./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor425641292 <...> OUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] getdents64(3, [pid 5821] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... openat resumed>) = 3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] newfstatat(4, "", [pid 5818] newfstatat(3, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 5818] getdents64(3, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5818] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5822] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] newfstatat(AT_FDCWD, "./45/file2", [pid 5820] getdents64(4, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] rmdir("./45/file2" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] close(4 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5821] <... rmdir resumed>) = 0 [pid 5820] rmdir("./44/file2" [pid 5818] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5818] newfstatat(AT_FDCWD, "./43/file2", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, [pid 5820] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] unlink("./45/binderfs" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... unlink resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./44/binderfs", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./43/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] close(4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] unlink("./44/binderfs" [pid 5818] openat(AT_FDCWD, "./43/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] close(3 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 4 [pid 5821] <... close resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] newfstatat(3, "", [pid 5822] rmdir("./45/file2" [pid 5818] newfstatat(4, "", [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] rmdir("./45" [ 110.942236][ T6320] exFAT-fs (loop3): Filesystem has been set read-only [ 110.952523][ T6321] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 110.965920][ T6319] exFAT-fs (loop0): Filesystem has been set read-only [ 110.968208][ T6321] exFAT-fs (loop4): Filesystem has been set read-only [ 110.975460][ T6322] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 110.988887][ T6322] exFAT-fs (loop1): Filesystem has been set read-only [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] close(3 [pid 5819] getdents64(3, [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] mkdir("./46", 0777 [pid 5822] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5819] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... mkdir resumed>) = 0 [pid 5820] rmdir("./44" [pid 5818] close(4) = 0 [pid 5822] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] rmdir("./43/file2" [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5819] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 [pid 5820] mkdir("./45", 0777 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./45/file2", [pid 5822] unlink("./45/binderfs" [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... mkdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... unlink resumed>) = 0 [pid 5821] close(3 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... openat resumed>) = 4 [pid 5818] umount2("./43/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5821] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(AT_FDCWD, "./43/binderfs", [pid 5822] close(3 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] close(3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... close resumed>) = 0 [pid 5818] unlink("./43/binderfs"./strace-static-x86_64: Process 6323 attached [pid 5822] rmdir("./45" [pid 5819] getdents64(4, [pid 6323] set_robust_list(0x55555eedf6a0, 24 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./45/file2" [pid 6323] <... set_robust_list resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6323] chdir("./46" [pid 5822] <... rmdir resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6323] <... chdir resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] getdents64(3, [pid 6323] prctl(PR_SET_PDEATHSIG, SIGKILL./strace-static-x86_64: Process 6324 attached ) = 0 [pid 5822] mkdir("./46", 0777 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6323 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6324 [pid 5819] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6324] set_robust_list(0x55555eedf6a0, 24 [pid 6323] setpgid(0, 0 [pid 6324] <... set_robust_list resumed>) = 0 [pid 6323] <... setpgid resumed>) = 0 [pid 6324] chdir("./45" [pid 6323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6324] <... chdir resumed>) = 0 [pid 6323] <... openat resumed>) = 3 [pid 6323] write(3, "1000", 4 [pid 6324] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6323] <... write resumed>) = 4 [pid 6324] <... prctl resumed>) = 0 [pid 6323] close(3 [pid 6324] setpgid(0, 0 [pid 6323] <... close resumed>) = 0 [pid 6323] symlink("/dev/binderfs", "./binderfs" [pid 6324] <... setpgid resumed>) = 0 [pid 6323] <... symlink resumed>) = 0 [pid 6324] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC executing program [pid 6323] write(1, "executing program\n", 18 [pid 6324] <... openat resumed>) = 3 [pid 5822] <... mkdir resumed>) = 0 [pid 6323] <... write resumed>) = 18 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5818] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./43" [pid 6324] write(3, "1000", 4 [pid 6323] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] unlink("./45/binderfs" [pid 6324] <... write resumed>) = 4 [pid 6323] <... futex resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6324] close(3 [pid 6323] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6324] <... close resumed>) = 0 [pid 6323] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] mkdir("./44", 0777 [pid 6324] symlink("/dev/binderfs", "./binderfs" [pid 6323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] close(3 [pid 5819] getdents64(3, [pid 6323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./45"executing program [pid 6324] <... symlink resumed>) = 0 [pid 6323] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6324] write(1, "executing program\n", 18 [pid 6323] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... openat resumed>) = 3 [pid 6324] <... write resumed>) = 18 [pid 6323] <... mprotect resumed>) = 0 [pid 5819] mkdir("./46", 0777 [pid 6324] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... mkdir resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6324] <... futex resumed>) = 0 [pid 6323] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6325 attached [pid 6324] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] <... ioctl resumed>) = 0 [pid 6324] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6326 attached [pid 6324] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6323] <... clone3 resumed> => {parent_tid=[6326]}, 88) = 6326 [pid 6326] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6323] rt_sigprocmask(SIG_SETMASK, [], [pid 6326] <... rseq resumed>) = 0 [pid 6325] set_robust_list(0x55555eedf6a0, 24 [pid 6323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6326] set_robust_list(0x7fbb68bde9a0, 24 [pid 6324] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6323] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] <... set_robust_list resumed>) = 0 [pid 6325] <... set_robust_list resumed>) = 0 [pid 6323] <... futex resumed>) = 0 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], [pid 6323] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6324] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6325] chdir("./46" [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6325 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] close(3 [pid 6326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6325] <... chdir resumed>) = 0 [pid 6324] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 6325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6325] <... prctl resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 6326] memfd_create("syzkaller", 0 [pid 6325] setpgid(0, 0 [pid 6324] <... mprotect resumed>) = 0 [pid 6325] <... setpgid resumed>) = 0 [pid 6325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6324] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... close resumed>) = 0 [pid 6325] <... openat resumed>) = 3 [pid 6324] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6327 attached [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached [pid 6327] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6327 [pid 6327] chdir("./44") = 0 [pid 6327] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] set_robust_list(0x55555eedf6a0, 24 [pid 6327] setpgid(0, 0 [pid 6328] <... set_robust_list resumed>) = 0 [pid 6327] <... setpgid resumed>) = 0 [pid 6328] chdir("./46" [pid 6327] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6326] <... memfd_create resumed>) = 3 [pid 6325] write(3, "1000", 4 [pid 6324] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6328] <... chdir resumed>) = 0 [pid 6325] <... write resumed>) = 4 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6327] <... openat resumed>) = 3 [pid 6325] close(3./strace-static-x86_64: Process 6329 attached [pid 6328] <... prctl resumed>) = 0 [pid 6326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6325] <... close resumed>) = 0 [pid 6324] <... clone3 resumed> => {parent_tid=[6329]}, 88) = 6329 [pid 6329] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6328] setpgid(0, 0 [pid 6327] write(3, "1000", 4 [pid 6326] <... mmap resumed>) = 0x7fbb60600000 [pid 6325] symlink("/dev/binderfs", "./binderfs" [pid 6324] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6328 [pid 6329] <... rseq resumed>) = 0 [pid 6328] <... setpgid resumed>) = 0 [pid 6327] <... write resumed>) = 4 [pid 6325] <... symlink resumed>) = 0 [pid 6324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] set_robust_list(0x7fbb68bde9a0, 24 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6327] close(3executing program [pid 6325] write(1, "executing program\n", 18 [pid 6329] <... set_robust_list resumed>) = 0 [pid 6327] <... close resumed>) = 0 [pid 6325] <... write resumed>) = 18 [pid 6324] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], [pid 6324] <... futex resumed>) = 0 [pid 6329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6325] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] memfd_create("syzkaller", 0 [pid 6328] <... openat resumed>) = 3 [pid 6327] symlink("/dev/binderfs", "./binderfs" [pid 6325] <... futex resumed>) = 0 [pid 6329] <... memfd_create resumed>) = 3 [pid 6328] write(3, "1000", 4 [pid 6327] <... symlink resumed>) = 0 [pid 6326] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6325] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, executing program [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6328] <... write resumed>) = 4 [pid 6327] write(1, "executing program\n", 18 [pid 6325] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6329] <... mmap resumed>) = 0x7fbb60600000 [pid 6328] close(3 [pid 6327] <... write resumed>) = 18 [pid 6325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6328] <... close resumed>) = 0 [pid 6327] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6329] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6327] <... futex resumed>) = 0 [pid 6326] <... write resumed>) = 131072 [pid 6325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] <... write resumed>) = 131072 [pid 6328] write(1, "executing program\n", 18 [pid 6327] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6326] munmap(0x7fbb60600000, 138412032 [pid 6325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6326] <... munmap resumed>) = 0 [pid 6325] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6325] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6329] munmap(0x7fbb60600000, 138412032 [pid 6326] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6325] <... mprotect resumed>) = 0 [pid 6329] <... munmap resumed>) = 0 [pid 6326] <... openat resumed>) = 4 [pid 6325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}executing program ./strace-static-x86_64: Process 6330 attached [pid 6328] <... write resumed>) = 18 [pid 6327] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6326] ioctl(4, LOOP_SET_FD, 3 [pid 6325] <... clone3 resumed> => {parent_tid=[6330]}, 88) = 6330 [pid 6330] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6328] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6327] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6330] <... rseq resumed>) = 0 [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6330] set_robust_list(0x7fbb68bde9a0, 24 [pid 6328] <... futex resumed>) = 0 [pid 6330] <... set_robust_list resumed>) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6327] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6325] rt_sigprocmask(SIG_SETMASK, [], [pid 6330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6329] <... openat resumed>) = 4 [pid 6325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6330] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6327] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6325] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] ioctl(4, LOOP_SET_FD, 3 [pid 6326] <... ioctl resumed>) = 0 [pid 6326] close(3 [pid 6327] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6327] <... mprotect resumed>) = 0 [pid 6326] <... close resumed>) = 0 [pid 6326] close(4) = 0 [pid 6330] memfd_create("syzkaller", 0 [pid 6326] mkdir("./file2", 0777 [pid 6330] <... memfd_create resumed>) = 3 [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6327] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6326] <... mkdir resumed>) = 0 [pid 6330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6327] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6326] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6330] <... mmap resumed>) = 0x7fbb60600000 [pid 6328] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6327] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6331 attached [pid 6330] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6328] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6327] <... clone3 resumed> => {parent_tid=[6331]}, 88) = 6331 [pid 6328] <... mprotect resumed>) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6327] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6328] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6327] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6327] <... futex resumed>) = 