) = 4 [pid 695] close(3) = 0 [pid 695] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 695] write(1, "executing program\n", 18) = 18 [pid 695] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 695] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[696]}, 88) = 696 [pid 695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 695] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 695] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[697]}, 88) = 697 [pid 695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 695] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 697 attached [pid 697] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 697] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 696 attached [pid 697] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... futex resumed>) = 1 [pid 697] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 696] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 696] memfd_create("syzkaller", 0 [pid 697] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... futex resumed>) = 1 [pid 697] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 696] <... memfd_create resumed>) = 5 [pid 697] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 695] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 697] <... futex resumed>) = 1 [pid 697] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 697] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 697] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 695] <... futex resumed>) = 0 [pid 697] <... futex resumed>) = 1 [pid 697] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 696] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 696] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.300847][ T693] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 125.320761][ T28] audit: type=1400 audit(1744812748.029:76): avc: denied { rename } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [pid 696] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 696] close(5) = 0 [pid 696] close(6) = 0 [pid 696] mkdir("./file0", 0777) = 0 [pid 696] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 696] chdir("./file0") = 0 [pid 696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 696] ioctl(6, LOOP_CLR_FD) = 0 [pid 696] close(6) = 0 [pid 696] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 695] exit_group(0 [pid 697] <... futex resumed>) = ? [pid 695] <... exit_group resumed>) = ? [pid 697] +++ exited with 0 +++ [pid 696] +++ exited with 0 +++ [pid 695] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=695, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/bus") = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 698 ./strace-static-x86_64: Process 698 attached [pid 698] set_robust_list(0x555594dc86a0, 24) = 0 [pid 698] chdir("./99") = 0 [pid 698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 698] setpgid(0, 0) = 0 [pid 698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 698] write(3, "1000", 4) = 4 [pid 698] close(3) = 0 [pid 698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 698] write(1, "executing program\n", 18) = 18 [pid 698] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 698] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[699]}, 88) = 699 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 698] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[700]}, 88) = 700 [pid 698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 698] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 699 attached [pid 699] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 699] memfd_create("syzkaller", 0) = 3 [pid 699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 700 attached [pid 700] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 700] rt_sigprocmask(SIG_SETMASK, [], [pid 699] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 700] creat("./bus", 000 [pid 699] <... write resumed>) = 131072 [pid 699] munmap(0x7fa7f2c57000, 138412032 [pid 700] <... creat resumed>) = 4 [pid 700] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 699] <... munmap resumed>) = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 699] ioctl(5, LOOP_SET_FD, 3 [pid 700] <... futex resumed>) = 1 [pid 698] <... futex resumed>) = 0 [pid 698] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 125.384738][ T696] loop0: detected capacity change from 0 to 256 [ 125.393511][ T696] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.403993][ T696] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.414405][ T696] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 700] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 700] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 698] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 1 [pid 700] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 700] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 698] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 698] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 700] <... futex resumed>) = 1 [pid 700] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 700] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 698] <... futex resumed>) = 0 [pid 700] <... futex resumed>) = 1 [pid 700] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 699] <... ioctl resumed>) = 0 [pid 699] close(3) = 0 [pid 699] close(5) = 0 [pid 699] mkdir("./file0", 0777) = 0 [pid 699] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 699] chdir("./file0") = 0 [pid 699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 699] ioctl(5, LOOP_CLR_FD) = 0 [pid 699] close(5) = 0 [pid 699] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 699] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 698] exit_group(0) = ? [pid 699] <... futex resumed>) = ? [pid 699] +++ exited with 0 +++ [pid 700] <... futex resumed>) = ? [pid 700] +++ exited with 0 +++ [pid 698] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=698, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/bus") = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 701 ./strace-static-x86_64: Process 701 attached [pid 701] set_robust_list(0x555594dc86a0, 24) = 0 [pid 701] chdir("./100") = 0 [pid 701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 701] setpgid(0, 0) = 0 [pid 701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 701] write(3, "1000", 4) = 4 [pid 701] close(3) = 0 [pid 701] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 701] write(1, "executing program\n", 18) = 18 [pid 701] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 701] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[702]}, 88) = 702 [pid 701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 701] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 701] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[703]}, 88) = 703 [pid 701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 701] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 703 attached [pid 703] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 703] creat("./bus", 000) = 3 [pid 703] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 703] <... futex resumed>) = 1 [pid 703] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 703] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 703] <... futex resumed>) = 1 [pid 703] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 703] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 701] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 701] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 703] <... futex resumed>) = 1 [pid 703] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 703] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 701] <... futex resumed>) = 0 [pid 703] <... futex resumed>) = 1 [pid 703] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 702 attached [pid 702] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 702] memfd_create("syzkaller", 0) = 5 [pid 702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 702] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 702] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.448493][ T699] loop0: detected capacity change from 0 to 256 [ 125.456595][ T699] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.467143][ T699] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.477465][ T699] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 702] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 702] close(5) = 0 [pid 702] close(6) = 0 [pid 702] mkdir("./file0", 0777) = 0 [pid 702] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 702] chdir("./file0") = 0 [pid 702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 702] ioctl(6, LOOP_CLR_FD) = 0 [pid 702] close(6) = 0 [pid 702] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 702] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 701] exit_group(0 [pid 703] <... futex resumed>) = ? [pid 701] <... exit_group resumed>) = ? [pid 703] +++ exited with 0 +++ [pid 702] <... futex resumed>) = ? [pid 702] +++ exited with 0 +++ [pid 701] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=701, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/bus") = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 704 ./strace-static-x86_64: Process 704 attached [pid 704] set_robust_list(0x555594dc86a0, 24) = 0 [pid 704] chdir("./101") = 0 [pid 704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 704] setpgid(0, 0) = 0 [pid 704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 704] write(3, "1000", 4) = 4 [pid 704] close(3) = 0 [pid 704] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 704] write(1, "executing program\n", 18) = 18 [pid 704] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 704] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[705]}, 88) = 705 [pid 704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 704] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 704] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[706]}, 88) = 706 [pid 704] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 704] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 706 attached [pid 706] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 706] creat("./bus", 000) = 3 [pid 706] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 0 [pid 704] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 706] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 0 [pid 704] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 706] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 0 [pid 704] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 704] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 706] <... futex resumed>) = 1 [pid 706] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 706] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 704] <... futex resumed>) = 0 [pid 706] <... futex resumed>) = 1 [pid 706] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 705 attached [pid 705] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 705] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 705] memfd_create("syzkaller", 0) = 5 [pid 705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 705] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 705] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.515441][ T702] loop0: detected capacity change from 0 to 256 [ 125.523611][ T702] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.534125][ T702] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.544733][ T702] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 705] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 705] close(5) = 0 [pid 705] close(6) = 0 [pid 705] mkdir("./file0", 0777) = 0 [pid 705] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 705] chdir("./file0") = 0 [pid 705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 705] ioctl(6, LOOP_CLR_FD) = 0 [pid 705] close(6) = 0 [pid 705] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 705] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 704] exit_group(0 [pid 706] <... futex resumed>) = ? [pid 704] <... exit_group resumed>) = ? [pid 706] +++ exited with 0 +++ [pid 705] <... futex resumed>) = ? [pid 705] +++ exited with 0 +++ [pid 704] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=704, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/bus") = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 707 ./strace-static-x86_64: Process 707 attached [pid 707] set_robust_list(0x555594dc86a0, 24) = 0 [pid 707] chdir("./102") = 0 [pid 707] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 707] setpgid(0, 0) = 0 [pid 707] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 707] write(3, "1000", 4) = 4 [pid 707] close(3) = 0 [pid 707] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 707] write(1, "executing program\n", 18) = 18 [pid 707] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 707] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 707] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[708]}, 88) = 708 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 707] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 707] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 707] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[709]}, 88) = 709 [pid 707] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 707] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 709 attached [pid 709] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 709] creat("./bus", 000) = 3 [pid 709] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] <... futex resumed>) = 1 [pid 709] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 709] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] <... futex resumed>) = 1 [pid 709] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 709] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 707] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 707] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 709] <... futex resumed>) = 1 [pid 709] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 709] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 707] <... futex resumed>) = 0 [pid 709] <... futex resumed>) = 1 [pid 709] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 708 attached [pid 708] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 708] memfd_create("syzkaller", 0) = 5 [pid 708] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 708] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 708] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.579498][ T705] loop0: detected capacity change from 0 to 256 [ 125.587041][ T705] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.597643][ T705] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.608174][ T705] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 708] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 708] close(5) = 0 [pid 708] close(6) = 0 [pid 708] mkdir("./file0", 0777) = 0 [ 125.646099][ T708] loop0: detected capacity change from 0 to 256 [ 125.663778][ T708] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.674265][ T708] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [pid 708] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 708] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 708] chdir("./file0") = 0 [pid 708] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 708] ioctl(6, LOOP_CLR_FD) = 0 [pid 708] close(6) = 0 [pid 708] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 708] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 707] exit_group(0 [pid 709] <... futex resumed>) = ? [pid 707] <... exit_group resumed>) = ? [pid 709] +++ exited with 0 +++ [pid 708] <... futex resumed>) = ? [pid 708] +++ exited with 0 +++ [pid 707] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=707, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/bus") = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 710 ./strace-static-x86_64: Process 710 attached [pid 710] set_robust_list(0x555594dc86a0, 24) = 0 [pid 710] chdir("./103") = 0 [pid 710] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 710] setpgid(0, 0) = 0 [pid 710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 710] write(3, "1000", 4) = 4 [pid 710] close(3) = 0 [pid 710] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 710] write(1, "executing program\n", 18) = 18 [pid 710] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 710] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 710] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[711]}, 88) = 711 [pid 710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 710] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 710] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[712]}, 88) = 712 [pid 710] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 710] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 711 attached [pid 711] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 711] memfd_create("syzkaller", 0) = 3 [pid 711] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 711] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 711] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 711] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 711] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 711] ioctl(4, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 712 attached [pid 712] set_robust_list(0x7fa7fb0779a0, 24 [pid 711] ioctl(4, LOOP_SET_FD, 3) = -1 EBUSY (Device or resource busy) [pid 711] close(4) = 0 [pid 711] close(3 [pid 712] <... set_robust_list resumed>) = 0 [pid 711] <... close resumed>) = 0 [pid 711] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 711] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 712] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 712] creat("./bus", 000) = 3 [pid 712] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] <... futex resumed>) = 0 [pid 710] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 710] futex(0x7fa7fb1656cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 0 [pid 711] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 711] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = 0 [pid 710] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fa7fb1656cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 1 [pid 711] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 712] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 711] <... open resumed>) = 4 [pid 711] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = 0 [pid 710] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 710] futex(0x7fa7fb1656cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 711] <... futex resumed>) = 1 [pid 711] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 711] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 710] <... futex resumed>) = 0 [pid 710] exit_group(0) = ? [pid 711] <... futex resumed>) = ? [pid 711] +++ exited with 0 +++ [pid 712] <... futex resumed>) = ? [pid 712] +++ exited with 0 +++ [pid 710] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=710, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 4 entries */, 32768) = 104 umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./103/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/bus") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 125.685011][ T708] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 713 ./strace-static-x86_64: Process 713 attached [pid 713] set_robust_list(0x555594dc86a0, 24) = 0 [pid 713] chdir("./104") = 0 [pid 713] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 713] setpgid(0, 0) = 0 [pid 713] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 713] write(3, "1000", 4) = 4 [pid 713] close(3) = 0 [pid 713] symlink("/dev/binderfs", "./binderfs") = 0 [pid 713] write(1, "executing program\n", 18) = 18 [pid 713] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 713] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 713] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 713] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[714]}, 88) = 714 [pid 713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 713] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 714 attached ) = 0x7fa7fb057000 [pid 714] set_robust_list(0x7fa7fb0989a0, 24 [pid 713] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 714] <... set_robust_list resumed>) = 0 [pid 713] <... mprotect resumed>) = 0 [pid 714] rt_sigprocmask(SIG_SETMASK, [], [pid 713] rt_sigprocmask(SIG_BLOCK, ~[], [pid 714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 713] <... rt_sigprocmask resumed>[], 8) = 0 [pid 714] memfd_create("syzkaller", 0 [pid 713] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 715 attached [pid 715] set_robust_list(0x7fa7fb0779a0, 24 [pid 714] <... memfd_create resumed>) = 3 [pid 713] <... clone3 resumed> => {parent_tid=[715]}, 88) = 715 [pid 715] <... set_robust_list resumed>) = 0 [pid 715] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 715] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 714] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 713] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] <... futex resumed>) = 0 [pid 715] creat("./bus", 000) = 4 [pid 715] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 715] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 714] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 713] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 715] <... mount resumed>) = 0 [pid 715] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 715] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 714] <... write resumed>) = 131072 [pid 714] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 714] ioctl(5, LOOP_SET_FD, 3 [pid 715] <... futex resumed>) = 0 [pid 713] <... futex resumed>) = 1 [pid 713] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 713] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 715] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 713] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 715] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 715] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 713] <... futex resumed>) = 0 [pid 715] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 714] <... ioctl resumed>) = 0 [pid 714] close(3) = 0 [pid 714] close(5) = 0 [pid 714] mkdir("./file0", 0777) = 0 [pid 714] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 714] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 714] chdir("./file0") = 0 [pid 714] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 714] ioctl(5, LOOP_CLR_FD) = 0 [pid 714] close(5) = 0 [pid 714] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 713] exit_group(0) = ? [pid 714] +++ exited with 0 +++ [pid 715] <... futex resumed>) = ? [pid 715] +++ exited with 0 +++ [pid 713] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=713, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/bus") = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 716 ./strace-static-x86_64: Process 716 attached [pid 716] set_robust_list(0x555594dc86a0, 24) = 0 [pid 716] chdir("./105") = 0 [pid 716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 716] setpgid(0, 0) = 0 [pid 716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 716] write(3, "1000", 4) = 4 [pid 716] close(3) = 0 [pid 716] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 716] write(1, "executing program\n", 18) = 18 [pid 716] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 716] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[718]}, 88) = 718 [pid 716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 716] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 716] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[719]}, 88) = 719 [pid 716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 716] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 718 attached [pid 718] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 718] memfd_create("syzkaller", 0) = 3 [pid 718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 719 attached [pid 719] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 719] creat("./bus", 000) = 4 [pid 719] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] <... futex resumed>) = 0 [pid 716] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... futex resumed>) = 1 [pid 719] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 719] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] <... futex resumed>) = 0 [pid 716] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... futex resumed>) = 1 [pid 719] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 719] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] <... futex resumed>) = 0 [pid 716] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 716] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 719] <... futex resumed>) = 1 [pid 719] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 719] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 716] <... futex resumed>) = 0 [pid 719] <... futex resumed>) = 1 [pid 719] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 718] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 718] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.748184][ T714] loop0: detected capacity change from 0 to 256 [ 125.756136][ T714] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.767053][ T714] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.777971][ T714] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 718] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 718] close(3) = 0 [pid 718] close(6) = 0 [pid 718] mkdir("./file0", 0777) = 0 [pid 718] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 718] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 718] chdir("./file0") = 0 [pid 718] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 718] ioctl(6, LOOP_CLR_FD) = 0 [pid 718] close(6) = 0 [pid 718] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 718] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 716] exit_group(0) = ? [pid 719] <... futex resumed>) = ? [pid 718] <... futex resumed>) = ? [pid 719] +++ exited with 0 +++ [pid 718] +++ exited with 0 +++ [pid 716] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=716, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/bus") = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./105/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 720 ./strace-static-x86_64: Process 720 attached [pid 720] set_robust_list(0x555594dc86a0, 24) = 0 [pid 720] chdir("./106") = 0 [pid 720] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 720] setpgid(0, 0) = 0 [pid 720] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 720] write(3, "1000", 4) = 4 [pid 720] close(3) = 0 [pid 720] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 720] write(1, "executing program\n", 18) = 18 [pid 720] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 720] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 720] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[721]}, 88) = 721 [pid 720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 720] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 720] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 720] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 720] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[722]}, 88) = 722 [pid 720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 720] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 721 attached [pid 721] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 721] memfd_create("syzkaller", 0) = 3 [pid 721] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 722 attached [pid 722] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 722] rt_sigprocmask(SIG_SETMASK, [], [pid 721] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 722] creat("./bus", 000 [pid 721] <... write resumed>) = 131072 [pid 722] <... creat resumed>) = 4 [pid 721] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 722] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 721] ioctl(5, LOOP_SET_FD, 3 [pid 722] <... futex resumed>) = 1 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 125.816393][ T718] loop0: detected capacity change from 0 to 256 [ 125.824525][ T718] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.835189][ T718] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.845660][ T718] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 722] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 722] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 722] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 720] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 720] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 722] <... futex resumed>) = 1 [pid 722] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 722] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 720] <... futex resumed>) = 0 [pid 722] <... futex resumed>) = 1 [pid 722] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 721] <... ioctl resumed>) = 0 [pid 721] close(3) = 0 [pid 721] close(5) = 0 [pid 721] mkdir("./file0", 0777) = 0 [pid 721] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 721] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 721] chdir("./file0") = 0 [pid 721] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 721] ioctl(5, LOOP_CLR_FD) = 0 [pid 721] close(5) = 0 [pid 721] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 721] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 720] exit_group(0) = ? [pid 722] <... futex resumed>) = ? [pid 722] +++ exited with 0 +++ [pid 721] <... futex resumed>) = ? [pid 721] +++ exited with 0 +++ [pid 720] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=720, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/bus") = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 723 ./strace-static-x86_64: Process 723 attached [pid 723] set_robust_list(0x555594dc86a0, 24) = 0 [pid 723] chdir("./107") = 0 [pid 723] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 723] setpgid(0, 0) = 0 [pid 723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 723] write(3, "1000", 4) = 4 [pid 723] close(3) = 0 [pid 723] symlink("/dev/binderfs", "./binderfs") = 0 [pid 723] write(1, "executing program\n", 18) = 18 [pid 723] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 723] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[724]}, 88) = 724 [pid 723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 723] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 723] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 723] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[725]}, 88) = 725 [pid 723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 723] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 724 attached [pid 724] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 724] memfd_create("syzkaller", 0) = 3 [pid 724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 724] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 724] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 125.880774][ T721] loop0: detected capacity change from 0 to 256 [ 125.889608][ T721] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.900136][ T721] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.910482][ T721] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 724] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 725 attached ) = 0 [pid 725] set_robust_list(0x7fa7fb0779a0, 24 [pid 724] close(3 [pid 725] <... set_robust_list resumed>) = 0 [pid 724] <... close resumed>) = 0 [pid 725] rt_sigprocmask(SIG_SETMASK, [], [pid 724] close(4 [pid 725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 724] <... close resumed>) = 0 [pid 725] creat("./bus", 000 [pid 724] mkdir("./file0", 0777 [pid 725] <... creat resumed>) = 3 [pid 724] <... mkdir resumed>) = 0 [pid 725] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 724] mount("/dev/loop0", "./file0", "exfat", 0, "" [pid 725] <... futex resumed>) = 1 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 725] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] <... futex resumed>) = 1 [pid 725] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 725] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 723] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 723] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 725] <... futex resumed>) = 1 [pid 725] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = 4096 [pid 725] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 723] <... futex resumed>) = 0 [pid 725] <... futex resumed>) = 1 [pid 725] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 724] <... mount resumed>) = -1 EIO (Input/output error) [pid 724] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 724] ioctl(5, LOOP_CLR_FD) = 0 [pid 724] close(5) = 0 [pid 724] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 724] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 723] exit_group(0) = ? [pid 724] <... futex resumed>) = ? [pid 724] +++ exited with 0 +++ [pid 725] <... futex resumed>) = ? [pid 725] +++ exited with 0 +++ [pid 723] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=723, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./107/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/bus") = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3executing program ) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 726 ./strace-static-x86_64: Process 726 attached [pid 726] set_robust_list(0x555594dc86a0, 24) = 0 [pid 726] chdir("./108") = 0 [pid 726] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 726] setpgid(0, 0) = 0 [pid 726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 726] write(3, "1000", 4) = 4 [pid 726] close(3) = 0 [pid 726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 726] write(1, "executing program\n", 18) = 18 [pid 726] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 726] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[727]}, 88) = 727 [pid 726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 726] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 726] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 726] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[728]}, 88) = 728 [pid 726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 726] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 728 attached [pid 728] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 728] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 728] creat("./bus", 000) = 3 [pid 728] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 726] <... futex resumed>) = 0 [pid 726] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... futex resumed>) = 1 [pid 728] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 727 attached [pid 727] set_robust_list(0x7fa7fb0989a0, 24 [pid 728] <... mount resumed>) = 0 [pid 727] <... set_robust_list resumed>) = 0 [pid 728] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 726] <... futex resumed>) = 0 [pid 728] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 726] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 726] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] <... open resumed>) = 4 [pid 728] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 728] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 726] <... futex resumed>) = 0 [pid 727] rt_sigprocmask(SIG_SETMASK, [], [pid 726] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 726] <... futex resumed>) = 1 [pid 728] <... futex resumed>) = 0 [pid 726] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 728] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 727] memfd_create("syzkaller", 0 [pid 728] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 728] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 726] <... futex resumed>) = 0 [pid 728] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 727] <... memfd_create resumed>) = 5 [pid 727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 727] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 727] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 125.942336][ T724] loop0: detected capacity change from 0 to 256 [ 125.951435][ T724] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.962140][ T724] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.970625][ T724] exFAT-fs (loop0): unable to set blocksize 33554432 [ 125.977121][ T724] exFAT-fs (loop0): failed to read boot sector [ 125.983343][ T724] exFAT-fs (loop0): failed to recognize exfat type [pid 727] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 727] close(5) = 0 [pid 727] close(6) = 0 [pid 727] mkdir("./file0", 0777) = 0 [pid 727] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 727] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 727] chdir("./file0") = 0 [pid 727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 727] ioctl(6, LOOP_CLR_FD) = 0 [pid 727] close(6) = 0 [pid 727] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 727] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 726] exit_group(0) = ? [pid 727] <... futex resumed>) = ? [pid 727] +++ exited with 0 +++ [pid 728] <... futex resumed>) = ? [pid 728] +++ exited with 0 +++ [pid 726] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=726, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/bus") = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 729 ./strace-static-x86_64: Process 729 attached [pid 729] set_robust_list(0x555594dc86a0, 24) = 0 [pid 729] chdir("./109") = 0 [pid 729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 729] setpgid(0, 0) = 0 [pid 729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 729] write(3, "1000", 4) = 4 [pid 729] close(3) = 0 [pid 729] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 729] write(1, "executing program\n", 18) = 18 [pid 729] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 729] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[730]}, 88) = 730 ./strace-static-x86_64: Process 730 attached [pid 730] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 730] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 729] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 730] <... futex resumed>) = 0 [pid 730] memfd_create("syzkaller", 0 [pid 729] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 729] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 730] <... memfd_create resumed>) = 3 [pid 729] <... mprotect resumed>) = 0 [pid 730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[731]}, 88) = 731 [pid 729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 731 attached [pid 730] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 729] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 731] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 731] creat("./bus", 000) = 4 [pid 731] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 731] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] <... write resumed>) = 131072 [pid 729] <... futex resumed>) = 1 [pid 731] <... futex resumed>) = 0 [pid 731] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 730] munmap(0x7fa7f2c57000, 138412032 [pid 729] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 126.018646][ T727] loop0: detected capacity change from 0 to 256 [ 126.026990][ T727] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.037778][ T727] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.048124][ T727] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 730] <... munmap resumed>) = 0 [pid 731] <... futex resumed>) = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 731] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 730] <... openat resumed>) = 5 [pid 730] ioctl(5, LOOP_SET_FD, 3 [pid 731] <... mount resumed>) = 0 [pid 729] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 731] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 729] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 729] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 731] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 731] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 729] <... futex resumed>) = 0 [pid 731] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 730] <... ioctl resumed>) = 0 [pid 730] close(3) = 0 [pid 730] close(5) = 0 [pid 730] mkdir("./file0", 0777) = 0 [pid 730] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 730] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 730] chdir("./file0") = 0 [pid 730] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 730] ioctl(5, LOOP_CLR_FD) = 0 [pid 730] close(5) = 0 [pid 730] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 730] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 729] exit_group(0 [pid 731] <... futex resumed>) = ? [pid 729] <... exit_group resumed>) = ? [pid 731] +++ exited with 0 +++ [pid 730] <... futex resumed>) = ? [pid 730] +++ exited with 0 +++ [pid 729] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=729, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/bus") = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 732 ./strace-static-x86_64: Process 732 attached [pid 732] set_robust_list(0x555594dc86a0, 24) = 0 [pid 732] chdir("./110") = 0 [pid 732] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 732] setpgid(0, 0) = 0 [pid 732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 732] write(3, "1000", 4) = 4 [pid 732] close(3) = 0 [pid 732] symlink("/dev/binderfs", "./binderfs") = 0 [pid 732] write(1, "executing program\n", 18executing program ) = 18 [pid 732] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 732] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[733]}, 88) = 733 [pid 732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 732] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 732] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 732] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[734]}, 88) = 734 [pid 732] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 732] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 734 attached [pid 734] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 734] creat("./bus", 000) = 3 [pid 734] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 732] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 734] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 732] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 734] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 732] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 732] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 734] <... futex resumed>) = 1 [pid 734] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 734] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 732] <... futex resumed>) = 0 [pid 734] <... futex resumed>) = 1 [pid 734] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 733 attached [pid 733] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 733] memfd_create("syzkaller", 0) = 5 [pid 733] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 733] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 733] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.087671][ T730] loop0: detected capacity change from 0 to 256 [ 126.096205][ T730] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.106937][ T730] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.118015][ T730] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 733] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 733] close(5) = 0 [pid 733] close(6) = 0 [pid 733] mkdir("./file0", 0777) = 0 [pid 733] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 733] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 733] chdir("./file0") = 0 [pid 733] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 733] ioctl(6, LOOP_CLR_FD) = 0 [pid 733] close(6) = 0 [pid 733] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 733] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 732] exit_group(0) = ? [pid 733] <... futex resumed>) = ? [pid 733] +++ exited with 0 +++ [pid 734] <... futex resumed>) = ? [pid 734] +++ exited with 0 +++ [pid 732] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=732, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/bus") = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 735 ./strace-static-x86_64: Process 735 attached [pid 735] set_robust_list(0x555594dc86a0, 24) = 0 [pid 735] chdir("./111") = 0 [pid 735] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 735] setpgid(0, 0) = 0 [pid 735] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 735] write(3, "1000", 4) = 4 [pid 735] close(3) = 0 [pid 735] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 735] write(1, "executing program\n", 18) = 18 [pid 735] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 735] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 735] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 735] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 736 attached [pid 736] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 736] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] <... clone3 resumed> => {parent_tid=[736]}, 88) = 736 [pid 735] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 735] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 736] <... futex resumed>) = 0 [pid 736] memfd_create("syzkaller", 0 [pid 735] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... memfd_create resumed>) = 3 [pid 736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c78000 [pid 735] <... futex resumed>) = 0 [pid 735] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7f2c57000 [pid 735] mprotect(0x7fa7f2c58000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 735] rt_sigprocmask(SIG_BLOCK, ~[], [pid 736] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 735] <... rt_sigprocmask resumed>[], 8) = 0 [pid 735] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7f2c77990, parent_tid=0x7fa7f2c77990, exit_signal=0, stack=0x7fa7f2c57000, stack_size=0x20300, tls=0x7fa7f2c776c0} => {parent_tid=[737]}, 88) = 737 [pid 735] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 737 attached [pid 736] <... write resumed>) = 131072 [pid 735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 735] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] set_robust_list(0x7fa7f2c779a0, 24) = 0 [pid 737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 737] creat("./bus", 000 [pid 736] munmap(0x7fa7f2c78000, 138412032 [pid 737] <... creat resumed>) = 4 [pid 737] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] <... munmap resumed>) = 0 [pid 737] <... futex resumed>) = 1 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 737] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 735] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 737] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 737] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 735] <... futex resumed>) = 0 [pid 735] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 126.153675][ T733] loop0: detected capacity change from 0 to 256 [ 126.161266][ T733] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.172101][ T733] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.182739][ T733] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 737] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 736] <... openat resumed>) = 6 [pid 736] ioctl(6, LOOP_SET_FD, 3 [pid 737] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 737] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 735] <... futex resumed>) = 0 [pid 737] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 736] <... ioctl resumed>) = 0 [pid 736] close(3) = 0 [pid 736] close(6) = 0 [pid 736] mkdir("./file0", 0777) = 0 [pid 736] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 736] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 736] chdir("./file0") = 0 [pid 736] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 736] ioctl(6, LOOP_CLR_FD) = 0 [pid 736] close(6) = 0 [pid 736] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 736] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 735] exit_group(0) = ? [pid 736] <... futex resumed>) = ? [pid 736] +++ exited with 0 +++ [pid 737] <... futex resumed>) = ? [pid 737] +++ exited with 0 +++ [pid 735] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=735, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/binderfs") = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./111/bus") = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 738 ./strace-static-x86_64: Process 738 attached [pid 738] set_robust_list(0x555594dc86a0, 24) = 0 [pid 738] chdir("./112") = 0 [pid 738] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 738] setpgid(0, 0) = 0 [pid 738] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 738] write(3, "1000", 4) = 4 [pid 738] close(3) = 0 [pid 738] symlink("/dev/binderfs", "./binderfs") = 0 [pid 738] write(1, "executing program\n", 18) = 18 [pid 738] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 738] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 738] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[739]}, 88) = 739 [pid 738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 738] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 738] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 738] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 738] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[740]}, 88) = 740 [pid 738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 738] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 740 attached [pid 740] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 740] creat("./bus", 000) = 3 [pid 740] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 740] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 740] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 738] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 740] <... futex resumed>) = 1 [pid 740] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 740] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 738] <... futex resumed>) = 0 [pid 740] <... futex resumed>) = 1 [pid 740] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 739 attached [pid 739] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 739] memfd_create("syzkaller", 0) = 5 [pid 739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 739] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 739] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.221193][ T736] loop0: detected capacity change from 0 to 256 [ 126.229707][ T736] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.240213][ T736] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.250477][ T736] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 739] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 739] close(5) = 0 [pid 739] close(6) = 0 [pid 739] mkdir("./file0", 0777) = 0 [pid 739] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 739] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 739] chdir("./file0") = 0 [pid 739] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 739] ioctl(6, LOOP_CLR_FD) = 0 [pid 739] close(6) = 0 [pid 739] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 738] exit_group(0) = ? [pid 739] +++ exited with 0 +++ [pid 740] <... futex resumed>) = ? [pid 740] +++ exited with 0 +++ [pid 738] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=738, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/bus") = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 741 ./strace-static-x86_64: Process 741 attached [pid 741] set_robust_list(0x555594dc86a0, 24) = 0 [pid 741] chdir("./113") = 0 [pid 741] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 741] setpgid(0, 0) = 0 [pid 741] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 741] write(3, "1000", 4) = 4 [pid 741] close(3) = 0 [pid 741] symlink("/dev/binderfs", "./binderfs") = 0 [pid 741] write(1, "executing program\n", 18executing program ) = 18 [pid 741] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 741] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 741] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[742]}, 88) = 742 ./strace-static-x86_64: Process 742 attached [pid 741] rt_sigprocmask(SIG_SETMASK, [], [pid 742] set_robust_list(0x7fa7fb0989a0, 24 [pid 741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 741] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... set_robust_list resumed>) = 0 [pid 741] <... futex resumed>) = 0 [pid 742] rt_sigprocmask(SIG_SETMASK, [], [pid 741] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 741] <... futex resumed>) = 0 [pid 742] memfd_create("syzkaller", 0 [pid 741] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 742] <... memfd_create resumed>) = 3 [pid 741] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 742] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 741] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 741] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[743]}, 88) = 743 ./strace-static-x86_64: Process 743 attached [pid 742] <... mmap resumed>) = 0x7fa7f2c57000 [pid 741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 741] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 743] creat("./bus", 000) = 4 [pid 743] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 743] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 743] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 743] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 741] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 741] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 743] <... futex resumed>) = 1 [pid 742] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 743] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 743] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 741] <... futex resumed>) = 0 [pid 743] <... futex resumed>) = 1 [pid 743] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 742] <... write resumed>) = 131072 [pid 742] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.293350][ T739] loop0: detected capacity change from 0 to 256 [ 126.302086][ T739] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.312741][ T739] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.322433][ T739] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 742] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 742] close(3) = 0 [pid 742] close(6) = 0 [pid 742] mkdir("./file0", 0777) = 0 [pid 742] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 742] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 742] chdir("./file0") = 0 [pid 742] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 742] ioctl(6, LOOP_CLR_FD) = 0 [pid 742] close(6) = 0 [pid 742] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 742] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 741] exit_group(0) = ? [pid 743] <... futex resumed>) = ? [pid 742] <... futex resumed>) = ? [pid 742] +++ exited with 0 +++ [pid 743] +++ exited with 0 +++ [pid 741] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=741, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/bus") = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 744 ./strace-static-x86_64: Process 744 attached [pid 744] set_robust_list(0x555594dc86a0, 24) = 0 [pid 744] chdir("./114") = 0 [pid 744] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 744] setpgid(0, 0) = 0 [pid 744] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 744] write(3, "1000", 4) = 4 [pid 744] close(3) = 0 [pid 744] symlink("/dev/binderfs", "./binderfs") = 0 [pid 744] write(1, "executing program\n", 18executing program ) = 18 [pid 744] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 744] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 744] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 744] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[745]}, 88) = 745 [pid 744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 744] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 744] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 744] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 744] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 744] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 744] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[746]}, 88) = 746 [pid 744] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 744] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 744] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 745 attached [pid 745] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 745] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 745] memfd_create("syzkaller", 0) = 3 [pid 745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 746 attached [pid 746] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 746] creat("./bus", 000 [pid 745] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 745] munmap(0x7fa7f2c57000, 138412032 [pid 746] <... creat resumed>) = 4 [pid 745] <... munmap resumed>) = 0 [pid 746] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 745] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 746] <... futex resumed>) = 1 [pid 745] <... openat resumed>) = 5 [pid 746] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] ioctl(5, LOOP_SET_FD, 3 [pid 744] <... futex resumed>) = 0 [pid 744] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 746] <... futex resumed>) = 0 [pid 744] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 746] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 744] <... futex resumed>) = 0 [pid 744] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 744] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... futex resumed>) = 1 [pid 746] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 746] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 744] <... futex resumed>) = 0 [pid 744] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.363307][ T742] loop0: detected capacity change from 0 to 256 [ 126.371275][ T742] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.381995][ T742] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.392501][ T742] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 744] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 746] <... futex resumed>) = 1 [pid 746] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 746] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 744] <... futex resumed>) = 0 [pid 746] <... futex resumed>) = 1 [pid 746] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 745] <... ioctl resumed>) = 0 [pid 745] close(3) = 0 [pid 745] close(5) = 0 [pid 745] mkdir("./file0", 0777) = 0 [pid 745] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 745] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 745] chdir("./file0") = 0 [pid 745] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 745] ioctl(5, LOOP_CLR_FD) = 0 [pid 745] close(5) = 0 [pid 745] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 745] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 744] exit_group(0 [pid 746] <... futex resumed>) = ? [pid 744] <... exit_group resumed>) = ? [pid 746] +++ exited with 0 +++ [pid 745] <... futex resumed>) = ? [pid 745] +++ exited with 0 +++ [pid 744] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=744, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/bus") = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 747 ./strace-static-x86_64: Process 747 attached [pid 747] set_robust_list(0x555594dc86a0, 24) = 0 [pid 747] chdir("./115") = 0 [pid 747] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 747] setpgid(0, 0) = 0 [pid 747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 747] write(3, "1000", 4) = 4 [pid 747] close(3) = 0 [pid 747] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 747] write(1, "executing program\n", 18) = 18 [pid 747] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 747] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[748]}, 88) = 748 [pid 747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 747] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 747] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 747] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[749]}, 88) = 749 [pid 747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 747] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 749 attached [pid 749] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 749] creat("./bus", 000) = 3 [pid 749] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 749] <... futex resumed>) = 1 [pid 749] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 749] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 749] <... futex resumed>) = 1 [pid 749] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 749] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 747] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 747] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 749] <... futex resumed>) = 1 [pid 749] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 749] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 747] <... futex resumed>) = 0 [pid 749] <... futex resumed>) = 1 [pid 749] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 748 attached [pid 748] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 748] memfd_create("syzkaller", 0) = 5 [pid 748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 748] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 748] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.431287][ T745] loop0: detected capacity change from 0 to 256 [ 126.440034][ T745] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.450809][ T745] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.461853][ T745] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 748] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 748] close(5) = 0 [pid 748] close(6) = 0 [pid 748] mkdir("./file0", 0777) = 0 [pid 748] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 748] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 748] chdir("./file0") = 0 [pid 748] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 748] ioctl(6, LOOP_CLR_FD) = 0 [pid 748] close(6) = 0 [pid 748] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 748] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 747] exit_group(0 [pid 749] <... futex resumed>) = ? [pid 747] <... exit_group resumed>) = ? [pid 749] +++ exited with 0 +++ [pid 748] <... futex resumed>) = ? [pid 748] +++ exited with 0 +++ [pid 747] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=747, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/bus") = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777executing program ) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 750 ./strace-static-x86_64: Process 750 attached [pid 750] set_robust_list(0x555594dc86a0, 24) = 0 [pid 750] chdir("./116") = 0 [pid 750] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 750] setpgid(0, 0) = 0 [pid 750] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 750] write(3, "1000", 4) = 4 [pid 750] close(3) = 0 [pid 750] symlink("/dev/binderfs", "./binderfs") = 0 [pid 750] write(1, "executing program\n", 18) = 18 [pid 750] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 750] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 750] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[751]}, 88) = 751 [pid 750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 750] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 750] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 750] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 750] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[752]}, 88) = 752 [pid 750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 750] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 752 attached [pid 752] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 752] creat("./bus", 000) = 3 [pid 752] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 750] <... futex resumed>) = 0 [pid 750] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 1 [pid 752] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 752] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 750] <... futex resumed>) = 0 [pid 750] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 1 [pid 752] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 752] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 750] <... futex resumed>) = 0 [pid 750] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 750] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 752] <... futex resumed>) = 1 [pid 752] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 752] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 750] <... futex resumed>) = 0 [pid 752] <... futex resumed>) = 1 [pid 752] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 751 attached [pid 751] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 751] memfd_create("syzkaller", 0) = 5 [pid 751] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [ 126.500713][ T748] loop0: detected capacity change from 0 to 256 [ 126.508605][ T748] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.519144][ T748] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.529765][ T748] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 751] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 751] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 751] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 751] close(5) = 0 [pid 751] close(6) = 0 [pid 751] mkdir("./file0", 0777) = 0 [pid 751] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 751] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 751] chdir("./file0") = 0 [pid 751] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 751] ioctl(6, LOOP_CLR_FD) = 0 [pid 751] close(6) = 0 [pid 751] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 751] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 750] exit_group(0) = ? [pid 751] <... futex resumed>) = ? [pid 751] +++ exited with 0 +++ [pid 752] <... futex resumed>) = ? [pid 752] +++ exited with 0 +++ [pid 750] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=750, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/bus") = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 753 ./strace-static-x86_64: Process 753 attached [pid 753] set_robust_list(0x555594dc86a0, 24) = 0 [pid 753] chdir("./117") = 0 [pid 753] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 753] setpgid(0, 0) = 0 executing program [pid 753] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 753] write(3, "1000", 4) = 4 [pid 753] close(3) = 0 [pid 753] symlink("/dev/binderfs", "./binderfs") = 0 [pid 753] write(1, "executing program\n", 18) = 18 [pid 753] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 753] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 753] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[754]}, 88) = 754 [pid 753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 753] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 753] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 753] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 753] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 754 attached => {parent_tid=[755]}, 88) = 755 [pid 753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 753] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 755 attached [pid 755] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 755] creat("./bus", 000) = 3 [pid 755] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 755] <... futex resumed>) = 1 [pid 755] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 755] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 755] <... futex resumed>) = 1 [pid 755] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 755] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... futex resumed>) = 0 [pid 753] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 753] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 755] <... futex resumed>) = 1 [pid 755] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 755] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 753] <... futex resumed>) = 0 [pid 755] <... futex resumed>) = 1 [pid 755] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 754] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 754] memfd_create("syzkaller", 0) = 5 [pid 754] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 754] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 754] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.565435][ T751] loop0: detected capacity change from 0 to 256 [ 126.573035][ T751] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.583746][ T751] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.594188][ T751] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 754] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 754] close(5) = 0 [pid 754] close(6) = 0 [pid 754] mkdir("./file0", 0777) = 0 [pid 754] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 754] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 754] chdir("./file0") = 0 [pid 754] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 754] ioctl(6, LOOP_CLR_FD) = 0 [pid 754] close(6) = 0 [pid 754] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 754] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 753] exit_group(0 [pid 755] <... futex resumed>) = ? [pid 753] <... exit_group resumed>) = ? [pid 755] +++ exited with 0 +++ [pid 754] <... futex resumed>) = ? [pid 754] +++ exited with 0 +++ [pid 753] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=753, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/bus") = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 756 ./strace-static-x86_64: Process 756 attached [pid 756] set_robust_list(0x555594dc86a0, 24) = 0 [pid 756] chdir("./118") = 0 [pid 756] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 756] setpgid(0, 0) = 0 [pid 756] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 756] write(3, "1000", 4) = 4 [pid 756] close(3) = 0 [pid 756] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 756] write(1, "executing program\n", 18) = 18 [pid 756] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 756] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 756] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[757]}, 88) = 757 [pid 756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 756] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 756] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 756] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 756] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[758]}, 88) = 758 [pid 756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 756] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 757 attached [pid 757] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 757] memfd_create("syzkaller", 0) = 3 [pid 757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 ./strace-static-x86_64: Process 758 attached [pid 757] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 758] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 758] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 758] creat("./bus", 000) = 4 [pid 758] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 756] <... futex resumed>) = 0 [pid 756] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 758] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 757] <... write resumed>) = 131072 [pid 756] <... futex resumed>) = 0 [pid 756] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 756] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 757] munmap(0x7fa7f2c57000, 138412032 [pid 758] <... futex resumed>) = 1 [pid 757] <... munmap resumed>) = 0 [pid 757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 757] ioctl(5, LOOP_SET_FD, 3 [pid 758] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [ 126.634114][ T754] loop0: detected capacity change from 0 to 256 [ 126.642571][ T754] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.653175][ T754] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.663338][ T754] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 758] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 758] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 756] <... futex resumed>) = 0 [pid 756] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 756] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 758] <... futex resumed>) = 0 [pid 758] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 758] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 756] <... futex resumed>) = 0 [pid 758] <... futex resumed>) = 1 [pid 758] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 757] <... ioctl resumed>) = 0 [pid 757] close(3) = 0 [pid 757] close(5) = 0 [pid 757] mkdir("./file0", 0777) = 0 [pid 757] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 757] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 757] chdir("./file0") = 0 [pid 757] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 757] ioctl(5, LOOP_CLR_FD) = 0 [pid 757] close(5) = 0 [pid 757] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 757] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 756] exit_group(0 [pid 758] <... futex resumed>) = ? [pid 756] <... exit_group resumed>) = ? [pid 758] +++ exited with 0 +++ [pid 757] <... futex resumed>) = ? [pid 757] +++ exited with 0 +++ [pid 756] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=756, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/bus") = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 759 ./strace-static-x86_64: Process 759 attached [pid 759] set_robust_list(0x555594dc86a0, 24) = 0 [pid 759] chdir("./119") = 0 [pid 759] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 759] setpgid(0, 0) = 0 [pid 759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 759] write(3, "1000", 4) = 4 [pid 759] close(3) = 0 [pid 759] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 759] write(1, "executing program\n", 18) = 18 [pid 759] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 759] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[760]}, 88) = 760 [pid 759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 759] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 759] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 759] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[761]}, 88) = 761 [pid 759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 759] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 761 attached [pid 761] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 761] creat("./bus", 000) = 3 [pid 761] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 761] <... futex resumed>) = 1 [pid 761] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 761] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 761] <... futex resumed>) = 1 [pid 761] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 761] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 759] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 759] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 761] <... futex resumed>) = 1 [pid 761] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 761] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 759] <... futex resumed>) = 0 [pid 761] <... futex resumed>) = 1 [pid 761] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 760 attached [pid 760] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 760] memfd_create("syzkaller", 0) = 5 [pid 760] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 760] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 760] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.704094][ T757] loop0: detected capacity change from 0 to 256 [ 126.712526][ T757] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.723192][ T757] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.733411][ T757] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 760] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 760] close(5) = 0 [pid 760] close(6) = 0 [pid 760] mkdir("./file0", 0777) = 0 [pid 760] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 760] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 760] chdir("./file0") = 0 [pid 760] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 760] ioctl(6, LOOP_CLR_FD) = 0 [pid 760] close(6) = 0 [pid 760] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 760] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 759] exit_group(0 [pid 761] <... futex resumed>) = ? [pid 759] <... exit_group resumed>) = ? [pid 761] +++ exited with 0 +++ [pid 760] <... futex resumed>) = ? [pid 760] +++ exited with 0 +++ [pid 759] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=759, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/bus") = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 763 ./strace-static-x86_64: Process 763 attached [pid 763] set_robust_list(0x555594dc86a0, 24) = 0 [pid 763] chdir("./120") = 0 [pid 763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 763] setpgid(0, 0) = 0 [pid 763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 763] write(3, "1000", 4) = 4 [pid 763] close(3) = 0 [pid 763] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 763] write(1, "executing program\n", 18) = 18 [pid 763] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 763] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[764]}, 88) = 764 ./strace-static-x86_64: Process 764 attached [pid 763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 763] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 764] set_robust_list(0x7fa7fb0989a0, 24 [pid 763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 764] <... set_robust_list resumed>) = 0 [pid 764] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 764] memfd_create("syzkaller", 0 [pid 763] <... mmap resumed>) = 0x7fa7fb057000 [pid 764] <... memfd_create resumed>) = 3 [pid 764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 763] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 764] <... mmap resumed>) = 0x7fa7f2c57000 [pid 763] <... mprotect resumed>) = 0 [pid 763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[765]}, 88) = 765 [pid 763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 763] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 765 attached [pid 765] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 765] creat("./bus", 000) = 4 [pid 765] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 765] <... futex resumed>) = 1 [pid 765] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 765] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 765] <... futex resumed>) = 1 [pid 765] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 765] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 763] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 765] <... futex resumed>) = 1 [pid 765] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 765] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 763] <... futex resumed>) = 0 [pid 765] <... futex resumed>) = 1 [pid 765] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 764] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 764] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.774237][ T760] loop0: detected capacity change from 0 to 256 [ 126.782230][ T760] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.792847][ T760] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.803527][ T760] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 764] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 764] close(3) = 0 [pid 764] close(6) = 0 [pid 764] mkdir("./file0", 0777) = 0 [pid 764] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 764] chdir("./file0") = 0 [pid 764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 764] ioctl(6, LOOP_CLR_FD) = 0 [pid 764] close(6) = 0 [pid 764] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 763] exit_group(0 [pid 765] <... futex resumed>) = ? [pid 763] <... exit_group resumed>) = ? [pid 765] +++ exited with 0 +++ [pid 764] +++ exited with 0 +++ [pid 763] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=763, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/bus") = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 766 ./strace-static-x86_64: Process 766 attached [pid 766] set_robust_list(0x555594dc86a0, 24) = 0 executing program [pid 766] chdir("./121") = 0 [pid 766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 766] setpgid(0, 0) = 0 [pid 766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 766] write(3, "1000", 4) = 4 [pid 766] close(3) = 0 [pid 766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 766] write(1, "executing program\n", 18) = 18 [pid 766] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 766] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[767]}, 88) = 767 [pid 766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 766] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 766] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[768]}, 88) = 768 ./strace-static-x86_64: Process 768 attached [pid 766] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 766] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 767 attached [pid 767] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 767] memfd_create("syzkaller", 0) = 3 [pid 767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 768] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 768] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 768] creat("./bus", 000) = 4 [pid 768] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 766] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = 1 [pid 767] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 768] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 768] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] <... write resumed>) = 131072 [pid 768] <... futex resumed>) = 1 [pid 767] munmap(0x7fa7f2c57000, 138412032 [pid 766] <... futex resumed>) = 0 [pid 768] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 767] <... munmap resumed>) = 0 [pid 766] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 767] <... openat resumed>) = 5 [pid 767] ioctl(5, LOOP_SET_FD, 3 [pid 768] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 768] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 766] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.846386][ T764] loop0: detected capacity change from 0 to 256 [ 126.854979][ T764] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.865824][ T764] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.876103][ T764] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 766] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 768] <... futex resumed>) = 1 [pid 768] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 768] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 766] <... futex resumed>) = 0 [pid 768] <... futex resumed>) = 1 [pid 768] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 767] <... ioctl resumed>) = 0 [pid 767] close(3) = 0 [pid 767] close(5) = 0 [pid 767] mkdir("./file0", 0777) = 0 [pid 767] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 767] chdir("./file0") = 0 [pid 767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 767] ioctl(5, LOOP_CLR_FD) = 0 [pid 767] close(5) = 0 [pid 767] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 767] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 766] exit_group(0) = ? [pid 768] <... futex resumed>) = ? [pid 768] +++ exited with 0 +++ [pid 767] <... futex resumed>) = ? [pid 767] +++ exited with 0 +++ [pid 766] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=766, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/bus") = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 769 ./strace-static-x86_64: Process 769 attached [pid 769] set_robust_list(0x555594dc86a0, 24) = 0 [pid 769] chdir("./122") = 0 [pid 769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 769] setpgid(0, 0) = 0 [pid 769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 769] write(3, "1000", 4) = 4 [pid 769] close(3) = 0 [pid 769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 769] write(1, "executing program\n", 18) = 18 executing program [pid 769] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 769] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[770]}, 88) = 770 [pid 769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 769] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 769] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[771]}, 88) = 771 [pid 769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 769] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 771 attached [pid 771] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 771] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 771] creat("./bus", 000) = 3 [pid 771] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 1 [pid 771] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 771] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 1 [pid 771] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 771] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 769] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 769] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 771] <... futex resumed>) = 1 [pid 771] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 771] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 769] <... futex resumed>) = 0 [pid 771] <... futex resumed>) = 1 [pid 771] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 770 attached [pid 770] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 770] memfd_create("syzkaller", 0) = 5 [pid 770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 770] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 770] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.913997][ T767] loop0: detected capacity change from 0 to 256 [ 126.922222][ T767] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.933045][ T767] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 126.943008][ T767] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 770] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 770] close(5) = 0 [pid 770] close(6) = 0 [pid 770] mkdir("./file0", 0777) = 0 [pid 770] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 770] chdir("./file0") = 0 [pid 770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 770] ioctl(6, LOOP_CLR_FD) = 0 [pid 770] close(6) = 0 [pid 770] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 770] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 769] exit_group(0 [pid 771] <... futex resumed>) = ? [pid 769] <... exit_group resumed>) = ? [pid 771] +++ exited with 0 +++ [pid 770] <... futex resumed>) = ? [pid 770] +++ exited with 0 +++ [pid 769] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=769, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/bus") = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 772 ./strace-static-x86_64: Process 772 attached [pid 772] set_robust_list(0x555594dc86a0, 24) = 0 [pid 772] chdir("./123") = 0 [pid 772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 772] setpgid(0, 0) = 0 [pid 772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 772] write(3, "1000", 4) = 4 [pid 772] close(3) = 0 [pid 772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 772] write(1, "executing program\n", 18executing program ) = 18 [pid 772] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 772] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[773]}, 88) = 773 [pid 772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 772] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 772] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[774]}, 88) = 774 [pid 772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 772] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 774 attached [pid 774] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 774] creat("./bus", 000) = 3 [pid 774] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] <... futex resumed>) = 1 [pid 774] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 774] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] <... futex resumed>) = 1 [pid 774] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 774] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 772] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 774] <... futex resumed>) = 1 [pid 774] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 774] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 772] <... futex resumed>) = 0 [pid 774] <... futex resumed>) = 1 [pid 774] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 773 attached [pid 773] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 773] memfd_create("syzkaller", 0) = 5 [pid 773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 773] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 773] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 126.979834][ T770] loop0: detected capacity change from 0 to 256 [ 126.987526][ T770] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 126.997987][ T770] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.008617][ T770] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 773] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 773] close(5) = 0 [pid 773] close(6) = 0 [pid 773] mkdir("./file0", 0777) = 0 [pid 773] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 773] chdir("./file0") = 0 [pid 773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 773] ioctl(6, LOOP_CLR_FD) = 0 [pid 773] close(6) = 0 [pid 773] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 772] exit_group(0 [pid 774] <... futex resumed>) = ? [pid 772] <... exit_group resumed>) = ? [pid 774] +++ exited with 0 +++ [pid 773] +++ exited with 0 +++ [pid 772] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=772, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/bus") = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 775 ./strace-static-x86_64: Process 775 attached [pid 775] set_robust_list(0x555594dc86a0, 24) = 0 [pid 775] chdir("./124") = 0 [pid 775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 775] setpgid(0, 0) = 0 [pid 775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 775] write(3, "1000", 4) = 4 [pid 775] close(3) = 0 [pid 775] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 775] write(1, "executing program\n", 18) = 18 [pid 775] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 775] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[776]}, 88) = 776 [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 775] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[777]}, 88) = 777 [pid 775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 775] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 777 attached [pid 777] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 777] creat("./bus", 000) = 3 [pid 777] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] <... futex resumed>) = 1 [pid 777] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 777] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] <... futex resumed>) = 1 [pid 777] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 777] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 775] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 775] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 777] <... futex resumed>) = 1 [pid 777] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 777] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] <... futex resumed>) = 0 [pid 777] <... futex resumed>) = 1 [pid 777] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 776 attached [pid 776] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 776] memfd_create("syzkaller", 0) = 5 [pid 776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 776] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 776] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.046155][ T773] loop0: detected capacity change from 0 to 256 [ 127.053842][ T773] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.064451][ T773] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.074649][ T773] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 776] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 776] close(5) = 0 [pid 776] close(6) = 0 [pid 776] mkdir("./file0", 0777) = 0 [pid 776] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 776] chdir("./file0") = 0 [pid 776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 776] ioctl(6, LOOP_CLR_FD) = 0 [pid 776] close(6) = 0 [pid 776] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 775] exit_group(0 [pid 777] <... futex resumed>) = ? [pid 775] <... exit_group resumed>) = ? [pid 777] +++ exited with 0 +++ [pid 776] <... futex resumed>) = ? [pid 776] +++ exited with 0 +++ [pid 775] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=775, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/bus") = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 778 attached , child_tidptr=0x555594dc8690) = 778 [pid 778] set_robust_list(0x555594dc86a0, 24executing program ) = 0 [pid 778] chdir("./125") = 0 [pid 778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 778] setpgid(0, 0) = 0 [pid 778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 778] write(3, "1000", 4) = 4 [pid 778] close(3) = 0 [pid 778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 778] write(1, "executing program\n", 18) = 18 [pid 778] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 778] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[779]}, 88) = 779 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 778] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[780]}, 88) = 780 [pid 778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 778] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 780 attached [pid 780] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 780] creat("./bus", 000) = 3 [pid 780] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... futex resumed>) = 1 [pid 780] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 780] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... futex resumed>) = 1 [pid 780] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 780] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 778] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 778] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 780] <... futex resumed>) = 1 [pid 780] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 780] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 778] <... futex resumed>) = 0 [pid 780] <... futex resumed>) = 1 [pid 780] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 779 attached [pid 779] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 779] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 779] memfd_create("syzkaller", 0) = 5 [pid 779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 779] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 779] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.115773][ T776] loop0: detected capacity change from 0 to 256 [ 127.123228][ T776] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.133819][ T776] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.143976][ T776] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 779] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 779] close(5) = 0 [pid 779] close(6) = 0 [pid 779] mkdir("./file0", 0777) = 0 [pid 779] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 779] chdir("./file0") = 0 [pid 779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 779] ioctl(6, LOOP_CLR_FD) = 0 [pid 779] close(6) = 0 [pid 779] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 779] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 778] exit_group(0) = ? [pid 779] <... futex resumed>) = ? [pid 779] +++ exited with 0 +++ [pid 780] <... futex resumed>) = ? [pid 780] +++ exited with 0 +++ [pid 778] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=778, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/bus") = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 781 ./strace-static-x86_64: Process 781 attached [pid 781] set_robust_list(0x555594dc86a0, 24) = 0 [pid 781] chdir("./126") = 0 [pid 781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 781] setpgid(0, 0) = 0 [pid 781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 781] write(3, "1000", 4) = 4 [pid 781] close(3) = 0 [pid 781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 781] write(1, "executing program\n", 18) = 18 [pid 781] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 781] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[782]}, 88) = 782 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 781] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[783]}, 88) = 783 [pid 781] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 781] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 783 attached [pid 783] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 783] creat("./bus", 000) = 3 ./strace-static-x86_64: Process 782 attached [pid 783] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 783] <... futex resumed>) = 1 [pid 783] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 782] set_robust_list(0x7fa7fb0989a0, 24 [pid 783] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 782] <... set_robust_list resumed>) = 0 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 783] <... futex resumed>) = 1 [pid 783] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 783] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 781] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 781] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 783] <... futex resumed>) = 1 [pid 783] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 783] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] <... futex resumed>) = 0 [pid 783] <... futex resumed>) = 1 [pid 783] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 782] memfd_create("syzkaller", 0) = 5 [pid 782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 782] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 782] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.185019][ T779] loop0: detected capacity change from 0 to 256 [ 127.193926][ T779] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.204858][ T779] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.215659][ T779] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 782] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 782] close(5) = 0 [pid 782] close(6) = 0 [pid 782] mkdir("./file0", 0777) = 0 [pid 782] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 782] chdir("./file0") = 0 [pid 782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 782] ioctl(6, LOOP_CLR_FD) = 0 [pid 782] close(6) = 0 [pid 782] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 781] exit_group(0 [pid 783] <... futex resumed>) = ? [pid 781] <... exit_group resumed>) = ? [pid 783] +++ exited with 0 +++ [pid 782] <... futex resumed>) = ? [pid 782] +++ exited with 0 +++ [pid 781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=781, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./126/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/bus") = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 784 ./strace-static-x86_64: Process 784 attached [pid 784] set_robust_list(0x555594dc86a0, 24) = 0 [pid 784] chdir("./127") = 0 [pid 784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 784] setpgid(0, 0) = 0 [pid 784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 784] write(3, "1000", 4) = 4 [pid 784] close(3) = 0 [pid 784] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 784] write(1, "executing program\n", 18) = 18 [pid 784] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 784] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[785]}, 88) = 785 [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 784] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 784] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[786]}, 88) = 786 [pid 784] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 784] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 786 attached [pid 786] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 786] creat("./bus", 000) = 3 [pid 786] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 786] <... futex resumed>) = 1 [pid 786] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 786] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 786] <... futex resumed>) = 1 [pid 786] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 786] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 784] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 784] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 786] <... futex resumed>) = 1 [pid 786] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 786] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 784] <... futex resumed>) = 0 [pid 786] <... futex resumed>) = 1 [pid 786] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 785 attached [pid 785] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 785] memfd_create("syzkaller", 0) = 5 [pid 