0 [pid 6331] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6330] <... write resumed>) = 131072 [pid 6327] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6331] <... rseq resumed>) = 0 [pid 6331] set_robust_list(0x7fbb68bde9a0, 24./strace-static-x86_64: Process 6332 attached ) = 0 [pid 6330] munmap(0x7fbb60600000, 138412032) = 0 [pid 6330] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6330] ioctl(4, LOOP_SET_FD, 3 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], [pid 6328] <... clone3 resumed> => {parent_tid=[6332]}, 88) = 6332 [ 111.192351][ T6326] loop3: detected capacity change from 0 to 256 [pid 6332] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] <... rseq resumed>) = 0 [pid 6331] memfd_create("syzkaller", 0 [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] set_robust_list(0x7fbb68bde9a0, 24 [pid 6331] <... memfd_create resumed>) = 3 [pid 6328] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... set_robust_list resumed>) = 0 [pid 6331] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6328] <... futex resumed>) = 0 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6331] <... mmap resumed>) = 0x7fbb60600000 [pid 6328] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6331] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6332] memfd_create("syzkaller", 0 [pid 6330] <... ioctl resumed>) = 0 [pid 6329] <... ioctl resumed>) = 0 [pid 6330] close(3 [pid 6329] close(3 [pid 6330] <... close resumed>) = 0 [pid 6329] <... close resumed>) = 0 [pid 6330] close(4 [pid 6329] close(4 [pid 6330] <... close resumed>) = 0 [pid 6329] <... close resumed>) = 0 [pid 6330] mkdir("./file2", 0777 [pid 6329] mkdir("./file2", 0777 [pid 6332] <... memfd_create resumed>) = 3 [pid 6331] <... write resumed>) = 131072 [pid 6330] <... mkdir resumed>) = 0 [pid 6329] <... mkdir resumed>) = 0 [pid 6332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6331] munmap(0x7fbb60600000, 138412032 [pid 6332] <... mmap resumed>) = 0x7fbb60600000 [pid 6331] <... munmap resumed>) = 0 [pid 6332] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6331] ioctl(4, LOOP_SET_FD, 3 [pid 6329] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6332] <... write resumed>) = 131072 [ 111.234275][ T6329] loop2: detected capacity change from 0 to 256 [ 111.247463][ T6330] loop4: detected capacity change from 0 to 256 [ 111.256963][ T6326] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6330] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6332] munmap(0x7fbb60600000, 138412032) = 0 [pid 6332] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6331] <... ioctl resumed>) = 0 [pid 6331] close(3) = 0 [pid 6331] close(4) = 0 [pid 6331] mkdir("./file2", 0777) = 0 [ 111.285487][ T6331] loop0: detected capacity change from 0 to 256 [ 111.300185][ T6332] loop1: detected capacity change from 0 to 256 [ 111.300627][ T6326] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 111.307698][ T6329] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6331] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6332] close(3 [pid 6326] <... mount resumed>) = 0 [pid 6326] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6326] chdir("./file2" [pid 6332] <... close resumed>) = 0 [pid 6326] <... chdir resumed>) = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6326] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6326] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6323] <... futex resumed>) = 0 [pid 6323] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] <... futex resumed>) = 0 [pid 6323] <... futex resumed>) = 1 [pid 6326] mkdir("./file3", 0777 [pid 6332] close(4 [pid 6323] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] <... close resumed>) = 0 [pid 6332] mkdir("./file2", 0777) = 0 [ 111.337872][ T6330] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.367208][ T6326] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6332] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6323] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6323] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6323] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6329] <... mount resumed>) = 0 [pid 6323] <... mprotect resumed>) = 0 [pid 6330] <... mount resumed>) = 0 [pid 6323] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6329] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6323] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6330] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6329] <... openat resumed>) = 3 [pid 6330] <... openat resumed>) = 3 [pid 6329] chdir("./file2" [pid 6323] <... clone3 resumed> => {parent_tid=[6333]}, 88) = 6333 [pid 6323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6323] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6333 attached [pid 6333] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6333] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 111.381488][ T6331] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.395337][ T6330] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 111.404875][ T6329] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 111.406673][ T6326] exFAT-fs (loop3): Filesystem has been set read-only [ 111.415800][ T6331] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6333] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6333] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6323] <... futex resumed>) = 0 [pid 6333] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6323] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6323] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... ioctl resumed>) = 0 [pid 6333] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6323] <... futex resumed>) = 0 [pid 6333] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6330] chdir("./file2" [pid 6329] <... chdir resumed>) = 0 [pid 6332] <... mount resumed>) = 0 [pid 6330] <... chdir resumed>) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6332] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6330] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6329] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6332] <... openat resumed>) = 3 [pid 6330] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6329] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = 1 [pid 6332] chdir("./file2" [pid 6330] <... futex resumed>) = 1 [pid 6329] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6325] <... futex resumed>) = 0 [pid 6324] <... futex resumed>) = 0 [pid 6332] <... chdir resumed>) = 0 [pid 6330] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6324] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6325] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6330] mkdir("./file3", 0777 [pid 6329] <... futex resumed>) = 0 [pid 6324] <... futex resumed>) = 1 [pid 6332] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6331] <... mount resumed>) = 0 [pid 6326] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6325] <... futex resumed>) = 0 [pid 6324] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] <... futex resumed>) = ? [pid 6331] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6325] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6333] +++ killed by SIGSEGV +++ [pid 6331] <... openat resumed>) = 3 [pid 6331] chdir("./file2" [pid 6329] mkdir("./file3", 0777 [pid 6332] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... chdir resumed>) = 0 [pid 6331] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6331] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6326] +++ killed by SIGSEGV +++ [pid 6323] +++ killed by SIGSEGV +++ [pid 6332] <... futex resumed>) = 1 [pid 6330] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6328] <... futex resumed>) = 0 [ 111.434325][ T6332] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.446925][ T6332] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 111.462348][ T6330] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.471682][ T6330] exFAT-fs (loop4): Filesystem has been set read-only [ 111.477651][ T6329] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6327] <... futex resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6323, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6332] mkdir("./file3", 0777 [pid 6328] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... futex resumed>) = 0 [pid 6328] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6327] <... futex resumed>) = 1 [pid 6331] mkdir("./file3", 0777 [pid 6327] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6330] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6329] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6325] <... futex resumed>) = ? [pid 6329] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6332] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6330] +++ killed by SIGSEGV +++ [pid 6325] +++ killed by SIGSEGV +++ [pid 6324] <... futex resumed>) = ? [pid 5821] <... openat resumed>) = 3 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6325, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6332] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6329] +++ killed by SIGSEGV +++ [pid 6331] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6324] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(3, "", [pid 6328] <... futex resumed>) = ? [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6324, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5822] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6332] +++ killed by SIGSEGV +++ [pid 6331] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6328] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = 0 [pid 5821] getdents64(3, [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6327] <... futex resumed>) = ? [pid 5822] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6331] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6328, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5822] newfstatat(AT_FDCWD, "./46/file2", [pid 5821] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(AT_FDCWD, "./46/file2", [pid 5820] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] getdents64(4, [pid 5820] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(3, "", [pid 6327] +++ killed by SIGSEGV +++ [pid 5822] close(4 [pid 5821] <... openat resumed>) = 4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5822] <... close resumed>) = 0 [pid 5821] newfstatat(4, "", [pid 5820] getdents64(3, [pid 5819] newfstatat(3, "", [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6327, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5822] rmdir("./46/file2" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 5821] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5820] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5821] rmdir("./46/file2" [pid 5818] umount2("./44", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./45/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5819] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] unlink("./46/binderfs" [pid 5821] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(4, "", [pid 5818] openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5820] getdents64(4, [pid 5819] newfstatat(AT_FDCWD, "./46/file2", [pid 5818] <... openat resumed>) = 3 [pid 5822] <... unlink resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(3, "", [pid 5822] getdents64(3, [pid 5821] unlink("./46/binderfs" [pid 5819] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(3, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(3, [pid 5820] close(4 [pid 5819] <... openat resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./45/file2" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] newfstatat(4, "", [ 111.487478][ T6329] exFAT-fs (loop2): Filesystem has been set read-only [ 111.495331][ T6332] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.495967][ T6331] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.507027][ T6332] exFAT-fs (loop1): Filesystem has been set read-only [ 111.522211][ T6331] exFAT-fs (loop0): Filesystem has been set read-only [pid 5821] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] close(3 [pid 5821] <... close resumed>) = 0 [pid 5820] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... close resumed>) = 0 [pid 5821] rmdir("./46" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] rmdir("./46" [pid 5818] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./45/binderfs", [pid 5821] <... rmdir resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] mkdir("./47", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] getdents64(4, [pid 5818] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] unlink("./45/binderfs" [pid 5819] close(4 [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./46/file2" [pid 5821] <... mkdir resumed>) = 0 [pid 5822] mkdir("./47", 0777 [pid 5820] getdents64(3, [pid 5822] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... close resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./44/file2", [pid 5820] rmdir("./45" [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... openat resumed>) = 3 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... rmdir resumed>) = 0 [pid 5819] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./44/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 5820] mkdir("./46", 0777 [pid 5819] newfstatat(AT_FDCWD, "./46/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] close(3 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] openat(AT_FDCWD, "./44/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", [pid 5822] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] unlink("./46/binderfs") = 0 [pid 5820] <... openat resumed>) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 5820] close(3 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./46" [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6334 attached [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 6334] set_robust_list(0x55555eedf6a0, 24 [pid 5819] mkdir("./47", 0777 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6335 attached [pid 6334] <... set_robust_list resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6334 [pid 5820] <... close resumed>) = 0 [pid 5818] close(4 [pid 6334] chdir("./47" [pid 5818] <... close resumed>) = 0 [pid 6334] <... chdir resumed>) = 0 [pid 6335] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6335 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... mkdir resumed>) = 0 [pid 5818] rmdir("./44/file2" [pid 6334] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6334] <... prctl resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6335] <... set_robust_list resumed>) = 0 [pid 6334] setpgid(0, 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] umount2("./44/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6334] <... setpgid resumed>) = 0 [pid 6335] chdir("./47" [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 6334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] newfstatat(AT_FDCWD, "./44/binderfs", [pid 6335] <... chdir resumed>) = 0 [pid 6334] <... openat resumed>) = 3 [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6336 attached [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6336 [pid 6336] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6336] chdir("./46") = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6336] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6336] setpgid(0, 0) = 0 [pid 6336] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6337 attached ) = 3 [pid 6335] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6334] write(3, "1000", 4 [pid 5818] unlink("./44/binderfs" [pid 6336] write(3, "1000", 4 [pid 5818] <... unlink resumed>) = 0 [pid 6336] <... write resumed>) = 4 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6337 [pid 5818] getdents64(3, [pid 6337] set_robust_list(0x55555eedf6a0, 24 [pid 6336] close(3 [pid 6335] <... prctl resumed>) = 0 [pid 6334] <... write resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6335] setpgid(0, 0 [pid 6334] close(3 [pid 5818] close(3 [pid 6335] <... setpgid resumed>) = 0 [pid 6334] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6334] symlink("/dev/binderfs", "./binderfs" [pid 5818] rmdir("./44"executing program [pid 6337] <... set_robust_list resumed>) = 0 [pid 6336] <... close resumed>) = 0 [pid 6335] <... openat resumed>) = 3 [pid 6334] <... symlink resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5818] mkdir("./45", 0777 [pid 6337] chdir("./47" [pid 6336] symlink("/dev/binderfs", "./binderfs" [pid 6335] write(3, "1000", 4 [pid 6334] write(1, "executing program\n", 18 [pid 6335] <... write resumed>) = 4 [pid 6334] <... write resumed>) = 18 [pid 5818] <... mkdir resumed>) = 0 [pid 6335] close(3 [pid 6334] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6335] <... close resumed>) = 0 [pid 6336] <... symlink resumed>) = 0 [pid 6335] symlink("/dev/binderfs", "./binderfs" [pid 6334] <... futex resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6337] <... chdir resumed>) = 0 [pid 6335] <... symlink resumed>) = 0 [pid 6334] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6337] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6334] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6337] <... prctl resumed>) = 0 executing program executing program [pid 6336] write(1, "executing program\n", 18 [pid 6334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6337] setpgid(0, 0 [pid 6336] <... write resumed>) = 18 [pid 6335] write(1, "executing program\n", 18 [pid 6334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] <... setpgid resumed>) = 0 [pid 6336] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... write resumed>) = 18 [pid 6334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6336] <... futex resumed>) = 0 [pid 6335] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6337] <... openat resumed>) = 3 [pid 6336] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6335] <... futex resumed>) = 0 [pid 6334] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6336] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6334] <... mprotect resumed>) = 0 [pid 6337] write(3, "1000", 4 [pid 6336] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6335] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6334] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... ioctl resumed>) = 0 [pid 6337] <... write resumed>) = 4 [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6335] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6334] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6337] close(3 [pid 6336] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] close(3 [pid 6337] <... close resumed>) = 0 [pid 6336] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] symlink("/dev/binderfs", "./binderfs" [pid 6336] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6337] <... symlink resumed>) = 0 [pid 6336] <... mprotect resumed>) = 0 [pid 6335] <... mmap resumed>) = 0x7fbb68bbe000 ./strace-static-x86_64: Process 6338 attached [pid 6336] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6335] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6334] <... clone3 resumed> => {parent_tid=[6338]}, 88) = 6338 [pid 5818] <... close resumed>) = 0 [pid 6338] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6338] <... rseq resumed>) = 0 executing program [pid 6337] write(1, "executing program\n", 18 [pid 6336] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6335] <... mprotect resumed>) = 0 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6339 attached [pid 6337] <... write resumed>) = 18 [pid 6336] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6335] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] set_robust_list(0x7fbb68bde9a0, 24./strace-static-x86_64: Process 6340 attached [pid 6337] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... set_robust_list resumed>) = 0 [pid 6334] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], [pid 6337] <... futex resumed>) = 0 [pid 6335] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6334] <... futex resumed>) = 0 [pid 6340] <... rseq resumed>) = 0 [pid 6337] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6336] <... clone3 resumed> => {parent_tid=[6340]}, 88) = 6340 [pid 6335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6334] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6341 attached [pid 6340] set_robust_list(0x7fbb68bde9a0, 24 [pid 6338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], [pid 6341] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6340] <... set_robust_list resumed>) = 0 [pid 6338] memfd_create("syzkaller", 0 [pid 6337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6341] <... rseq resumed>) = 0 [pid 6340] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] set_robust_list(0x55555eedf6a0, 24 [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6336] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... clone3 resumed> => {parent_tid=[6341]}, 88) = 6341 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6339 [pid 6341] set_robust_list(0x7fbb68bde9a0, 24 [pid 6340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6339] <... set_robust_list resumed>) = 0 [pid 6337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6336] <... futex resumed>) = 0 [pid 6335] rt_sigprocmask(SIG_SETMASK, [], [pid 6341] <... set_robust_list resumed>) = 0 [pid 6340] memfd_create("syzkaller", 0 [pid 6339] chdir("./45" [pid 6337] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6336] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6335] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6341] rt_sigprocmask(SIG_SETMASK, [], [pid 6337] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6335] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6340] <... memfd_create resumed>) = 3 [pid 6337] <... mprotect resumed>) = 0 [pid 6335] <... futex resumed>) = 0 [pid 6341] memfd_create("syzkaller", 0 [pid 6339] <... chdir resumed>) = 0 [pid 6338] <... memfd_create resumed>) = 3 [pid 6340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6335] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6341] <... memfd_create resumed>) = 3 [pid 6340] <... mmap resumed>) = 0x7fbb60600000 [pid 6339] <... prctl resumed>) = 0 [pid 6341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6340] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6339] setpgid(0, 0 [pid 6338] <... mmap resumed>) = 0x7fbb60600000 [pid 6337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6341] <... mmap resumed>) = 0x7fbb60600000 [pid 6341] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6338] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6339] <... setpgid resumed>) = 0 [pid 6337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6342 attached [pid 6339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6342] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6337] <... clone3 resumed> => {parent_tid=[6342]}, 88) = 6342 [pid 6342] <... rseq resumed>) = 0 [pid 6341] <... write resumed>) = 131072 [pid 6340] <... write resumed>) = 131072 [pid 6339] <... openat resumed>) = 3 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] write(3, "1000", 4 [pid 6338] <... write resumed>) = 131072 [pid 6339] <... write resumed>) = 4 [pid 6339] close(3 [pid 6342] set_robust_list(0x7fbb68bde9a0, 24 [pid 6339] <... close resumed>) = 0 [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6342] <... set_robust_list resumed>) = 0 [pid 6339] symlink("/dev/binderfs", "./binderfs" [pid 6337] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], [pid 6341] munmap(0x7fbb60600000, 138412032 [pid 6337] <... futex resumed>) = 0 [pid 6342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6340] munmap(0x7fbb60600000, 138412032 [pid 6337] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6342] memfd_create("syzkaller", 0 [pid 6341] <... munmap resumed>) = 0 [pid 6340] <... munmap resumed>) = 0 [pid 6342] <... memfd_create resumed>) = 3 [pid 6342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6342] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6341] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6340] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6341] <... openat resumed>) = 4 [pid 6340] <... openat resumed>) = 4 [pid 6341] ioctl(4, LOOP_SET_FD, 3 [pid 6340] ioctl(4, LOOP_SET_FD, 3 [pid 6339] <... symlink resumed>) = 0 [pid 6338] munmap(0x7fbb60600000, 138412032 [pid 6342] <... write resumed>) = 131072 executing program [pid 6342] munmap(0x7fbb60600000, 138412032 [pid 6339] write(1, "executing program\n", 18 [pid 6338] <... munmap resumed>) = 0 [pid 6339] <... write resumed>) = 18 [pid 6338] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6342] <... munmap resumed>) = 0 [pid 6339] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... openat resumed>) = 4 [pid 6339] <... futex resumed>) = 0 [pid 6338] ioctl(4, LOOP_SET_FD, 3 [pid 6339] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6342] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6342] ioctl(4, LOOP_SET_FD, 3 [pid 6339] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6341] <... ioctl resumed>) = 0 [pid 6340] <... ioctl resumed>) = 0 [pid 6339] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6338] <... ioctl resumed>) = 0 [pid 6341] close(3 [pid 6340] close(3 [pid 6341] <... close resumed>) = 0 [pid 6340] <... close resumed>) = 0 [pid 6341] close(4 [pid 6340] close(4) = 0 [pid 6340] mkdir("./file2", 0777) = 0 [pid 6340] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6338] close(3 [pid 6342] <... ioctl resumed>) = 0 [pid 6341] <... close resumed>) = 0 [pid 6339] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [ 111.733590][ T6340] loop2: detected capacity change from 0 to 256 [ 111.740442][ T6341] loop3: detected capacity change from 0 to 256 [ 111.758849][ T6338] loop4: detected capacity change from 0 to 256 [ 111.759835][ T6342] loop1: detected capacity change from 0 to 256 [pid 6341] mkdir("./file2", 0777 [pid 6339] <... mprotect resumed>) = 0 [pid 6338] <... close resumed>) = 0 [pid 6341] <... mkdir resumed>) = 0 [pid 6341] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6342] close(3) = 0 [pid 6339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6342] close(4 [pid 6339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6338] close(4 [pid 6342] <... close resumed>) = 0 [pid 6339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6343 attached [pid 6342] mkdir("./file2", 0777 [pid 6343] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6342] <... mkdir resumed>) = 0 [pid 6339] <... clone3 resumed> => {parent_tid=[6343]}, 88) = 6343 [pid 6338] <... close resumed>) = 0 [pid 6343] <... rseq resumed>) = 0 [pid 6342] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6339] rt_sigprocmask(SIG_SETMASK, [], [pid 6343] set_robust_list(0x7fbb68bde9a0, 24 [pid 6339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] mkdir("./file2", 0777 [pid 6343] <... set_robust_list resumed>) = 0 [pid 6339] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] rt_sigprocmask(SIG_SETMASK, [], [pid 6339] <... futex resumed>) = 0 [pid 6343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6339] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6343] memfd_create("syzkaller", 0) = 3 [pid 6343] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6343] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6343] munmap(0x7fbb60600000, 138412032) = 0 [pid 6338] <... mkdir resumed>) = 0 [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6343] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6338] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6343] close(3 [pid 6340] <... mount resumed>) = 0 [pid 6340] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6340] chdir("./file2") = 0 [ 111.790608][ T6340] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.820112][ T6340] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 111.832083][ T6343] loop0: detected capacity change from 0 to 256 [pid 6343] <... close resumed>) = 0 [pid 6340] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6343] close(4) = 0 [pid 6343] mkdir("./file2", 0777) = 0 [pid 6343] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6340] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6340] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6336] <... futex resumed>) = 0 [pid 6336] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6340] mkdir("./file3", 0777 [ 111.856778][ T6338] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.876504][ T6341] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.893428][ T6338] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6336] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... mount resumed>) = 0 [pid 6341] <... mount resumed>) = 0 [pid 6340] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6338] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6341] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6340] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6338] <... openat resumed>) = 3 [pid 6341] <... openat resumed>) = 3 [pid 6338] chdir("./file2" [pid 6341] chdir("./file2" [pid 6338] <... chdir resumed>) = 0 [pid 6341] <... chdir resumed>) = 0 [pid 6338] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6341] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6338] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6341] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6338] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = 1 [pid 6341] <... futex resumed>) = 1 [pid 6338] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 111.910500][ T6341] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 111.920527][ T6340] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.931099][ T6342] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.931777][ T6340] exFAT-fs (loop2): Filesystem has been set read-only [ 111.951249][ T6342] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6341] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6336] <... futex resumed>) = ? [pid 6335] <... futex resumed>) = 0 [pid 6334] <... futex resumed>) = 0 [pid 6340] +++ killed by SIGSEGV +++ [pid 6335] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = 0 [pid 6338] <... futex resumed>) = 0 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 1 [pid 6341] mkdir("./file3", 0777 [pid 6338] mkdir("./file3", 0777 [pid 6336] +++ killed by SIGSEGV +++ [pid 6335] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6334] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6336, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6342] <... mount resumed>) = 0 [pid 6342] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6342] chdir("./file2") = 0 [pid 6342] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6342] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6342] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] <... futex resumed>) = 0 [pid 6342] mkdir("./file3", 0777 [pid 6337] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... restart_syscall resumed>) = 0 [pid 5820] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 111.964486][ T6341] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.974783][ T6342] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.976960][ T6338] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 111.985773][ T6343] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 111.993642][ T6341] exFAT-fs (loop3): Filesystem has been set read-only [pid 5820] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6334] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6334] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6334] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6335] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6334] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6335] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6335] <... futex resumed>) = 0 [pid 6334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6344]}, 88) = 6344 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], [pid 6335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6335] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6334] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6334] <... futex resumed>) = 0 [pid 6335] <... mprotect resumed>) = 0 [pid 6334] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6345]}, 88) = 6345 [pid 6335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6335] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6344 attached [pid 6344] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 6345 attached [pid 6341] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6338] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... umount2 resumed>) = 0 [pid 6344] <... rseq resumed>) = 0 [pid 5820] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6344] set_robust_list(0x7fbb68bbd9a0, 24 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6344] <... set_robust_list resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./46/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6344] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6344] openat(AT_FDCWD, ".", O_RDONLY [pid 5820] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6344] <... openat resumed>) = 4 [pid 5820] <... openat resumed>) = 4 [pid 6345] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6344] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] newfstatat(4, "", [pid 6344] <... futex resumed>) = 1 [pid 6337] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6334] <... futex resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6337] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(4, [pid 6337] <... futex resumed>) = 0 [pid 6334] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6334] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] getdents64(4, [pid 6337] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6337] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5820] close(4 [pid 6337] <... mprotect resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6344] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6337] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] rmdir("./46/file2" [pid 6344] <... ioctl resumed>) = 0 [pid 6337] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5820] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6345] <... rseq resumed>) = 0 [pid 6341] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6338] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6337] <... clone3 resumed> => {parent_tid=[6346]}, 88) = 6346 [pid 6335] <... futex resumed>) = ? [pid 5820] unlink("./46/binderfs"./strace-static-x86_64: Process 6346 attached [pid 6337] rt_sigprocmask(SIG_SETMASK, [], [pid 6345] +++ killed by SIGSEGV +++ [pid 6346] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6334] <... futex resumed>) = ? [pid 5820] <... unlink resumed>) = 0 [pid 6346] <... rseq resumed>) = 0 [pid 6344] +++ killed by SIGSEGV +++ [pid 6346] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6337] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(3, [pid 6346] <... set_robust_list resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] close(3 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 6346] openat(AT_FDCWD, ".", O_RDONLY [pid 6337] <... futex resumed>) = 0 [pid 5820] rmdir("./46" [pid 6346] <... openat resumed>) = 4 [pid 6337] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... rmdir resumed>) = 0 [pid 6346] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5820] mkdir("./47", 0777 [pid 6346] <... futex resumed>) = 0 [pid 6337] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... mkdir resumed>) = 0 [pid 6346] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6337] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6346] <... ioctl resumed>) = 0 [pid 6342] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6337] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... openat resumed>) = 3 [pid 6346] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6337] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6346] <... futex resumed>) = ? [pid 6338] +++ killed by SIGSEGV +++ [pid 6334] +++ killed by SIGSEGV +++ [pid 5820] <... ioctl resumed>) = 0 [pid 6346] +++ killed by SIGSEGV +++ [pid 6342] +++ killed by SIGSEGV +++ [pid 6341] +++ killed by SIGSEGV +++ [pid 6335] +++ killed by SIGSEGV +++ [pid 5820] close(3 [pid 6343] <... mount resumed>) = 0 [pid 6337] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6334, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6335, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6343] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6343] <... openat resumed>) = 3 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6337, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6343] chdir("./file2") = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6343] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6343] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6347 attached [pid 6343] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 112.008521][ T6342] exFAT-fs (loop1): Filesystem has been set read-only [ 112.014178][ T6338] exFAT-fs (loop4): Filesystem has been set read-only [ 112.027535][ T6343] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6347] set_robust_list(0x55555eedf6a0, 24 [pid 5822] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 6343] <... futex resumed>) = 1 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6339] <... futex resumed>) = 0 [pid 6347] <... set_robust_list resumed>) = 0 [pid 6343] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 5821] newfstatat(3, "", [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6347 [pid 5819] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6347] chdir("./47" [pid 6343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6339] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6347] <... chdir resumed>) = 0 [pid 6343] mkdir("./file3", 0777 [pid 6339] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] newfstatat(3, "", [pid 5821] getdents64(3, [pid 5819] newfstatat(3, "", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] getdents64(3, [pid 5821] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./47/file2") = 0 [pid 5821] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./47/binderfs" [pid 6347] <... prctl resumed>) = 0 [pid 6343] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5819] getdents64(3, [pid 6347] setpgid(0, 0 [pid 6343] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] getdents64(3, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6347] <... setpgid resumed>) = 0 [pid 6339] <... futex resumed>) = ? [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] close(3) = 0 [pid 5821] rmdir("./47" [pid 6343] +++ killed by SIGSEGV +++ [pid 6339] +++ killed by SIGSEGV +++ [pid 5821] <... rmdir resumed>) = 0 [pid 6347] <... openat resumed>) = 3 [pid 5821] mkdir("./48", 0777 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6339, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6347] write(3, "1000", 4 [pid 5822] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... mkdir resumed>) = 0 [pid 5819] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] <... write resumed>) = 4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./47/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 6347] close(3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5819] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] symlink("/dev/binderfs", "./binderfs" [pid 5822] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5822] <... openat resumed>) = 4 executing program [pid 5821] <... ioctl resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./47/file2", [pid 6347] <... symlink resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5821] close(3 [pid 6347] write(1, "executing program\n", 18 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... close resumed>) = 0 [pid 6347] <... write resumed>) = 18 [pid 6347] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 6347] <... futex resumed>) = 0 [pid 6347] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./45", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6347] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] getdents64(4, [pid 5818] <... openat resumed>) = 3 [pid 6347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6347] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6347] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6348 attached [ 112.084064][ T6343] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.097071][ T6343] exFAT-fs (loop0): Filesystem has been set read-only ) = 0 [pid 5822] close(4 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6348 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(3, "", [pid 6347] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6347] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] rmdir("./47/file2" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6349 attached [pid 6348] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6349] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6348] <... set_robust_list resumed>) = 0 [pid 6347] <... clone3 resumed> => {parent_tid=[6349]}, 88) = 6349 [pid 6349] <... rseq resumed>) = 0 [pid 6348] chdir("./48" [pid 6347] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 4 [pid 6349] set_robust_list(0x7fbb68bde9a0, 24 [pid 6348] <... chdir resumed>) = 0 [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = 0 [pid 6349] <... set_robust_list resumed>) = 0 [pid 6348] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6347] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6348] <... prctl resumed>) = 0 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] setpgid(0, 0 [pid 6347] <... futex resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6348] <... setpgid resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6349] memfd_create("syzkaller", 0 [pid 5819] getdents64(4, [pid 5818] newfstatat(AT_FDCWD, "./45/file2", [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6349] <... memfd_create resumed>) = 3 [pid 6348] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] close(4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6348] <... openat resumed>) = 3 [pid 5822] unlink("./47/binderfs" [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./45/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./47/file2" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6348] write(3, "1000", 4 [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./45/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6348] <... write resumed>) = 4 [pid 5822] getdents64(3, [pid 5818] <... openat resumed>) = 4 [pid 6349] <... mmap resumed>) = 0x7fbb60600000 [pid 6348] close(3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(4, "", [pid 6348] <... close resumed>) = 0 [pid 5822] close(3executing program [pid 5819] newfstatat(AT_FDCWD, "./47/binderfs", [pid 5822] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] rmdir("./47" [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 5819] unlink("./47/binderfs" [pid 6348] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6348] <... symlink resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] getdents64(4, [pid 6348] write(1, "executing program\n", 18 [pid 5822] mkdir("./48", 0777 [pid 6349] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6348] <... write resumed>) = 18 [pid 5822] <... mkdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6348] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] close(3 [pid 