785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 785] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 785] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.253719][ T782] loop0: detected capacity change from 0 to 256 [ 127.261762][ T782] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.272595][ T782] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.283115][ T782] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 785] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 785] close(5) = 0 [pid 785] close(6) = 0 [pid 785] mkdir("./file0", 0777) = 0 [pid 785] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 785] chdir("./file0") = 0 [pid 785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 785] ioctl(6, LOOP_CLR_FD) = 0 [pid 785] close(6) = 0 [pid 785] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 785] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 784] exit_group(0 [pid 786] <... futex resumed>) = ? [pid 784] <... exit_group resumed>) = ? [pid 786] +++ exited with 0 +++ [pid 785] <... futex resumed>) = ? [pid 785] +++ exited with 0 +++ [pid 784] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=784, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./127/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/bus") = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 787 ./strace-static-x86_64: Process 787 attached [pid 787] set_robust_list(0x555594dc86a0, 24) = 0 [pid 787] chdir("./128") = 0 [pid 787] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 787] setpgid(0, 0) = 0 [pid 787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 787] write(3, "1000", 4) = 4 [pid 787] close(3) = 0 [pid 787] symlink("/dev/binderfs", "./binderfs") = 0 [pid 787] write(1, "executing program\n", 18executing program ) = 18 [pid 787] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 787] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 787] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[788]}, 88) = 788 [pid 787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 787] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 787] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 787] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[789]}, 88) = 789 ./strace-static-x86_64: Process 789 attached [pid 787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 787] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 788 attached [pid 788] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 788] memfd_create("syzkaller", 0) = 3 [pid 789] set_robust_list(0x7fa7fb0779a0, 24 [pid 788] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 789] <... set_robust_list resumed>) = 0 [pid 789] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 789] creat("./bus", 000) = 4 [pid 789] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 789] <... futex resumed>) = 1 [pid 787] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 789] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 788] <... write resumed>) = 131072 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] <... futex resumed>) = 1 [pid 789] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 789] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 787] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 787] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 789] <... futex resumed>) = 1 [pid 789] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 789] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 787] <... futex resumed>) = 0 [pid 789] <... futex resumed>) = 1 [pid 789] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 788] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.317706][ T785] loop0: detected capacity change from 0 to 256 [ 127.325122][ T785] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.335625][ T785] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.345989][ T785] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 788] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 788] close(3) = 0 [pid 788] close(6) = 0 [pid 788] mkdir("./file0", 0777) = 0 [pid 788] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 788] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 788] chdir("./file0") = 0 [pid 788] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 788] ioctl(6, LOOP_CLR_FD) = 0 [pid 788] close(6) = 0 [pid 788] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 788] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 787] exit_group(0 [pid 789] <... futex resumed>) = ? [pid 787] <... exit_group resumed>) = ? [pid 789] +++ exited with 0 +++ [pid 788] <... futex resumed>) = ? [pid 788] +++ exited with 0 +++ [pid 787] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=787, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./128", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./128/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/bus") = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 790 ./strace-static-x86_64: Process 790 attached [pid 790] set_robust_list(0x555594dc86a0, 24) = 0 [pid 790] chdir("./129") = 0 [pid 790] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 790] setpgid(0, 0) = 0 [pid 790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 790] write(3, "1000", 4) = 4 [pid 790] close(3) = 0 [pid 790] symlink("/dev/binderfs", "./binderfs") = 0 [pid 790] write(1, "executing program\n", 18executing program ) = 18 [pid 790] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 790] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 791 attached => {parent_tid=[791]}, 88) = 791 [pid 790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 790] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 791] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 790] <... mmap resumed>) = 0x7fa7fb057000 [pid 790] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 791] rt_sigprocmask(SIG_SETMASK, [], [pid 790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[792]}, 88) = 792 ./strace-static-x86_64: Process 792 attached [pid 791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 790] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 792] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 791] memfd_create("syzkaller", 0 [pid 792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 792] creat("./bus", 000 [pid 791] <... memfd_create resumed>) = 4 [pid 792] <... creat resumed>) = 3 [pid 791] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 792] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 792] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 791] <... mmap resumed>) = 0x7fa7f2c57000 [pid 792] <... mount resumed>) = 0 [pid 792] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 792] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 792] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 790] <... futex resumed>) = 0 [pid 790] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 790] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 792] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 792] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 790] <... futex resumed>) = 0 [ 127.383917][ T788] loop0: detected capacity change from 0 to 256 [ 127.391526][ T788] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.402010][ T788] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.412813][ T788] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 792] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 791] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 791] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 791] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 791] close(4) = 0 [pid 791] close(6) = 0 [pid 791] mkdir("./file0", 0777) = 0 [pid 791] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 791] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 791] chdir("./file0") = 0 [pid 791] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 791] ioctl(6, LOOP_CLR_FD) = 0 [pid 791] close(6) = 0 [pid 791] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 791] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 790] exit_group(0) = ? [pid 792] <... futex resumed>) = ? [pid 792] +++ exited with 0 +++ [pid 791] <... futex resumed>) = ? [pid 791] +++ exited with 0 +++ [pid 790] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=790, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./129", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./129/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/bus") = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 793 ./strace-static-x86_64: Process 793 attached [pid 793] set_robust_list(0x555594dc86a0, 24) = 0 [pid 793] chdir("./130") = 0 [pid 793] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 793] setpgid(0, 0) = 0 [pid 793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 793] write(3, "1000", 4) = 4 [pid 793] close(3) = 0 [pid 793] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 793] write(1, "executing program\n", 18) = 18 [pid 793] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 793] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[794]}, 88) = 794 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 793] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 793] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[795]}, 88) = 795 [pid 793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 793] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 795 attached [pid 795] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 795] creat("./bus", 000) = 3 [pid 795] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 795] <... futex resumed>) = 1 [pid 795] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 795] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 795] <... futex resumed>) = 1 [pid 795] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 795] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 793] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 793] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 795] <... futex resumed>) = 1 [pid 795] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 795] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 793] <... futex resumed>) = 0 [pid 795] <... futex resumed>) = 1 [pid 795] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 794 attached [pid 794] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 794] memfd_create("syzkaller", 0) = 5 [pid 794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 794] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 794] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.455399][ T791] loop0: detected capacity change from 0 to 256 [ 127.463435][ T791] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.473964][ T791] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.484393][ T791] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 794] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 794] close(5) = 0 [pid 794] close(6) = 0 [pid 794] mkdir("./file0", 0777) = 0 [pid 794] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 794] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 794] chdir("./file0") = 0 [pid 794] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 794] ioctl(6, LOOP_CLR_FD) = 0 [pid 794] close(6) = 0 [pid 794] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 794] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 793] exit_group(0 [pid 795] <... futex resumed>) = ? [pid 793] <... exit_group resumed>) = ? [pid 795] +++ exited with 0 +++ [pid 794] <... futex resumed>) = ? [pid 794] +++ exited with 0 +++ [pid 793] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=793, si_uid=0, si_status=0, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./130", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./130/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/bus") = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program ) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 796 ./strace-static-x86_64: Process 796 attached [pid 796] set_robust_list(0x555594dc86a0, 24) = 0 [pid 796] chdir("./131") = 0 [pid 796] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 796] setpgid(0, 0) = 0 [pid 796] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 796] write(3, "1000", 4) = 4 [pid 796] close(3) = 0 [pid 796] symlink("/dev/binderfs", "./binderfs") = 0 [pid 796] write(1, "executing program\n", 18) = 18 [pid 796] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 796] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 796] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 796] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[797]}, 88) = 797 [pid 796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 796] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 796] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 796] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 796] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[798]}, 88) = 798 [pid 796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 796] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 798 attached [pid 798] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 798] creat("./bus", 000) = 3 [pid 798] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... futex resumed>) = 1 [pid 798] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 798] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... futex resumed>) = 1 [pid 798] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 798] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 796] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 796] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 798] <... futex resumed>) = 1 [pid 798] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 798] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 796] <... futex resumed>) = 0 [pid 798] <... futex resumed>) = 1 [pid 798] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 797 attached [pid 797] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 797] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 797] memfd_create("syzkaller", 0) = 5 [pid 797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 797] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 797] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.528068][ T794] loop0: detected capacity change from 0 to 256 [ 127.536854][ T794] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.547452][ T794] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.557927][ T794] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 797] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 797] close(5) = 0 [pid 797] close(6) = 0 [pid 797] mkdir("./file0", 0777) = 0 [pid 797] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 797] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 797] chdir("./file0") = 0 [pid 797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 797] ioctl(6, LOOP_CLR_FD) = 0 [pid 797] close(6) = 0 [pid 797] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 797] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 796] exit_group(0) = ? [pid 797] <... futex resumed>) = ? [pid 797] +++ exited with 0 +++ [pid 798] <... futex resumed>) = ? [pid 798] +++ exited with 0 +++ [pid 796] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=796, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./131", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./131/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/bus") = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 799 ./strace-static-x86_64: Process 799 attached [pid 799] set_robust_list(0x555594dc86a0, 24) = 0 [pid 799] chdir("./132") = 0 [pid 799] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 799] setpgid(0, 0) = 0 executing program [pid 799] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 799] write(3, "1000", 4) = 4 [pid 799] close(3) = 0 [pid 799] symlink("/dev/binderfs", "./binderfs") = 0 [pid 799] write(1, "executing program\n", 18) = 18 [pid 799] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 799] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 799] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[800]}, 88) = 800 [pid 799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 799] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 799] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 799] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 799] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[801]}, 88) = 801 [pid 799] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 799] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 801 attached [pid 801] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 801] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 801] creat("./bus", 000) = 3 [pid 801] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 801] <... futex resumed>) = 1 [pid 801] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 801] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 801] <... futex resumed>) = 1 [pid 801] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 801] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 799] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 799] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 801] <... futex resumed>) = 1 [pid 801] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 801] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 799] <... futex resumed>) = 0 [pid 801] <... futex resumed>) = 1 [pid 801] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 800 attached [pid 800] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 800] memfd_create("syzkaller", 0) = 5 [pid 800] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 800] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 800] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.591645][ T797] loop0: detected capacity change from 0 to 256 [ 127.599176][ T797] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.609801][ T797] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.620425][ T797] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 800] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 800] close(5) = 0 [pid 800] close(6) = 0 [pid 800] mkdir("./file0", 0777) = 0 [pid 800] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 800] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 800] chdir("./file0") = 0 [pid 800] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 800] ioctl(6, LOOP_CLR_FD) = 0 [pid 800] close(6) = 0 [pid 800] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 800] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 799] exit_group(0 [pid 801] <... futex resumed>) = ? [pid 799] <... exit_group resumed>) = ? [pid 801] +++ exited with 0 +++ [pid 800] <... futex resumed>) = ? [pid 800] +++ exited with 0 +++ [pid 799] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=799, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./132", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./132/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/bus") = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 802 ./strace-static-x86_64: Process 802 attached [pid 802] set_robust_list(0x555594dc86a0, 24) = 0 [pid 802] chdir("./133") = 0 [pid 802] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 802] setpgid(0, 0) = 0 [pid 802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 802] write(3, "1000", 4) = 4 [pid 802] close(3) = 0 [pid 802] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 802] write(1, "executing program\n", 18) = 18 [pid 802] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 802] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[803]}, 88) = 803 [pid 802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 802] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 802] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 802] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[804]}, 88) = 804 [pid 802] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 802] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 804 attached [pid 804] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 804] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 804] creat("./bus", 000./strace-static-x86_64: Process 803 attached ) = 3 [pid 803] set_robust_list(0x7fa7fb0989a0, 24 [pid 804] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 804] <... futex resumed>) = 1 [pid 804] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 803] <... set_robust_list resumed>) = 0 [pid 804] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 804] <... futex resumed>) = 1 [pid 803] rt_sigprocmask(SIG_SETMASK, [], [pid 804] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 803] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 803] memfd_create("syzkaller", 0 [pid 804] <... open resumed>) = 4 [pid 803] <... memfd_create resumed>) = 5 [pid 803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 804] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 803] <... mmap resumed>) = 0x7fa7f2c57000 [pid 804] <... futex resumed>) = 1 [pid 802] <... futex resumed>) = 0 [pid 802] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 802] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 804] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 804] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 802] <... futex resumed>) = 0 [pid 804] <... futex resumed>) = 1 [pid 804] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 127.659356][ T800] loop0: detected capacity change from 0 to 256 [ 127.668006][ T800] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.678509][ T800] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.689174][ T800] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 803] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 803] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 803] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 803] close(5) = 0 [pid 803] close(6) = 0 [pid 803] mkdir("./file0", 0777) = 0 [pid 803] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 803] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 803] chdir("./file0") = 0 [pid 803] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 803] ioctl(6, LOOP_CLR_FD) = 0 [pid 803] close(6) = 0 [pid 803] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 803] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 802] exit_group(0 [pid 804] <... futex resumed>) = ? [pid 802] <... exit_group resumed>) = ? [pid 804] +++ exited with 0 +++ [pid 803] <... futex resumed>) = ? [pid 803] +++ exited with 0 +++ [pid 802] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=802, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./133/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/bus") = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 805 ./strace-static-x86_64: Process 805 attached [pid 805] set_robust_list(0x555594dc86a0, 24) = 0 [pid 805] chdir("./134") = 0 [pid 805] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 805] setpgid(0, 0) = 0 [pid 805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 805] write(3, "1000", 4) = 4 [pid 805] close(3) = 0 [pid 805] symlink("/dev/binderfs", "./binderfs") = 0 [pid 805] write(1, "executing program\n", 18) = 18 [pid 805] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 805] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 805] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 805] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[806]}, 88) = 806 [pid 805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 805] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 805] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 805] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 806 attached => {parent_tid=[807]}, 88) = 807 [pid 805] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 805] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 807 attached [pid 807] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 807] creat("./bus", 000) = 3 [pid 806] set_robust_list(0x7fa7fb0989a0, 24 [pid 807] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 807] <... futex resumed>) = 1 [pid 807] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 807] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 807] <... futex resumed>) = 1 [pid 807] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 807] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] <... futex resumed>) = 0 [pid 805] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 805] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 807] <... futex resumed>) = 1 [pid 807] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 807] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 805] <... futex resumed>) = 0 [pid 807] <... futex resumed>) = 1 [pid 807] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 806] <... set_robust_list resumed>) = 0 [pid 806] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 806] memfd_create("syzkaller", 0) = 5 [pid 806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 806] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 806] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.726812][ T803] loop0: detected capacity change from 0 to 256 [ 127.735713][ T803] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.746280][ T803] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.756573][ T803] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 806] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 806] close(5) = 0 [pid 806] close(6) = 0 [pid 806] mkdir("./file0", 0777) = 0 [pid 806] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 806] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 806] chdir("./file0") = 0 [pid 806] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 806] ioctl(6, LOOP_CLR_FD) = 0 [pid 806] close(6) = 0 [pid 806] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 806] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 805] exit_group(0) = ? [pid 806] <... futex resumed>) = ? [pid 806] +++ exited with 0 +++ [pid 807] <... futex resumed>) = ? [pid 807] +++ exited with 0 +++ [pid 805] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=805, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./134/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/bus") = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 809 attached , child_tidptr=0x555594dc8690) = 809 [pid 809] set_robust_list(0x555594dc86a0, 24) = 0 [pid 809] chdir("./135"executing program ) = 0 [pid 809] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 809] setpgid(0, 0) = 0 [pid 809] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 809] write(3, "1000", 4) = 4 [pid 809] close(3) = 0 [pid 809] symlink("/dev/binderfs", "./binderfs") = 0 [pid 809] write(1, "executing program\n", 18) = 18 [pid 809] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 809] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 809] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 810 attached => {parent_tid=[810]}, 88) = 810 [pid 810] set_robust_list(0x7fa7fb0989a0, 24 [pid 809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 809] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 809] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 809] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 809] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 810] <... set_robust_list resumed>) = 0 [pid 809] <... clone3 resumed> => {parent_tid=[811]}, 88) = 811 [pid 809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 809] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 811 attached [pid 811] set_robust_list(0x7fa7fb0779a0, 24 [pid 810] rt_sigprocmask(SIG_SETMASK, [], [pid 811] <... set_robust_list resumed>) = 0 [pid 811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 811] creat("./bus", 000 [pid 810] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 810] memfd_create("syzkaller", 0 [pid 811] <... creat resumed>) = 3 [pid 810] <... memfd_create resumed>) = 4 [pid 810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 811] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 810] <... mmap resumed>) = 0x7fa7f2c57000 [pid 809] <... futex resumed>) = 0 [pid 809] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 811] <... futex resumed>) = 1 [pid 811] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 811] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 809] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 811] <... futex resumed>) = 1 [pid 811] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 811] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 809] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 809] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 811] <... futex resumed>) = 1 [pid 811] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 811] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 809] <... futex resumed>) = 0 [pid 811] <... futex resumed>) = 1 [pid 811] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 810] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 810] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.793456][ T806] loop0: detected capacity change from 0 to 256 [ 127.800899][ T806] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.811567][ T806] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.822550][ T806] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 810] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 810] close(4) = 0 [pid 810] close(6) = 0 [pid 810] mkdir("./file0", 0777) = 0 [pid 810] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 810] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 810] chdir("./file0") = 0 [pid 810] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 810] ioctl(6, LOOP_CLR_FD) = 0 [pid 810] close(6) = 0 [pid 810] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 810] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 809] exit_group(0 [pid 811] <... futex resumed>) = ? [pid 809] <... exit_group resumed>) = ? [pid 811] +++ exited with 0 +++ [pid 810] <... futex resumed>) = ? [pid 810] +++ exited with 0 +++ [pid 809] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=809, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./135/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/bus") = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 812 ./strace-static-x86_64: Process 812 attached [pid 812] set_robust_list(0x555594dc86a0, 24) = 0 [pid 812] chdir("./136") = 0 [pid 812] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 812] setpgid(0, 0) = 0 [pid 812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 812] write(3, "1000", 4) = 4 [pid 812] close(3) = 0 [pid 812] symlink("/dev/binderfs", "./binderfs") = 0 [pid 812] write(1, "executing program\n", 18executing program ) = 18 [pid 812] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 812] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 813 attached => {parent_tid=[813]}, 88) = 813 [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 812] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 812] rt_sigprocmask(SIG_BLOCK, ~[], [pid 813] set_robust_list(0x7fa7fb0989a0, 24 [pid 812] <... rt_sigprocmask resumed>[], 8) = 0 [pid 812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} [pid 813] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 814 attached [pid 812] <... clone3 resumed> => {parent_tid=[814]}, 88) = 814 [pid 812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 812] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 813] memfd_create("syzkaller", 0 [pid 814] set_robust_list(0x7fa7fb0779a0, 24 [pid 813] <... memfd_create resumed>) = 3 [pid 813] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 814] <... set_robust_list resumed>) = 0 [pid 814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 814] creat("./bus", 000) = 4 [pid 813] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 814] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 814] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 814] <... futex resumed>) = 0 [pid 813] <... write resumed>) = 131072 [pid 812] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 814] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 813] munmap(0x7fa7f2c57000, 138412032 [pid 814] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 814] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 812] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 814] <... futex resumed>) = 0 [pid 814] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 812] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 814] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 812] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 812] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 814] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 814] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 812] <... futex resumed>) = 0 [pid 814] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 813] <... munmap resumed>) = 0 [pid 813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 127.862275][ T810] loop0: detected capacity change from 0 to 256 [ 127.870822][ T810] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.881402][ T810] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.891933][ T810] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 813] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 813] close(3) = 0 [pid 813] close(6) = 0 [pid 813] mkdir("./file0", 0777) = 0 [pid 813] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 813] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 813] chdir("./file0") = 0 [pid 813] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 813] ioctl(6, LOOP_CLR_FD) = 0 [pid 813] close(6) = 0 [pid 813] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 813] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 812] exit_group(0 [pid 814] <... futex resumed>) = ? [pid 812] <... exit_group resumed>) = ? [pid 814] +++ exited with 0 +++ [pid 813] <... futex resumed>) = ? [pid 813] +++ exited with 0 +++ [pid 812] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=812, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./136", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./136/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/bus") = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 815 ./strace-static-x86_64: Process 815 attached [pid 815] set_robust_list(0x555594dc86a0, 24) = 0 [pid 815] chdir("./137") = 0 [pid 815] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 815] setpgid(0, 0) = 0 [pid 815] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 815] write(3, "1000", 4) = 4 [pid 815] close(3) = 0 [pid 815] symlink("/dev/binderfs", "./binderfs") = 0 [pid 815] write(1, "executing program\n", 18) = 18 [pid 815] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 815] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 815] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[816]}, 88) = 816 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 815] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 815] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 815] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[817]}, 88) = 817 [pid 815] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 815] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 817 attached [pid 817] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 817] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 817] creat("./bus", 000) = 3 [pid 817] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 815] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 817] <... futex resumed>) = 1 [pid 817] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 817] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 815] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 817] <... futex resumed>) = 1 [pid 817] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 817] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 815] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 815] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 817] <... futex resumed>) = 1 [pid 817] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 817] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 815] <... futex resumed>) = 0 [pid 817] <... futex resumed>) = 1 [pid 817] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 816 attached [pid 816] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 816] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 816] memfd_create("syzkaller", 0) = 5 [pid 816] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [ 127.926303][ T813] loop0: detected capacity change from 0 to 256 [ 127.934419][ T813] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.945002][ T813] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 127.955296][ T813] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 816] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 816] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 816] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 816] close(5) = 0 [pid 816] close(6) = 0 [pid 816] mkdir("./file0", 0777) = 0 [pid 816] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 816] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 816] chdir("./file0") = 0 [pid 816] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 816] ioctl(6, LOOP_CLR_FD) = 0 [pid 816] close(6) = 0 [pid 816] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 816] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 815] exit_group(0 [pid 817] <... futex resumed>) = ? [pid 815] <... exit_group resumed>) = ? [pid 817] +++ exited with 0 +++ [pid 816] <... futex resumed>) = ? [pid 816] +++ exited with 0 +++ [pid 815] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=815, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./137", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./137/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/bus") = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 818 ./strace-static-x86_64: Process 818 attached [pid 818] set_robust_list(0x555594dc86a0, 24) = 0 [pid 818] chdir("./138") = 0 [pid 818] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 818] setpgid(0, 0) = 0 executing program [pid 818] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 818] write(3, "1000", 4) = 4 [pid 818] close(3) = 0 [pid 818] symlink("/dev/binderfs", "./binderfs") = 0 [pid 818] write(1, "executing program\n", 18) = 18 [pid 818] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 818] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 818] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[819]}, 88) = 819 [pid 818] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 818] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 818] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 818] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 818] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 819 attached [pid 819] set_robust_list(0x7fa7fb0989a0, 24 [pid 818] <... clone3 resumed> => {parent_tid=[820]}, 88) = 820 ./strace-static-x86_64: Process 820 attached [pid 818] rt_sigprocmask(SIG_SETMASK, [], [pid 819] <... set_robust_list resumed>) = 0 [pid 818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 818] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 820] creat("./bus", 000 [pid 819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 820] <... creat resumed>) = 3 [pid 820] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 819] memfd_create("syzkaller", 0) = 4 [pid 819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 820] <... futex resumed>) = 1 [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 820] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] <... futex resumed>) = 0 [pid 820] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 818] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 819] <... write resumed>) = 131072 [pid 820] <... open resumed>) = 5 [pid 819] munmap(0x7fa7f2c57000, 138412032 [pid 820] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] <... futex resumed>) = 0 [pid 818] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 818] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 820] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096 [pid 819] <... munmap resumed>) = 0 [pid 820] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 820] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 818] <... futex resumed>) = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 820] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 819] <... openat resumed>) = 6 [ 127.994983][ T816] loop0: detected capacity change from 0 to 256 [ 128.002858][ T816] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.013532][ T816] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.023729][ T816] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 819] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 819] close(4) = 0 [pid 819] close(6) = 0 [pid 819] mkdir("./file0", 0777) = 0 [pid 819] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 819] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 819] chdir("./file0") = 0 [pid 819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 819] ioctl(6, LOOP_CLR_FD) = 0 [pid 819] close(6) = 0 [pid 819] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 819] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 818] exit_group(0 [pid 820] <... futex resumed>) = ? [pid 820] +++ exited with 0 +++ [pid 818] <... exit_group resumed>) = ? [pid 819] <... futex resumed>) = ? [pid 819] +++ exited with 0 +++ [pid 818] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=818, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./138/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/bus") = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 821 ./strace-static-x86_64: Process 821 attached [pid 821] set_robust_list(0x555594dc86a0, 24) = 0 [pid 821] chdir("./139") = 0 [pid 821] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 821] setpgid(0, 0) = 0 [pid 821] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 821] write(3, "1000", 4) = 4 [pid 821] close(3) = 0 [pid 821] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 821] write(1, "executing program\n", 18) = 18 [pid 821] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 821] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 821] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[822]}, 88) = 822 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 821] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 821] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 821] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[823]}, 88) = 823 [pid 821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 821] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 823 attached [pid 823] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 823] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 823] creat("./bus", 000) = 3 [pid 823] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 823] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 823] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 821] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 821] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 823] <... futex resumed>) = 1 [pid 823] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 823] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 821] <... futex resumed>) = 0 [pid 823] <... futex resumed>) = 1 [pid 823] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 822 attached [pid 822] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 822] memfd_create("syzkaller", 0) = 5 [pid 822] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 822] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 822] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.071087][ T819] loop0: detected capacity change from 0 to 256 [ 128.081341][ T819] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.091930][ T819] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.102598][ T819] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 822] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 822] close(5) = 0 [pid 822] close(6) = 0 [pid 822] mkdir("./file0", 0777) = 0 [pid 822] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 822] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 822] chdir("./file0") = 0 [pid 822] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 822] ioctl(6, LOOP_CLR_FD) = 0 [pid 822] close(6) = 0 [pid 822] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 822] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 821] exit_group(0) = ? [pid 822] <... futex resumed>) = ? [pid 822] +++ exited with 0 +++ [pid 823] <... futex resumed>) = ? [pid 823] +++ exited with 0 +++ [pid 821] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=821, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./139/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/bus") = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 824 ./strace-static-x86_64: Process 824 attached [pid 824] set_robust_list(0x555594dc86a0, 24) = 0 [pid 824] chdir("./140") = 0 [pid 824] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 824] setpgid(0, 0) = 0 [pid 824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 824] write(3, "1000", 4) = 4 [pid 824] close(3) = 0 [pid 824] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 824] write(1, "executing program\n", 18) = 18 [pid 824] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 824] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[825]}, 88) = 825 [pid 824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 824] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 824] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 825 attached ) = 0 [pid 825] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 825] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 825] memfd_create("syzkaller", 0 [pid 824] rt_sigprocmask(SIG_BLOCK, ~[], [pid 825] <... memfd_create resumed>) = 3 [pid 825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 824] <... rt_sigprocmask resumed>[], 8) = 0 [pid 824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0}./strace-static-x86_64: Process 826 attached [pid 826] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 826] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 826] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 824] <... clone3 resumed> => {parent_tid=[826]}, 88) = 826 [pid 824] rt_sigprocmask(SIG_SETMASK, [], [pid 825] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 824] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 826] <... futex resumed>) = 0 [pid 826] creat("./bus", 000 [pid 824] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... creat resumed>) = 4 [pid 826] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 826] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 825] <... write resumed>) = 131072 [pid 825] munmap(0x7fa7f2c57000, 138412032 [pid 824] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 824] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 825] <... munmap resumed>) = 0 [pid 824] <... futex resumed>) = 1 [pid 824] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 825] ioctl(5, LOOP_SET_FD, 3 [pid 826] <... futex resumed>) = 0 [pid 826] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 826] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 128.140218][ T822] loop0: detected capacity change from 0 to 256 [ 128.148403][ T822] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.159001][ T822] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.169696][ T822] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 826] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 824] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] <... futex resumed>) = 0 [pid 826] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 826] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 824] <... futex resumed>) = 0 [pid 824] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 824] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 826] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 826] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 824] <... futex resumed>) = 0 [pid 826] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 825] <... ioctl resumed>) = 0 [pid 825] close(3) = 0 [pid 825] close(5) = 0 [pid 825] mkdir("./file0", 0777) = 0 [pid 825] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 825] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 825] chdir("./file0") = 0 [pid 825] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 825] ioctl(5, LOOP_CLR_FD) = 0 [pid 825] close(5) = 0 [pid 825] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 825] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 824] exit_group(0 [pid 826] <... futex resumed>) = ? [pid 824] <... exit_group resumed>) = ? [pid 826] +++ exited with 0 +++ [pid 825] <... futex resumed>) = ? [pid 825] +++ exited with 0 +++ [pid 824] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=824, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./140/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/bus") = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 827 ./strace-static-x86_64: Process 827 attached [pid 827] set_robust_list(0x555594dc86a0, 24) = 0 [pid 827] chdir("./141") = 0 [pid 827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 827] setpgid(0, 0) = 0 [pid 827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 827] write(3, "1000", 4) = 4 [pid 827] close(3) = 0 [pid 827] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 827] write(1, "executing program\n", 18) = 18 [pid 827] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 827] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[828]}, 88) = 828 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 827] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[829]}, 88) = 829 [pid 827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 827] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 829 attached [pid 829] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 829] creat("./bus", 000) = 3 [pid 829] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 827] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] <... futex resumed>) = 1 [pid 829] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL./strace-static-x86_64: Process 828 attached ) = 0 [pid 829] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 827] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] <... futex resumed>) = 1 [pid 829] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 829] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 827] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 827] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 829] <... futex resumed>) = 1 [pid 829] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 829] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 827] <... futex resumed>) = 0 [pid 829] <... futex resumed>) = 1 [pid 829] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 828] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 828] memfd_create("syzkaller", 0) = 5 [pid 828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 828] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 828] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.207424][ T825] loop0: detected capacity change from 0 to 256 [ 128.215178][ T825] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.225756][ T825] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.236390][ T825] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 828] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 828] close(5) = 0 [pid 828] close(6) = 0 [pid 828] mkdir("./file0", 0777) = 0 [pid 828] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 828] chdir("./file0") = 0 [pid 828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 828] ioctl(6, LOOP_CLR_FD) = 0 [pid 828] close(6) = 0 [pid 828] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 828] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 827] exit_group(0 [pid 829] <... futex resumed>) = ? [pid 827] <... exit_group resumed>) = ? [pid 829] +++ exited with 0 +++ [pid 828] <... futex resumed>) = ? [pid 828] +++ exited with 0 +++ [pid 827] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=827, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./141", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./141/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/bus") = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 830 ./strace-static-x86_64: Process 830 attached [pid 830] set_robust_list(0x555594dc86a0, 24) = 0 [pid 830] chdir("./142") = 0 [pid 830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 830] setpgid(0, 0) = 0 [pid 830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 830] write(3, "1000", 4) = 4 [pid 830] close(3) = 0 [pid 830] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 830] write(1, "executing program\n", 18) = 18 [pid 830] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 830] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[831]}, 88) = 831 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 830] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[832]}, 88) = 832 [pid 830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 830] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 832 attached [pid 832] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 832] creat("./bus", 000) = 3 [pid 832] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 830] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 832] <... futex resumed>) = 1 [pid 832] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 832] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 830] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 832] <... futex resumed>) = 1 [pid 832] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 832] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 830] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 830] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 832] <... futex resumed>) = 1 [pid 832] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 832] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 830] <... futex resumed>) = 0 [pid 832] <... futex resumed>) = 1 [pid 832] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 831 attached [pid 831] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 831] memfd_create("syzkaller", 0) = 5 [pid 831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 831] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 831] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.274658][ T828] loop0: detected capacity change from 0 to 256 [ 128.282364][ T828] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.293123][ T828] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.303938][ T828] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 831] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 831] close(5) = 0 [pid 831] close(6) = 0 [pid 831] mkdir("./file0", 0777) = 0 [pid 831] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 831] chdir("./file0") = 0 [pid 831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 831] ioctl(6, LOOP_CLR_FD) = 0 [pid 831] close(6) = 0 [pid 831] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 831] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 830] exit_group(0 [pid 832] <... futex resumed>) = ? [pid 830] <... exit_group resumed>) = ? [pid 832] +++ exited with 0 +++ [pid 831] <... futex resumed>) = ? [pid 831] +++ exited with 0 +++ [pid 830] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=830, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./142", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./142/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/bus") = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 833 ./strace-static-x86_64: Process 833 attached [pid 833] set_robust_list(0x555594dc86a0, 24) = 0 [pid 833] chdir("./143") = 0 [pid 833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 833] setpgid(0, 0) = 0 [pid 833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 833] write(3, "1000", 4) = 4 [pid 833] close(3) = 0 [pid 833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 833] write(1, "executing program\n", 18) = 18 [pid 833] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 833] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 834 attached => {parent_tid=[834]}, 88) = 834 [pid 833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 833] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 833] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE [pid 834] set_robust_list(0x7fa7fb0989a0, 24 [pid 833] <... mprotect resumed>) = 0 [pid 833] rt_sigprocmask(SIG_BLOCK, ~[], [pid 834] <... set_robust_list resumed>) = 0 [pid 833] <... rt_sigprocmask resumed>[], 8) = 0 [pid 833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[835]}, 88) = 835 [pid 834] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 835 attached [pid 833] rt_sigprocmask(SIG_SETMASK, [], [pid 834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 833] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 834] memfd_create("syzkaller", 0 [pid 835] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 834] <... memfd_create resumed>) = 3 [pid 835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 835] creat("./bus", 000) = 4 [pid 835] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 833] <... futex resumed>) = 0 [pid 833] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 835] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 835] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 835] <... futex resumed>) = 1 [pid 833] <... futex resumed>) = 0 [pid 833] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 835] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 835] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 833] <... futex resumed>) = 0 [pid 833] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 833] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 835] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 835] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 833] <... futex resumed>) = 0 [pid 835] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 834] <... mmap resumed>) = 0x7fa7f2c57000 [ 128.340442][ T831] loop0: detected capacity change from 0 to 256 [ 128.347907][ T831] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.358406][ T831] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.369208][ T831] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 834] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 834] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 834] ioctl(6, LOOP_SET_FD, 3) = 0 [pid 834] close(3) = 0 [pid 834] close(6) = 0 [pid 834] mkdir("./file0", 0777) = 0 [pid 834] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 834] chdir("./file0") = 0 [pid 834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 834] ioctl(6, LOOP_CLR_FD) = 0 [pid 834] close(6) = 0 [pid 834] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 834] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 833] exit_group(0) = ? [pid 834] <... futex resumed>) = ? [pid 834] +++ exited with 0 +++ [pid 835] <... futex resumed>) = ? [pid 835] +++ exited with 0 +++ [pid 833] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=833, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./143/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/bus") = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 836 ./strace-static-x86_64: Process 836 attached [pid 836] set_robust_list(0x555594dc86a0, 24) = 0 [pid 836] chdir("./144") = 0 [pid 836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 836] setpgid(0, 0) = 0 [pid 836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 836] write(3, "1000", 4) = 4 [pid 836] close(3) = 0 [pid 836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 836] write(1, "executing program\n", 18) = 18 [pid 836] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 836] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[837]}, 88) = 837 [pid 836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 836] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 836] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[838]}, 88) = 838 [pid 836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 836] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 838 attached [pid 838] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 838] creat("./bus", 000) = 3 [pid 838] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 836] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] <... futex resumed>) = 1 [pid 838] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 838] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 836] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] <... futex resumed>) = 1 [pid 838] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 838] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 836] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 836] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 838] <... futex resumed>) = 1 [pid 838] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 838] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 836] <... futex resumed>) = 0 [pid 838] <... futex resumed>) = 1 [pid 838] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 837 attached [pid 837] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 837] memfd_create("syzkaller", 0) = 5 [pid 837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 837] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 837] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.406497][ T834] loop0: detected capacity change from 0 to 256 [ 128.414577][ T834] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.425221][ T834] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.435810][ T834] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 837] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 837] close(5) = 0 [pid 837] close(6) = 0 [pid 837] mkdir("./file0", 0777) = 0 [pid 837] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 837] chdir("./file0") = 0 [pid 837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 837] ioctl(6, LOOP_CLR_FD) = 0 [pid 837] close(6) = 0 [pid 837] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 837] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 836] exit_group(0 [pid 838] <... futex resumed>) = ? [pid 836] <... exit_group resumed>) = ? [pid 838] +++ exited with 0 +++ [pid 837] <... futex resumed>) = ? [pid 837] +++ exited with 0 +++ [pid 836] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=836, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./144", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./144/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/bus") = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 839 ./strace-static-x86_64: Process 839 attached [pid 839] set_robust_list(0x555594dc86a0, 24) = 0 [pid 839] chdir("./145") = 0 [pid 839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 839] setpgid(0, 0) = 0 [pid 839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 839] write(3, "1000", 4) = 4 [pid 839] close(3) = 0 [pid 839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 839] write(1, "executing program\n", 18) = 18 [pid 839] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 839] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[840]}, 88) = 840 [pid 839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 839] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 839] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[841]}, 88) = 841 [pid 839] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 839] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 841 attached [pid 841] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 841] creat("./bus", 000) = 3 [pid 841] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 839] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 841] <... futex resumed>) = 1 [pid 841] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 841] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 839] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 841] <... futex resumed>) = 1 [pid 841] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 841] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 839] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 839] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 841] <... futex resumed>) = 1 [pid 841] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 841] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 839] <... futex resumed>) = 0 [pid 841] <... futex resumed>) = 1 [pid 841] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 840 attached [pid 840] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 840] memfd_create("syzkaller", 0) = 5 [pid 840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 840] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 840] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.471339][ T837] loop0: detected capacity change from 0 to 256 [ 128.479320][ T837] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.490163][ T837] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.500080][ T837] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 840] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 840] close(5) = 0 [pid 840] close(6) = 0 [pid 840] mkdir("./file0", 0777) = 0 [pid 840] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 840] chdir("./file0") = 0 [pid 840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 840] ioctl(6, LOOP_CLR_FD) = 0 [pid 840] close(6) = 0 [pid 840] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 840] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 839] exit_group(0) = ? [pid 840] <... futex resumed>) = ? [pid 840] +++ exited with 0 +++ [pid 841] <... futex resumed>) = ? [pid 841] +++ exited with 0 +++ [pid 839] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=839, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./145/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/bus") = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 842 ./strace-static-x86_64: Process 842 attached [pid 842] set_robust_list(0x555594dc86a0, 24) = 0 [pid 842] chdir("./146") = 0 [pid 842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 842] setpgid(0, 0) = 0 [pid 842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 842] write(3, "1000", 4) = 4 [pid 842] close(3) = 0 [pid 842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 842] write(1, "executing program\n", 18) = 18 [pid 842] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 842] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[843]}, 88) = 843 [pid 842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 842] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 842] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[844]}, 88) = 844 [pid 842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 842] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 844 attached [pid 844] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 844] creat("./bus", 000) = 3 [pid 844] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... futex resumed>) = 0 [pid 842] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... futex resumed>) = 1 [pid 844] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 844] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... futex resumed>) = 0 [pid 842] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... futex resumed>) = 1 [pid 844] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 844] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... futex resumed>) = 0 [pid 842] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 842] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 844] <... futex resumed>) = 1 [pid 844] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 844] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 842] <... futex resumed>) = 0 [pid 844] <... futex resumed>) = 1 [pid 844] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 843 attached [pid 843] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 843] memfd_create("syzkaller", 0) = 5 [pid 843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 843] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 843] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.538453][ T840] loop0: detected capacity change from 0 to 256 [ 128.545963][ T840] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.556562][ T840] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.567128][ T840] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 843] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 843] close(5) = 0 [pid 843] close(6) = 0 [pid 843] mkdir("./file0", 0777) = 0 [pid 843] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 843] chdir("./file0") = 0 [pid 843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 843] ioctl(6, LOOP_CLR_FD) = 0 [pid 843] close(6) = 0 [pid 843] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 843] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 842] exit_group(0) = ? [pid 843] <... futex resumed>) = ? [pid 843] +++ exited with 0 +++ [pid 844] <... futex resumed>) = ? [pid 844] +++ exited with 0 +++ [pid 842] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=842, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./146/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/bus") = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 845 ./strace-static-x86_64: Process 845 attached [pid 845] set_robust_list(0x555594dc86a0, 24) = 0 [pid 845] chdir("./147") = 0 [pid 845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 845] setpgid(0, 0) = 0 [pid 845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 845] write(3, "1000", 4) = 4 [pid 845] close(3) = 0 [pid 845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 845] write(1, "executing program\n", 18executing program ) = 18 [pid 845] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 845] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 845] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[846]}, 88) = 846 ./strace-static-x86_64: Process 846 attached [pid 845] rt_sigprocmask(SIG_SETMASK, [], [pid 846] set_robust_list(0x7fa7fb0989a0, 24 [pid 845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 846] <... set_robust_list resumed>) = 0 [pid 845] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 846] rt_sigprocmask(SIG_SETMASK, [], [pid 845] <... futex resumed>) = 0 [pid 846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 845] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 846] memfd_create("syzkaller", 0) = 3 [pid 846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c78000 [pid 845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7f2c57000 [pid 845] mprotect(0x7fa7f2c58000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 846] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7f2c77990, parent_tid=0x7fa7f2c77990, exit_signal=0, stack=0x7fa7f2c57000, stack_size=0x20300, tls=0x7fa7f2c776c0} [pid 846] <... write resumed>) = 131072 [pid 846] munmap(0x7fa7f2c78000, 138412032./strace-static-x86_64: Process 847 attached ) = 0 [pid 846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 846] ioctl(4, LOOP_SET_FD, 3 [pid 847] set_robust_list(0x7fa7f2c779a0, 24 [pid 845] <... clone3 resumed> => {parent_tid=[847]}, 88) = 847 [pid 845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 845] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 128.601209][ T843] loop0: detected capacity change from 0 to 256 [ 128.608570][ T843] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.619178][ T843] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.629618][ T843] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 845] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 847] <... set_robust_list resumed>) = 0 [pid 847] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 847] creat("./bus", 000) = 5 [pid 847] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... futex resumed>) = 0 [pid 845] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 845] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 847] <... futex resumed>) = 1 [pid 847] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 847] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... futex resumed>) = 0 [pid 845] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 845] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 847] <... futex resumed>) = 1 [pid 847] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 6 [pid 847] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... futex resumed>) = 0 [pid 845] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 845] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 847] <... futex resumed>) = 1 [pid 847] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 847] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 845] <... futex resumed>) = 0 [pid 847] <... futex resumed>) = 1 [pid 846] <... ioctl resumed>) = 0 [pid 847] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 846] close(3) = 0 [pid 846] close(4) = 0 [pid 846] mkdir("./file0", 0777) = 0 [pid 846] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 846] chdir("./file0") = 0 [pid 846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 846] ioctl(4, LOOP_CLR_FD) = 0 [pid 846] close(4) = 0 [pid 846] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 846] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 845] exit_group(0 [pid 847] <... futex resumed>) = ? [pid 845] <... exit_group resumed>) = ? [pid 847] +++ exited with 0 +++ [pid 846] <... futex resumed>) = ? [pid 846] +++ exited with 0 +++ [pid 845] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=845, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./147/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/bus") = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 848 ./strace-static-x86_64: Process 848 attached [pid 848] set_robust_list(0x555594dc86a0, 24) = 0 executing program [pid 848] chdir("./148") = 0 [pid 848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 848] setpgid(0, 0) = 0 [pid 848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 848] write(3, "1000", 4) = 4 [pid 848] close(3) = 0 [pid 848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 848] write(1, "executing program\n", 18) = 18 [pid 848] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 848] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0}./strace-static-x86_64: Process 849 attached => {parent_tid=[849]}, 88) = 849 [pid 848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 848] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 848] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[850]}, 88) = 850 [pid 848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 848] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 849] set_robust_list(0x7fa7fb0989a0, 24 [pid 848] <... futex resumed>) = 0 ./strace-static-x86_64: Process 850 attached [pid 848] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 849] <... set_robust_list resumed>) = 0 [pid 849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 849] memfd_create("syzkaller", 0 [pid 850] set_robust_list(0x7fa7fb0779a0, 24 [pid 849] <... memfd_create resumed>) = 3 [pid 850] <... set_robust_list resumed>) = 0 [pid 849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 850] creat("./bus", 000) = 4 [pid 850] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 849] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 848] <... futex resumed>) = 0 [pid 848] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 850] <... futex resumed>) = 0 [pid 849] <... write resumed>) = 131072 [pid 848] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 850] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 849] munmap(0x7fa7f2c57000, 138412032 [pid 850] <... mount resumed>) = 0 [pid 850] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 849] <... munmap resumed>) = 0 [pid 848] <... futex resumed>) = 0 [pid 849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 849] ioctl(5, LOOP_SET_FD, 3 [pid 850] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 848] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 850] <... open resumed>) = 6 [ 128.674791][ T846] loop0: detected capacity change from 0 to 256 [ 128.683007][ T846] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.693698][ T846] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.704327][ T846] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 850] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 848] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 848] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 850] write(6, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 EINVAL (Invalid argument) [pid 850] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 848] <... futex resumed>) = 0 [pid 850] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 849] <... ioctl resumed>) = 0 [pid 849] close(3) = 0 [pid 849] close(5) = 0 [pid 849] mkdir("./file0", 0777) = 0 [pid 849] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 849] chdir("./file0") = 0 [pid 849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 5 [pid 849] ioctl(5, LOOP_CLR_FD) = 0 [pid 849] close(5) = 0 [pid 849] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 848] exit_group(0 [pid 850] <... futex resumed>) = ? [pid 848] <... exit_group resumed>) = ? [pid 850] +++ exited with 0 +++ [pid 849] <... futex resumed>) = ? [pid 849] +++ exited with 0 +++ [pid 848] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=848, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./148/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/bus") = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 851 ./strace-static-x86_64: Process 851 attached [pid 851] set_robust_list(0x555594dc86a0, 24) = 0 [pid 851] chdir("./149") = 0 [pid 851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 851] setpgid(0, 0) = 0 [pid 851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 851] write(3, "1000", 4) = 4 [pid 851] close(3) = 0 [pid 851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 851] write(1, "executing program\n", 18) = 18 [pid 851] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 851] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[852]}, 88) = 852 [pid 851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 851] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 851] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[853]}, 88) = 853 [pid 851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 851] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 853 attached [pid 853] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 853] creat("./bus", 000) = 3 [pid 853] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = 0 [pid 851] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 853] <... futex resumed>) = 1 [pid 853] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 853] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = 0 [pid 851] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 853] <... futex resumed>) = 1 [pid 853] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 853] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = 0 [pid 851] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 851] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 853] <... futex resumed>) = 1 [pid 853] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 853] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 851] <... futex resumed>) = 0 [pid 853] <... futex resumed>) = 1 [pid 853] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 852 attached [pid 852] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 852] memfd_create("syzkaller", 0) = 5 [ 128.741343][ T849] loop0: detected capacity change from 0 to 256 [ 128.749025][ T849] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.759734][ T849] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.770144][ T849] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 852] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 852] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 852] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 852] close(5) = 0 [pid 852] close(6) = 0 [pid 852] mkdir("./file0", 0777) = 0 [pid 852] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 852] chdir("./file0") = 0 [pid 852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 852] ioctl(6, LOOP_CLR_FD) = 0 [pid 852] close(6) = 0 [pid 852] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 852] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 851] exit_group(0) = ? [pid 852] <... futex resumed>) = ? [pid 852] +++ exited with 0 +++ [pid 853] <... futex resumed>) = ? [pid 853] +++ exited with 0 +++ [pid 851] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=851, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./149", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./149/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/bus") = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./149/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 855 ./strace-static-x86_64: Process 855 attached [pid 855] set_robust_list(0x555594dc86a0, 24) = 0 [pid 855] chdir("./150") = 0 [pid 855] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 855] setpgid(0, 0) = 0 [pid 855] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 855] write(3, "1000", 4) = 4 [pid 855] close(3) = 0 [pid 855] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 855] write(1, "executing program\n", 18) = 18 [pid 855] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 855] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 855] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[856]}, 88) = 856 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 855] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 855] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 855] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[857]}, 88) = 857 [pid 855] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 855] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 857 attached [pid 857] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 857] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 857] creat("./bus", 000) = 3 [pid 857] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 855] <... futex resumed>) = 0 [pid 855] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = 1 [pid 857] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 857] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 855] <... futex resumed>) = 0 [pid 855] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = 1 [pid 857] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 857] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 855] <... futex resumed>) = 0 [pid 855] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 855] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 857] <... futex resumed>) = 1 [pid 857] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 857] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 855] <... futex resumed>) = 0 [pid 857] <... futex resumed>) = 1 [pid 857] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 856 attached [pid 856] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 856] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 856] memfd_create("syzkaller", 0) = 5 [pid 856] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 856] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 856] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.805780][ T852] loop0: detected capacity change from 0 to 256 [ 128.813375][ T852] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.824146][ T852] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.834607][ T852] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 856] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 856] close(5) = 0 [pid 856] close(6) = 0 [pid 856] mkdir("./file0", 0777) = 0 [pid 856] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 856] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 856] chdir("./file0") = 0 [pid 856] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 856] ioctl(6, LOOP_CLR_FD) = 0 [pid 856] close(6) = 0 [pid 856] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 856] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 855] exit_group(0 [pid 857] <... futex resumed>) = ? [pid 855] <... exit_group resumed>) = ? [pid 857] +++ exited with 0 +++ [pid 856] <... futex resumed>) = ? [pid 856] +++ exited with 0 +++ [pid 855] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=855, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./150", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./150/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/bus") = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 858 ./strace-static-x86_64: Process 858 attached [pid 858] set_robust_list(0x555594dc86a0, 24) = 0 [pid 858] chdir("./151") = 0 [pid 858] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 858] setpgid(0, 0) = 0 [pid 858] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program ) = 3 [pid 858] write(3, "1000", 4) = 4 [pid 858] close(3) = 0 [pid 858] symlink("/dev/binderfs", "./binderfs") = 0 [pid 858] write(1, "executing program\n", 18) = 18 [pid 858] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 858] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 858] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[859]}, 88) = 859 [pid 858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 858] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 858] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 858] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 858] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[860]}, 88) = 860 [pid 858] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 858] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 860 attached [pid 860] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 860] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 860] creat("./bus", 000./strace-static-x86_64: Process 859 attached [pid 859] set_robust_list(0x7fa7fb0989a0, 24 [pid 860] <... creat resumed>) = 3 [pid 859] <... set_robust_list resumed>) = 0 [pid 860] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 859] rt_sigprocmask(SIG_SETMASK, [], [pid 858] <... futex resumed>) = 0 [pid 858] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] <... futex resumed>) = 1 [pid 860] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL [pid 859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 860] <... mount resumed>) = 0 [pid 860] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 859] memfd_create("syzkaller", 0) = 4 [pid 858] <... futex resumed>) = 0 [pid 858] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 858] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 860] <... futex resumed>) = 1 [pid 860] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 5 [pid 859] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 860] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 859] <... mmap resumed>) = 0x7fa7f2c57000 [pid 858] <... futex resumed>) = 0 [pid 860] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 860] <... futex resumed>) = 0 [pid 860] write(5, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 860] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 860] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 859] write(4, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 859] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.870245][ T856] loop0: detected capacity change from 0 to 256 [ 128.878073][ T856] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.888606][ T856] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.899186][ T856] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 859] ioctl(6, LOOP_SET_FD, 4) = 0 [pid 859] close(4) = 0 [pid 859] close(6) = 0 [pid 859] mkdir("./file0", 0777) = 0 [pid 859] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 859] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 4 [pid 859] chdir("./file0") = 0 [pid 859] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 859] ioctl(6, LOOP_CLR_FD) = 0 [pid 859] close(6) = 0 [pid 859] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 859] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 858] exit_group(0 [pid 860] <... futex resumed>) = ? [pid 858] <... exit_group resumed>) = ? [pid 860] +++ exited with 0 +++ [pid 859] <... futex resumed>) = ? [pid 859] +++ exited with 0 +++ [pid 858] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=858, si_uid=0, si_status=0, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./151/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/bus") = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 861 ./strace-static-x86_64: Process 861 attached [pid 861] set_robust_list(0x555594dc86a0, 24) = 0 [pid 861] chdir("./152") = 0 [pid 861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 861] setpgid(0, 0) = 0 [pid 861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 861] write(3, "1000", 4) = 4 [pid 861] close(3) = 0 [pid 861] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 861] write(1, "executing program\n", 18) = 18 [pid 861] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 861] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[862]}, 88) = 862 [pid 861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 861] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 861] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[863]}, 88) = 863 [pid 861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 861] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 863 attached [pid 863] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 863] creat("./bus", 000./strace-static-x86_64: Process 862 attached [pid 862] set_robust_list(0x7fa7fb0989a0, 24 [pid 863] <... creat resumed>) = 3 [pid 862] <... set_robust_list resumed>) = 0 [pid 863] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 861] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 863] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 861] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 863] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 861] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 861] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 863] <... futex resumed>) = 1 [pid 863] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 863] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 861] <... futex resumed>) = 0 [pid 863] <... futex resumed>) = 1 [pid 862] rt_sigprocmask(SIG_SETMASK, [], [pid 863] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 862] memfd_create("syzkaller", 0) = 5 [pid 862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 862] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 862] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 128.941362][ T859] loop0: detected capacity change from 0 to 256 [ 128.949088][ T859] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.959627][ T859] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 128.970421][ T859] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 862] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 862] close(5) = 0 [pid 862] close(6) = 0 [pid 862] mkdir("./file0", 0777) = 0 [pid 862] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 862] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 862] chdir("./file0") = 0 [pid 862] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 862] ioctl(6, LOOP_CLR_FD) = 0 [pid 862] close(6) = 0 [pid 862] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 862] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 861] exit_group(0 [pid 863] <... futex resumed>) = ? [pid 861] <... exit_group resumed>) = ? [pid 863] +++ exited with 0 +++ [pid 862] <... futex resumed>) = ? [pid 862] +++ exited with 0 +++ [pid 861] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=861, si_uid=0, si_status=0, si_utime=0, si_stime=5} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./152/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/bus") = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555594dc8690) = 864 ./strace-static-x86_64: Process 864 attached [pid 864] set_robust_list(0x555594dc86a0, 24) = 0 [pid 864] chdir("./153") = 0 [pid 864] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 864] setpgid(0, 0) = 0 [pid 864] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 864] write(3, "1000", 4) = 4 [pid 864] close(3) = 0 [pid 864] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 864] write(1, "executing program\n", 18) = 18 [pid 864] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 864] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 864] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[865]}, 88) = 865 [pid 864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 864] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 864] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 864] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 864] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[866]}, 88) = 866 [pid 864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 864] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 866 attached [pid 866] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 866] creat("./bus", 000./strace-static-x86_64: Process 865 attached [pid 865] set_robust_list(0x7fa7fb0989a0, 24 [pid 866] <... creat resumed>) = 3 [pid 865] <... set_robust_list resumed>) = 0 [pid 866] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 864] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 1 [pid 866] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 866] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 864] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 1 [pid 866] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000) = 4 [pid 866] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 864] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 864] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 866] <... futex resumed>) = 1 [pid 866] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 866] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 864] <... futex resumed>) = 0 [pid 866] <... futex resumed>) = 1 [pid 866] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 865] memfd_create("syzkaller", 0) = 5 [pid 865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 865] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 865] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 129.014905][ T862] loop0: detected capacity change from 0 to 256 [ 129.022917][ T862] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 129.033930][ T862] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 129.044582][ T862] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 865] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 865] close(5) = 0 [pid 865] close(6) = 0 [pid 865] mkdir("./file0", 0777) = 0 [pid 865] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 865] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 865] chdir("./file0") = 0 [pid 865] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 865] ioctl(6, LOOP_CLR_FD) = 0 [pid 865] close(6) = 0 [pid 865] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 865] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 864] exit_group(0 [pid 866] <... futex resumed>) = ? [pid 864] <... exit_group resumed>) = ? [pid 866] +++ exited with 0 +++ [pid 865] <... futex resumed>) = ? [pid 865] +++ exited with 0 +++ [pid 864] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=864, si_uid=0, si_status=0, si_utime=0, si_stime=4} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555594dc9730 /* 5 entries */, 32768) = 136 umount2("./153/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/bus", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/bus", {st_mode=S_IFREG|000, st_size=0, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/bus") = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555594dd1770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555594dd1770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x555594dc9730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program , child_tidptr=0x555594dc8690) = 867 ./strace-static-x86_64: Process 867 attached [pid 867] set_robust_list(0x555594dc86a0, 24) = 0 [pid 867] chdir("./154") = 0 [pid 867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 867] setpgid(0, 0) = 0 [pid 867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 867] write(3, "1000", 4) = 4 [pid 867] close(3) = 0 [pid 867] symlink("/dev/binderfs", "./binderfs") = 0 [pid 867] write(1, "executing program\n", 18) = 18 [pid 867] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] rt_sigaction(SIGRT_1, {sa_handler=0x7fa7fb101fb0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fa7fb0f3160}, NULL, 8) = 0 [pid 867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb078000 [pid 867] mprotect(0x7fa7fb079000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb098990, parent_tid=0x7fa7fb098990, exit_signal=0, stack=0x7fa7fb078000, stack_size=0x20300, tls=0x7fa7fb0986c0} => {parent_tid=[868]}, 88) = 868 [pid 867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 867] futex(0x7fa7fb1656c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fa7fb057000 [pid 867] mprotect(0x7fa7fb058000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fa7fb077990, parent_tid=0x7fa7fb077990, exit_signal=0, stack=0x7fa7fb057000, stack_size=0x20300, tls=0x7fa7fb0776c0} => {parent_tid=[869]}, 88) = 869 [pid 867] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 867] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 869 attached [pid 869] set_robust_list(0x7fa7fb0779a0, 24) = 0 [pid 869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 869] creat("./bus", 000) = 3 [pid 869] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] mount("/dev/loop0", "./bus", NULL, MS_BIND, NULL) = 0 [pid 869] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 ./strace-static-x86_64: Process 868 attached [pid 869] open("./bus", O_RDWR|O_CREAT|O_NONBLOCK|O_DIRECT|O_NOATIME, 000 [pid 868] set_robust_list(0x7fa7fb0989a0, 24) = 0 [pid 868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 868] memfd_create("syzkaller", 0) = 5 [pid 869] <... open resumed>) = 4 [pid 868] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa7f2c57000 [pid 869] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... futex resumed>) = 0 [pid 867] futex(0x7fa7fb1656d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 867] futex(0x7fa7fb1656dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 869] <... futex resumed>) = 1 [pid 869] write(4, "\xef\x51\xe1\xc4\xc7\x2f\x59\x26\xf1\x4b\x99\x6e\xd0\xd5\x3c\xed\x7e\x1d\xa6\x8c\x27\x25\x8e\x06\x57\x87\x36\x04\x16\x97\xdd\x07\xb5\x7e\x49\x9b\x4d\xdb\x64\x95\x61\x60\xe1\xee\x83\xb4\x7e\xf7\x75\x56\x1f\x20\xd4\x79\xa5\x5c\xaa\xec\x3a\xdd\x01\xd4\x84\x29\xd7\x94\xc6\xb5\xcb\xd2\x59\xd9\xcd\x13\xda\x11\x91\x3c\x5e\x51\xb0\xd8\x86\x9c\xa6\xb2\x94\x8a\xdb\xa3\x55\xfe\x4c\x67\xa9\x78\x8f\xa8\x12\x18"..., 4096) = -1 ENOSPC (No space left on device) [pid 868] write(5, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 869] futex(0x7fa7fb1656dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 867] <... futex resumed>) = 0 [pid 869] <... futex resumed>) = 1 [pid 869] futex(0x7fa7fb1656d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 868] <... write resumed>) = 131072 [pid 868] munmap(0x7fa7f2c57000, 138412032) = 0 [pid 868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [ 129.082792][ T865] loop0: detected capacity change from 0 to 256 [ 129.090993][ T865] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 129.101655][ T865] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 129.112026][ T865] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [pid 868] ioctl(6, LOOP_SET_FD, 5) = 0 [pid 868] close(5) = 0 [pid 868] close(6) = 0 [pid 868] mkdir("./file0", 0777) = 0 [pid 868] mount("/dev/loop0", "./file0", "exfat", 0, "") = 0 [pid 868] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 5 [pid 868] chdir("./file0") = 0 [pid 868] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 6 [pid 868] ioctl(6, LOOP_CLR_FD) = 0 [pid 868] close(6) = 0 [pid 868] futex(0x7fa7fb1656cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 868] futex(0x7fa7fb1656c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 867] exit_group(0 [pid 869] <... futex resumed>) = ? [pid 867] <... exit_group resumed>) = ? [pid 869] +++ exited with 0 +++ [pid 868] <... futex resumed>) = ? [pid 868] +++ exited with 0 +++ [pid 867] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=867, si_uid=0, si_status=0, si_utime=0, si_stime=4} ---