5818] close(4 [pid 6348] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6349] <... write resumed>) = 131072 [pid 6348] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6348] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] rmdir("./47" [pid 5818] rmdir("./45/file2" [pid 6348] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6348] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5818] <... rmdir resumed>) = 0 [pid 6348] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... ioctl resumed>) = 0 [pid 6348] <... mprotect resumed>) = 0 [pid 5822] close(3 [pid 5818] umount2("./45/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6349] munmap(0x7fbb60600000, 138412032 [pid 6348] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6348] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6348] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6349] <... munmap resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./45/binderfs", [pid 6349] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] mkdir("./48", 0777 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6348] <... clone3 resumed> => {parent_tid=[6350]}, 88) = 6350 [pid 6349] <... openat resumed>) = 4 [pid 5818] unlink("./45/binderfs" [pid 6348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6350 attached [pid 6348] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6348] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6350] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5819] <... mkdir resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6350] <... rseq resumed>) = 0 [pid 6349] ioctl(4, LOOP_SET_FD, 3 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... unlink resumed>) = 0 [pid 6350] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6351 attached NULL, 8) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] getdents64(3, [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6351] set_robust_list(0x55555eedf6a0, 24 [pid 6350] memfd_create("syzkaller", 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6351] <... set_robust_list resumed>) = 0 [pid 5819] close(3 [pid 5818] close(3 [pid 6351] chdir("./48" [pid 6350] <... memfd_create resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 6351] <... chdir resumed>) = 0 [pid 6350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6351] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6350] <... mmap resumed>) = 0x7fbb60600000 [pid 6351] <... prctl resumed>) = 0 [pid 6350] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] <... close resumed>) = 0 [pid 5818] rmdir("./45" [pid 6351] setpgid(0, 0) = 0 [pid 6350] <... write resumed>) = 131072 [pid 5818] <... rmdir resumed>) = 0 executing program [pid 6351] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] mkdir("./46", 0777 [pid 6351] <... openat resumed>) = 3 [pid 6351] write(3, "1000", 4) = 4 [pid 6350] munmap(0x7fbb60600000, 138412032 [pid 6351] close(3 [pid 6350] <... munmap resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... mkdir resumed>) = 0 [pid 6351] <... close resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6351] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6350] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6351] write(1, "executing program\n", 18 [pid 6350] <... openat resumed>) = 4 [pid 6351] <... write resumed>) = 18 [pid 6350] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6352 attached [pid 6351] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... openat resumed>) = 3 [pid 6351] <... futex resumed>) = 0 [pid 6351] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6351] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6351 [pid 6351] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6351] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6351] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6351] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6353 attached => {parent_tid=[6353]}, 88) = 6353 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6351] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6351] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6353] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6353] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6353] memfd_create("syzkaller", 0) = 3 [pid 6353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6353] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6350] <... ioctl resumed>) = 0 [pid 6352] set_robust_list(0x55555eedf6a0, 24 [pid 6349] <... ioctl resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6352 [pid 5818] <... ioctl resumed>) = 0 [pid 6350] close(3 [pid 5818] close(3 [pid 6352] <... set_robust_list resumed>) = 0 [pid 6350] <... close resumed>) = 0 [pid 6349] close(3 [pid 6353] <... write resumed>) = 131072 [pid 6352] chdir("./48" [pid 6350] close(4 [pid 6349] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6352] <... chdir resumed>) = 0 [pid 6349] close(4) = 0 [pid 6349] mkdir("./file2", 0777 [pid 6352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6349] <... mkdir resumed>) = 0 [pid 6349] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6352] setpgid(0, 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6352] <... setpgid resumed>) = 0 [pid 6350] <... close resumed>) = 0 [pid 6350] mkdir("./file2", 0777./strace-static-x86_64: Process 6354 attached [pid 6352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6350] <... mkdir resumed>) = 0 [pid 6350] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6352] <... openat resumed>) = 3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6354 [pid 6352] write(3, "1000", 4 [pid 6354] set_robust_list(0x55555eedf6a0, 24 [pid 6352] <... write resumed>) = 4 [ 112.197945][ T6349] loop2: detected capacity change from 0 to 256 [ 112.221566][ T6350] loop3: detected capacity change from 0 to 256 [pid 6354] <... set_robust_list resumed>) = 0 [pid 6353] munmap(0x7fbb60600000, 138412032 [pid 6352] close(3) = 0 [pid 6352] symlink("/dev/binderfs", "./binderfs"executing program [pid 6354] chdir("./46" [pid 6352] <... symlink resumed>) = 0 [pid 6354] <... chdir resumed>) = 0 [pid 6352] write(1, "executing program\n", 18 [pid 6354] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6352] <... write resumed>) = 18 [pid 6354] <... prctl resumed>) = 0 [pid 6353] <... munmap resumed>) = 0 [pid 6352] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6354] setpgid(0, 0 [pid 6352] <... futex resumed>) = 0 [pid 6354] <... setpgid resumed>) = 0 [pid 6352] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6353] <... openat resumed>) = 4 [pid 6354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6352] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6353] ioctl(4, LOOP_SET_FD, 3 [pid 6352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6354] <... openat resumed>) = 3 [pid 6352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] write(3, "1000", 4 [pid 6352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6354] <... write resumed>) = 4 [pid 6354] close(3 [pid 6352] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6354] <... close resumed>) = 0 [pid 6354] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6354] write(1, "executing program\n", 18) = 18 [pid 6354] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [ 112.280418][ T6349] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 112.298999][ T6353] loop4: detected capacity change from 0 to 256 [ 112.313085][ T6350] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6352] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6354] <... futex resumed>) = 0 [pid 6352] <... mprotect resumed>) = 0 [pid 6354] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6353] <... ioctl resumed>) = 0 [pid 6352] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6354] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6353] close(3) = 0 [pid 6353] close(4) = 0 [pid 6353] mkdir("./file2", 0777) = 0 [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6353] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6352] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6354] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6355 attached [pid 6354] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6352] <... clone3 resumed> => {parent_tid=[6355]}, 88) = 6355 [pid 6354] <... mprotect resumed>) = 0 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], [pid 6355] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6352] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... rseq resumed>) = 0 [pid 6352] <... futex resumed>) = 0 [pid 6355] set_robust_list(0x7fbb68bde9a0, 24 [pid 6352] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6355] <... set_robust_list resumed>) = 0 [pid 6349] <... mount resumed>) = 0 [pid 6349] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6349] chdir("./file2") = 0 [pid 6354] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6355] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6356 attached [pid 6355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6349] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] memfd_create("syzkaller", 0 [pid 6347] <... futex resumed>) = 0 [pid 6354] <... clone3 resumed> => {parent_tid=[6356]}, 88) = 6356 [pid 6347] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], [pid 6349] <... futex resumed>) = 0 [pid 6347] <... futex resumed>) = 1 [pid 6354] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6354] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 112.330884][ T6349] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 112.344155][ T6350] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 112.360559][ T6353] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6356] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6354] <... futex resumed>) = 0 [pid 6356] <... rseq resumed>) = 0 [pid 6355] <... memfd_create resumed>) = 3 [pid 6356] set_robust_list(0x7fbb68bde9a0, 24 [pid 6354] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6356] <... set_robust_list resumed>) = 0 [pid 6355] <... mmap resumed>) = 0x7fbb60600000 [pid 6349] mkdir("./file3", 0777 [pid 6356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6355] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6350] <... mount resumed>) = 0 [pid 6350] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6350] chdir("./file2") = 0 [pid 6350] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6350] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6348] <... futex resumed>) = 0 [pid 6348] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] <... futex resumed>) = 0 [pid 6348] <... futex resumed>) = 1 [pid 6350] mkdir("./file3", 0777 [pid 6356] memfd_create("syzkaller", 0 [pid 6355] <... write resumed>) = 131072 [pid 6348] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... memfd_create resumed>) = 3 [pid 6355] munmap(0x7fbb60600000, 138412032 [pid 6349] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6355] <... munmap resumed>) = 0 [pid 6349] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6356] <... mmap resumed>) = 0x7fbb60600000 [pid 6355] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6356] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6355] <... openat resumed>) = 4 [pid 6353] <... mount resumed>) = 0 [pid 6350] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6347] <... futex resumed>) = ? [pid 6356] <... write resumed>) = 131072 [pid 6355] ioctl(4, LOOP_SET_FD, 3 [pid 6353] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6350] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6349] +++ killed by SIGSEGV +++ [pid 6348] <... futex resumed>) = ? [pid 6350] +++ killed by SIGSEGV +++ [pid 6348] +++ killed by SIGSEGV +++ [pid 6347] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6348, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6347, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [ 112.382357][ T6349] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.389552][ T6353] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 112.397304][ T6350] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.403607][ T6349] exFAT-fs (loop2): Filesystem has been set read-only [ 112.412265][ T6350] exFAT-fs (loop3): Filesystem has been set read-only [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6356] munmap(0x7fbb60600000, 138412032 [pid 6353] <... openat resumed>) = 3 [pid 6355] <... ioctl resumed>) = 0 [pid 6356] <... munmap resumed>) = 0 [pid 6355] close(3 [pid 6353] chdir("./file2" [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 6356] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6355] <... close resumed>) = 0 [pid 6356] <... openat resumed>) = 4 [pid 6355] close(4 [pid 6353] <... chdir resumed>) = 0 [pid 5821] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [ 112.430808][ T6355] loop1: detected capacity change from 0 to 256 [pid 6356] ioctl(4, LOOP_SET_FD, 3 [pid 6355] <... close resumed>) = 0 [pid 6353] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(3, "", [pid 5820] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6355] mkdir("./file2", 0777 [pid 5821] getdents64(3, [pid 6355] <... mkdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] newfstatat(3, "", [pid 6355] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6353] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5821] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6353] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./47/file2", [pid 5821] newfstatat(AT_FDCWD, "./48/file2", [pid 6353] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6351] <... futex resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 6351] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", [pid 6351] <... futex resumed>) = 1 [pid 6353] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(4, "", [pid 5821] getdents64(4, [pid 6353] mkdir("./file3", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] close(4 [pid 5820] getdents64(4, [pid 5821] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6351] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 112.453473][ T6356] loop0: detected capacity change from 0 to 256 [ 112.473946][ T6355] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 112.493966][ T6353] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5820] close(4 [pid 6356] <... ioctl resumed>) = 0 [pid 5821] rmdir("./48/file2" [pid 5820] <... close resumed>) = 0 [pid 6356] close(3 [pid 6355] <... mount resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] rmdir("./47/file2" [pid 6356] <... close resumed>) = 0 [pid 6355] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 6356] close(4 [pid 6355] <... openat resumed>) = 3 [pid 6353] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6356] <... close resumed>) = 0 [pid 6353] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6351] <... futex resumed>) = ? [pid 6353] +++ killed by SIGSEGV +++ [pid 6351] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6351, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6356] mkdir("./file2", 0777 [pid 6355] chdir("./file2" [pid 5821] newfstatat(AT_FDCWD, "./48/binderfs", [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6356] <... mkdir resumed>) = 0 [pid 5820] unlink("./47/binderfs" [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6356] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6355] <... chdir resumed>) = 0 [pid 5821] unlink("./48/binderfs" [pid 6355] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 6355] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(3, [pid 6355] <... futex resumed>) = 1 [pid 6352] <... futex resumed>) = 0 [pid 5820] getdents64(3, [pid 6352] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6352] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6355] mkdir("./file3", 0777 [pid 6352] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] newfstatat(3, "", [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 5822] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] close(3 [pid 5820] <... close resumed>) = 0 [pid 5822] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6355] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5820] rmdir("./47" [pid 5822] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] rmdir("./48" [pid 6355] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... openat resumed>) = 4 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 112.501890][ T6355] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 112.508546][ T6353] exFAT-fs (loop4): Filesystem has been set read-only [ 112.535805][ T6355] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.545820][ T6355] exFAT-fs (loop1): Filesystem has been set read-only [pid 6352] <... futex resumed>) = ? [pid 5821] <... rmdir resumed>) = 0 [pid 5820] mkdir("./48", 0777 [pid 6355] +++ killed by SIGSEGV +++ [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./48/file2") = 0 [pid 5821] mkdir("./49", 0777 [pid 5820] <... mkdir resumed>) = 0 [pid 5822] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./48/binderfs" [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... openat resumed>) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6352] +++ killed by SIGSEGV +++ [pid 5822] <... unlink resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... ioctl resumed>) = 0 [pid 6356] <... mount resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] close(3 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6352, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6356] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] getdents64(3, [pid 5821] <... ioctl resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6356] <... openat resumed>) = 3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6356] chdir("./file2" [pid 5821] close(3 [pid 5820] <... close resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6356] <... chdir resumed>) = 0 [pid 6356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6356] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6356] <... futex resumed>) = 1 [pid 6356] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] close(3 [pid 6354] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6354] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 112.558557][ T6356] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 112.576195][ T6356] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6356] <... futex resumed>) = 0 [pid 6354] <... futex resumed>) = 1 [pid 5822] rmdir("./48" [pid 5819] <... openat resumed>) = 3 [pid 6354] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] newfstatat(3, "", [pid 6356] mkdir("./file3", 0777 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] mkdir("./49", 0777./strace-static-x86_64: Process 6357 attached ) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6358 ./strace-static-x86_64: Process 6358 attached [pid 6358] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6358] chdir("./49") = 0 [pid 6358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 6358] setpgid(0, 0 [pid 5822] close(3 [pid 6358] <... setpgid resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6357] set_robust_list(0x55555eedf6a0, 24 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6357 [pid 5819] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6358] <... openat resumed>) = 3 [pid 6357] <... set_robust_list resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./48/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6357] chdir("./48" [pid 5819] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6358] write(3, "1000", 4 [pid 6357] <... chdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6358] <... write resumed>) = 4 [pid 6357] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6358] close(3 [pid 6357] <... prctl resumed>) = 0 [pid 6358] <... close resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 6358] symlink("/dev/binderfs", "./binderfs" [pid 6357] setpgid(0, 0 [pid 5819] newfstatat(4, "", [pid 6358] <... symlink resumed>) = 0 [pid 6357] <... setpgid resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 6359 attached [pid 6358] write(1, "executing program\n", 18 [pid 6357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6358] <... write resumed>) = 18 [pid 6358] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... openat resumed>) = 3 [pid 5819] getdents64(4, [pid 6358] <... futex resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6359] set_robust_list(0x55555eedf6a0, 24 [pid 6358] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6357] write(3, "1000", 4 [pid 5819] getdents64(4, [pid 6359] <... set_robust_list resumed>) = 0 [pid 6358] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6359 [pid 6358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6359] chdir("./49" [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6357] <... write resumed>) = 4 [pid 5819] close(4 [pid 6359] <... chdir resumed>) = 0 [pid 6358] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6359] setpgid(0, 0 [pid 6358] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6359] <... setpgid resumed>) = 0 [pid 6358] <... mprotect resumed>) = 0 [pid 6358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6360]}, 88) = 6360 [pid 6358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6358] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6360 attached [pid 6360] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6360] set_robust_list(0x7fbb68bde9a0, 24 [pid 6354] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6354] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 6360] <... set_robust_list resumed>) = 0 [pid 6359] <... openat resumed>) = 3 [pid 6354] <... futex resumed>) = 0 [pid 6357] close(3 [pid 5819] rmdir("./48/file2" [pid 6357] <... close resumed>) = 0 [pid 6360] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... rmdir resumed>) = 0 [pid 6357] symlink("/dev/binderfs", "./binderfs" [pid 6354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6360] memfd_create("syzkaller", 0) = 3 [pid 6360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 executing program [pid 6357] <... symlink resumed>) = 0 [pid 6354] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6359] write(3, "1000", 4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6360] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6359] <... write resumed>) = 4 [pid 6357] write(1, "executing program\n", 18 [pid 6354] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5819] newfstatat(AT_FDCWD, "./48/binderfs", [pid 6359] close(3 [pid 6357] <... write resumed>) = 18 [pid 6356] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6354] <... mprotect resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6359] <... close resumed>) = 0 [pid 6357] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6354] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] unlink("./48/binderfs" [pid 6360] <... write resumed>) = 131072 [pid 6359] symlink("/dev/binderfs", "./binderfs" [pid 6357] <... futex resumed>) = 0 [pid 6357] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... unlink resumed>) = 0 [pid 6359] <... symlink resumed>) = 0 executing program [pid 6357] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6359] write(1, "executing program\n", 18 [pid 6357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6354] <... rt_sigprocmask resumed> ) = ? [pid 5819] getdents64(3, [pid 6359] <... write resumed>) = 18 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6356] +++ killed by SIGSEGV +++ [pid 6360] munmap(0x7fbb60600000, 138412032 [pid 6359] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6360] <... munmap resumed>) = 0 [pid 6359] <... futex resumed>) = 0 [pid 6357] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] close(3 [pid 6359] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6357] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6359] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] <... close resumed>) = 0 [pid 6359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6357] <... mprotect resumed>) = 0 [pid 5819] rmdir("./48" [pid 6360] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6360] <... openat resumed>) = 4 [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 112.606933][ T6356] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.641420][ T6356] exFAT-fs (loop0): Filesystem has been set read-only [pid 5819] <... rmdir resumed>) = 0 [pid 6360] ioctl(4, LOOP_SET_FD, 3 [pid 6359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6361 attached [pid 6359] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] mkdir("./49", 0777 [pid 6354] +++ killed by SIGSEGV +++ [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6354, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6359] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6357] <... clone3 resumed> => {parent_tid=[6361]}, 88) = 6361 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6359] <... mprotect resumed>) = 0 [pid 6361] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] umount2("./46", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6359] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6361] <... rseq resumed>) = 0 [pid 6359] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6357] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6361] set_robust_list(0x7fbb68bde9a0, 24 [pid 6359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6357] <... futex resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 6362 attached [pid 6361] <... set_robust_list resumed>) = 0 [pid 6357] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6359] <... clone3 resumed> => {parent_tid=[6362]}, 88) = 6362 [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6359] rt_sigprocmask(SIG_SETMASK, [], [pid 6362] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6361] memfd_create("syzkaller", 0 [pid 6362] <... rseq resumed>) = 0 [pid 6359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] getdents64(3, [pid 6362] set_robust_list(0x7fbb68bde9a0, 24 [pid 6360] <... ioctl resumed>) = 0 [pid 6359] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... set_robust_list resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6362] rt_sigprocmask(SIG_SETMASK, [], [pid 6360] close(3 [pid 5818] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6359] <... futex resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6362] memfd_create("syzkaller", 0 [pid 6360] <... close resumed>) = 0 [pid 6359] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] close(3 [pid 6362] <... memfd_create resumed>) = 3 [pid 6360] close(4 [pid 6362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6360] <... close resumed>) = 0 [pid 6362] <... mmap resumed>) = 0x7fbb60600000 [pid 6360] mkdir("./file2", 0777 [pid 6362] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6360] <... mkdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6361] <... memfd_create resumed>) = 3 [pid 6360] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""./strace-static-x86_64: Process 6363 attached [pid 6361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6363] set_robust_list(0x55555eedf6a0, 24 [pid 6362] <... write resumed>) = 131072 [pid 6361] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6363 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6361] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] newfstatat(AT_FDCWD, "./46/file2", [ 112.677220][ T6360] loop3: detected capacity change from 0 to 256 [pid 6362] munmap(0x7fbb60600000, 138412032 [pid 6363] <... set_robust_list resumed>) = 0 [pid 6362] <... munmap resumed>) = 0 [pid 6361] <... write resumed>) = 131072 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./46/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6363] chdir("./49" [pid 6361] munmap(0x7fbb60600000, 138412032 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6363] <... chdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./46/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5818] <... openat resumed>) = 4 [pid 6363] <... prctl resumed>) = 0 [pid 6363] setpgid(0, 0 [pid 6361] <... munmap resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6363] <... setpgid resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6362] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] getdents64(4, [pid 6362] <... openat resumed>) = 4 [pid 6363] <... openat resumed>) = 3 [pid 6362] ioctl(4, LOOP_SET_FD, 3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6363] write(3, "1000", 4 [pid 5818] getdents64(4, [pid 6363] <... write resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6363] close(3 [pid 5818] close(4 [pid 6363] <... close resumed>) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs" [pid 6362] <... ioctl resumed>) = 0 [pid 6361] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 6363] <... symlink resumed>) = 0 [pid 6361] <... openat resumed>) = 4 [pid 5818] rmdir("./46/file2" [pid 6363] write(1, "executing program\n", 18 [pid 6361] ioctl(4, LOOP_SET_FD, 3executing program [pid 6362] close(3 [pid 6363] <... write resumed>) = 18 [pid 6361] <... ioctl resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6362] <... close resumed>) = 0 [pid 6363] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] close(4 [pid 6361] close(3 [pid 5818] umount2("./46/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6363] <... futex resumed>) = 0 [pid 6361] <... close resumed>) = 0 [pid 6363] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6361] close(4 [pid 6363] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] newfstatat(AT_FDCWD, "./46/binderfs", [pid 6363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6361] <... close resumed>) = 0 [pid 6363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6362] <... close resumed>) = 0 [pid 6361] mkdir("./file2", 0777 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6362] mkdir("./file2", 0777 [pid 6363] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6362] <... mkdir resumed>) = 0 [pid 6361] <... mkdir resumed>) = 0 [pid 5818] unlink("./46/binderfs" [pid 6363] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6362] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... unlink resumed>) = 0 [pid 6363] <... mprotect resumed>) = 0 [pid 5818] getdents64(3, [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6363] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6361] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] close(3 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] <... close resumed>) = 0 [ 112.723869][ T6360] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 112.741653][ T6362] loop4: detected capacity change from 0 to 256 [ 112.755100][ T6361] loop2: detected capacity change from 0 to 256 [ 112.755198][ T6360] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) ./strace-static-x86_64: Process 6364 attached [pid 5818] rmdir("./46" [pid 6364] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5818] <... rmdir resumed>) = 0 [pid 6364] <... rseq resumed>) = 0 [pid 5818] mkdir("./47", 0777 [pid 6364] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6363] <... clone3 resumed> => {parent_tid=[6364]}, 88) = 6364 [pid 6360] <... mount resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6364] rt_sigprocmask(SIG_SETMASK, [], [pid 6363] rt_sigprocmask(SIG_SETMASK, [], [pid 6364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6364] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6360] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6360] chdir("./file2") = 0 [pid 6360] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6360] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6358] <... futex resumed>) = 0 [pid 6360] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6360] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] mkdir("./file3", 0777 [pid 6358] <... futex resumed>) = 0 [pid 6364] <... futex resumed>) = 0 [pid 6363] <... futex resumed>) = 1 [pid 6363] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6358] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6364] memfd_create("syzkaller", 0) = 3 [pid 5818] <... openat resumed>) = 3 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6364] <... mmap resumed>) = 0x7fbb60600000 [ 112.792980][ T6362] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 112.824335][ T6360] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.828980][ T6362] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6364] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] <... ioctl resumed>) = 0 [pid 6364] <... write resumed>) = 131072 [pid 5818] close(3 [pid 6364] munmap(0x7fbb60600000, 138412032 [pid 5818] <... close resumed>) = 0 [pid 6364] <... munmap resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6364] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6365 [pid 6364] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6365 attached [pid 6365] set_robust_list(0x55555eedf6a0, 24 [pid 6362] <... mount resumed>) = 0 [pid 6362] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6362] chdir("./file2") = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6362] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] <... futex resumed>) = 0 [pid 6359] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] mkdir("./file3", 0777 [pid 6365] <... set_robust_list resumed>) = 0 [pid 6365] chdir("./47" [pid 6364] <... ioctl resumed>) = 0 [pid 6358] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6365] <... chdir resumed>) = 0 [pid 6360] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6358] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6365] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6360] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6358] <... futex resumed>) = 0 [pid 6365] <... prctl resumed>) = 0 [pid 6365] setpgid(0, 0) = 0 [pid 6365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6360] +++ killed by SIGSEGV +++ [pid 6358] +++ killed by SIGSEGV +++ [pid 6365] <... openat resumed>) = 3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6358, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5821] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6364] close(3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6364] <... close resumed>) = 0 [ 112.836389][ T6360] exFAT-fs (loop3): Filesystem has been set read-only [ 112.858765][ T6362] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.869852][ T6364] loop1: detected capacity change from 0 to 256 [ 112.878844][ T6361] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6364] close(4) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6364] mkdir("./file2", 0777 [pid 5821] newfstatat(3, "", [pid 6365] write(3, "1000", 4 [pid 6364] <... mkdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 6365] <... write resumed>) = 4 [pid 6364] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6365] close(3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6365] <... close resumed>) = 0 [pid 5821] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6359] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... umount2 resumed>) = 0 [pid 6359] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6365] write(1, "executing program\n", 18 [pid 6359] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 6365] <... write resumed>) = 18 [pid 6365] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6365] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5821] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5821] newfstatat(AT_FDCWD, "./49/file2", [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6359] <... mprotect resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6365] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6365] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6359] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6359] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6362] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6359] <... clone3 resumed> => {parent_tid=[6366]}, 88) = 6366 [pid 6359] rt_sigprocmask(SIG_SETMASK, [], [pid 6362] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6365] <... mprotect resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6362] +++ killed by SIGSEGV +++ [ 112.894853][ T6362] exFAT-fs (loop4): Filesystem has been set read-only [ 112.911937][ T6364] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 112.928661][ T6361] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6361] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6366 attached [pid 6365] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6364] <... mount resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6364] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6361] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6365] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6364] <... openat resumed>) = 3 [pid 6361] <... openat resumed>) = 3 [pid 6365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... openat resumed>) = 4 [pid 6361] chdir("./file2" [pid 5821] newfstatat(4, "", ./strace-static-x86_64: Process 6367 attached [pid 6364] chdir("./file2" [pid 6361] <... chdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6367] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6366] +++ killed by SIGSEGV +++ [pid 6365] <... clone3 resumed> => {parent_tid=[6367]}, 88) = 6367 [pid 6364] <... chdir resumed>) = 0 [pid 6361] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6359] +++ killed by SIGSEGV +++ [pid 5821] getdents64(4, [pid 6367] <... rseq resumed>) = 0 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], [pid 6364] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6367] set_robust_list(0x7fbb68bde9a0, 24 [pid 6365] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6364] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6361] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6359, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6367] <... set_robust_list resumed>) = 0 [pid 6365] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6367] rt_sigprocmask(SIG_SETMASK, [], [pid 6365] <... futex resumed>) = 0 [pid 6361] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(4, [pid 6367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6365] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6361] <... futex resumed>) = 1 [pid 6357] <... futex resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6367] memfd_create("syzkaller", 0 [pid 6364] <... futex resumed>) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6361] mkdir("./file3", 0777 [pid 6357] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] close(4 [pid 6364] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6363] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] <... futex resumed>) = 0 [pid 6367] <... memfd_create resumed>) = 3 [pid 6364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] <... futex resumed>) = 0 [pid 6357] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... close resumed>) = 0 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6363] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 112.932677][ T6364] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] rmdir("./49/file2" [pid 6367] <... mmap resumed>) = 0x7fbb60600000 [pid 6364] mkdir("./file3", 0777 [pid 5821] <... rmdir resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6367] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... openat resumed>) = 3 [pid 5821] newfstatat(AT_FDCWD, "./49/binderfs", [pid 5822] newfstatat(3, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] unlink("./49/binderfs" [pid 5822] getdents64(3, [pid 5821] <... unlink resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(3, [pid 5822] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./49") = 0 [pid 5821] mkdir("./50", 0777 [pid 6364] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6364] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6367] <... write resumed>) = 131072 [pid 5822] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6367] munmap(0x7fbb60600000, 138412032 [pid 5822] getdents64(4, ./strace-static-x86_64: Process 6368 attached [pid 6367] <... munmap resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6368] set_robust_list(0x55555eedf6a0, 24 [pid 5822] getdents64(4, [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6368 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6368] <... set_robust_list resumed>) = 0 [pid 5822] close(4 [pid 6368] chdir("./50" [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./49/file2" [pid 6368] <... chdir resumed>) = 0 [pid 6367] <... openat resumed>) = 4 [pid 5822] <... rmdir resumed>) = 0 [pid 6368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6368] setpgid(0, 0 [pid 6367] ioctl(4, LOOP_SET_FD, 3 [pid 6357] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6357] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6368] <... setpgid resumed>) = 0 [pid 6357] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6357] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6357] <... mprotect resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./49/binderfs", [pid 6363] <... futex resumed>) = ? [pid 6357] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6357] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] unlink("./49/binderfs" [pid 6368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5822] <... unlink resumed>) = 0 [pid 6368] <... openat resumed>) = 3 [pid 5822] getdents64(3, ./strace-static-x86_64: Process 6369 attached [pid 6368] write(3, "1000", 4 [pid 6357] <... clone3 resumed> => {parent_tid=[6369]}, 88) = 6369 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6368] <... write resumed>) = 4 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] close(3 [pid 6368] close(3 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 6368] <... close resumed>) = 0 [pid 6357] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rmdir("./49"executing program [pid 6364] +++ killed by SIGSEGV +++ [pid 6363] +++ killed by SIGSEGV +++ [pid 6368] symlink("/dev/binderfs", "./binderfs" [pid 6357] <... futex resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6368] <... symlink resumed>) = 0 [pid 6357] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] mkdir("./50", 0777 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6363, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] <... mkdir resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6369] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6368] write(1, "executing program\n", 18 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6369] <... rseq resumed>) = 0 [pid 6368] <... write resumed>) = 18 [pid 5822] <... openat resumed>) = 3 [pid 6369] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6368] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6369] <... set_robust_list resumed>) = 0 [pid 6368] <... futex resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], [pid 6368] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] close(3 [pid 6369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6369] openat(AT_FDCWD, ".", O_RDONLY [pid 6361] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6369] <... openat resumed>) = 4 [pid 6369] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6368] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6369] <... futex resumed>) = 1 [pid 6368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6357] <... futex resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6361] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6357] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... openat resumed>) = 3 [pid 6368] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] newfstatat(3, "", [pid 6368] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6368] <... mprotect resumed>) = 0 [pid 5819] getdents64(3, [pid 6368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6367] <... ioctl resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6370 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6367] close(3./strace-static-x86_64: Process 6371 attached [pid 6371] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6368] <... clone3 resumed> => {parent_tid=[6371]}, 88) = 6371 [pid 6367] <... close resumed>) = 0 [pid 6371] <... rseq resumed>) = 0 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] close(4 [pid 6371] set_robust_list(0x7fbb68bde9a0, 24 [pid 6368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6367] <... close resumed>) = 0 [pid 6371] <... set_robust_list resumed>) = 0 [pid 6368] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] rt_sigprocmask(SIG_SETMASK, [], [pid 6368] <... futex resumed>) = 0 [pid 6367] mkdir("./file2", 0777 [pid 6371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6368] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6370 attached [ 112.965712][ T6364] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.966963][ T6361] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 112.975673][ T6364] exFAT-fs (loop1): Filesystem has been set read-only [ 112.992544][ T6361] exFAT-fs (loop2): Filesystem has been set read-only [ 113.009017][ T6367] loop0: detected capacity change from 0 to 256 [pid 6371] memfd_create("syzkaller", 0 [pid 6357] <... futex resumed>) = ? [pid 5819] <... umount2 resumed>) = 0 [pid 6371] <... memfd_create resumed>) = 3 [pid 6370] set_robust_list(0x55555eedf6a0, 24 [pid 6369] +++ killed by SIGSEGV +++ [pid 6367] <... mkdir resumed>) = 0 [pid 6361] +++ killed by SIGSEGV +++ [pid 5819] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6370] <... set_robust_list resumed>) = 0 [pid 6370] chdir("./50") = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6370] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] newfstatat(AT_FDCWD, "./49/file2", [pid 6370] <... prctl resumed>) = 0 [pid 6370] setpgid(0, 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6370] <... setpgid resumed>) = 0 [pid 5819] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6370] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6371] <... mmap resumed>) = 0x7fbb60600000 [pid 6370] write(3, "1000", 4 [pid 5819] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6370] <... write resumed>) = 4 [pid 6370] close(3) = 0 [pid 6370] symlink("/dev/binderfs", "./binderfs" [pid 6371] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6370] <... symlink resumed>) = 0 [pid 5819] <... openat resumed>) = 4 executing program [pid 6370] write(1, "executing program\n", 18 [pid 5819] newfstatat(4, "", [pid 6370] <... write resumed>) = 18 [pid 6367] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6370] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] +++ killed by SIGSEGV +++ [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6370] <... futex resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6357, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] getdents64(4, [pid 6370] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6370] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] close(4 [pid 6370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... close resumed>) = 0 [pid 6370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] rmdir("./49/file2" [pid 6370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6370] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6370] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] newfstatat(AT_FDCWD, "./49/binderfs", [pid 6371] <... write resumed>) = 131072 [pid 6370] <... mprotect resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./49/binderfs" [pid 6370] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6370] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] close(3 [pid 6370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6372 attached [pid 5820] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./49" [pid 6372] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... rmdir resumed>) = 0 [pid 6372] <... rseq resumed>) = 0 [pid 6370] <... clone3 resumed> => {parent_tid=[6372]}, 88) = 6372 [pid 5820] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] mkdir("./50", 0777 [pid 6372] set_robust_list(0x7fbb68bde9a0, 24 [pid 6370] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... openat resumed>) = 3 [pid 5819] <... mkdir resumed>) = 0 [pid 6372] <... set_robust_list resumed>) = 0 [pid 6370] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(3, "", [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6372] rt_sigprocmask(SIG_SETMASK, [], [pid 6370] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6370] <... futex resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6372] memfd_create("syzkaller", 0 [pid 6371] munmap(0x7fbb60600000, 138412032 [pid 6370] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] close(3 [pid 6372] <... memfd_create resumed>) = 3 [pid 5819] <... close resumed>) = 0 [pid 6372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6372] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6371] <... munmap resumed>) = 0 [pid 5820] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6371] openat(AT_FDCWD, "/dev/loop3", O_RDWR./strace-static-x86_64: Process 6373 attached ) = 4 [pid 6371] ioctl(4, LOOP_SET_FD, 3 [pid 6373] set_robust_list(0x55555eedf6a0, 24 [pid 6372] <... write resumed>) = 131072 [pid 6371] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6373] <... set_robust_list resumed>) = 0 [pid 6372] munmap(0x7fbb60600000, 138412032 [pid 6371] close(3 [pid 6367] <... mount resumed>) = 0 [pid 5820] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6371] <... close resumed>) = 0 [pid 6372] <... munmap resumed>) = 0 [pid 6372] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6372] ioctl(4, LOOP_SET_FD, 3 [pid 6373] chdir("./50" [pid 6371] close(4 [pid 6367] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6373 [pid 6373] <... chdir resumed>) = 0 [pid 6371] <... close resumed>) = 0 [pid 6373] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6371] mkdir("./file2", 0777 [pid 6367] <... openat resumed>) = 3 [pid 5820] newfstatat(AT_FDCWD, "./48/file2", [pid 6373] <... prctl resumed>) = 0 [pid 6371] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6373] setpgid(0, 0 [pid 6371] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6367] chdir("./file2" [pid 5820] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6373] <... setpgid resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6372] <... ioctl resumed>) = 0 [pid 6373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6367] <... chdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6373] <... openat resumed>) = 3 [ 113.073870][ T6367] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.089595][ T6367] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.100247][ T6371] loop3: detected capacity change from 0 to 256 [ 113.116872][ T6372] loop4: detected capacity change from 0 to 256 [pid 6373] write(3, "1000", 4 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... openat resumed>) = 4 [pid 6373] <... write resumed>) = 4 [pid 6367] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6372] close(3) = 0 [pid 6372] close(4) = 0 [pid 6373] close(3 [pid 6372] mkdir("./file2", 0777 [pid 6367] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] newfstatat(4, "", [pid 6373] <... close resumed>) = 0 [pid 6372] <... mkdir resumed>) = 0 [pid 6367] <... futex resumed>) = 1 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6373] symlink("/dev/binderfs", "./binderfs" [pid 5820] getdents64(4, executing program [pid 6373] <... symlink resumed>) = 0 [pid 6372] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6367] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6373] write(1, "executing program\n", 18 [pid 6365] <... futex resumed>) = 0 [pid 6373] <... write resumed>) = 18 [pid 6365] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(4, [pid 6373] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = 0 [pid 6365] <... futex resumed>) = 1 [pid 6367] mkdir("./file3", 0777 [pid 6365] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6373] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] close(4 [pid 6373] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [ 113.150175][ T6371] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.177944][ T6372] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.189698][ T6367] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6373] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] rmdir("./48/file2" [pid 6373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6365] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6373] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6367] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6365] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6373] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6365] <... futex resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./48/binderfs", [pid 6373] <... mprotect resumed>) = 0 [pid 6367] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = ? [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6373] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6367] +++ killed by SIGSEGV +++ [pid 6365] +++ killed by SIGSEGV +++ [pid 6371] <... mount resumed>) = 0 [pid 6373] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] unlink("./48/binderfs" [pid 6373] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6371] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6365, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5820] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6374 attached [pid 6371] <... openat resumed>) = 3 [pid 6374] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6373] <... clone3 resumed> => {parent_tid=[6374]}, 88) = 6374 [pid 6372] <... mount resumed>) = 0 [pid 6371] chdir("./file2" [pid 5820] getdents64(3, [pid 5818] umount2("./47", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6374] <... rseq resumed>) = 0 [pid 6373] rt_sigprocmask(SIG_SETMASK, [], [pid 6372] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6371] <... chdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] set_robust_list(0x7fbb68bde9a0, 24 [pid 6373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6372] <... openat resumed>) = 3 [pid 6371] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] close(3 [pid 5818] openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6374] <... set_robust_list resumed>) = 0 [pid 6373] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] chdir("./file2" [pid 6371] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] <... close resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6374] rt_sigprocmask(SIG_SETMASK, [], [pid 6373] <... futex resumed>) = 0 [pid 6372] <... chdir resumed>) = 0 [pid 6374] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6373] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6372] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6371] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] rmdir("./48" [pid 5818] newfstatat(3, "", [pid 6374] memfd_create("syzkaller", 0 [pid 6372] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6371] <... futex resumed>) = 1 [pid 6368] <... futex resumed>) = 0 [pid 6374] <... memfd_create resumed>) = 3 [pid 6371] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6368] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6368] <... futex resumed>) = 0 [pid 6374] <... mmap resumed>) = 0x7fbb60600000 [pid 6372] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6368] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] getdents64(3, [pid 6372] <... futex resumed>) = 1 [pid 6371] mkdir("./file3", 0777 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6374] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6372] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6370] <... futex resumed>) = 0 [pid 5820] mkdir("./49", 0777 [ 113.195734][ T6372] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.200920][ T6371] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.221442][ T6367] exFAT-fs (loop0): Filesystem has been set read-only [pid 5818] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6370] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6370] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6374] <... write resumed>) = 131072 [pid 6374] munmap(0x7fbb60600000, 138412032 [pid 6372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6371] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... mkdir resumed>) = 0 [pid 6372] mkdir("./file3", 0777 [pid 6374] <... munmap resumed>) = 0 [pid 6371] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... umount2 resumed>) = 0 [pid 6374] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5820] <... openat resumed>) = 3 [pid 6374] <... openat resumed>) = 4 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 6374] ioctl(4, LOOP_SET_FD, 3 [pid 5820] close(3 [pid 5818] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 6374] <... ioctl resumed>) = 0 [pid 6372] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6370] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6368] <... futex resumed>) = ? [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6374] close(3 [pid 6371] +++ killed by SIGSEGV +++ [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6374] <... close resumed>) = 0 [pid 6372] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6368] +++ killed by SIGSEGV +++ [pid 5818] newfstatat(AT_FDCWD, "./47/file2", ./strace-static-x86_64: Process 6375 attached [pid 6374] close(4 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6368, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6375] set_robust_list(0x55555eedf6a0, 24 [pid 6374] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6375] <... set_robust_list resumed>) = 0 [pid 6374] mkdir("./file2", 0777 [pid 5818] umount2("./47/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6375] chdir("./49" [pid 6374] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./47/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6375] <... chdir resumed>) = 0 [pid 6374] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... openat resumed>) = 4 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6372] +++ killed by SIGSEGV +++ [pid 6370] +++ killed by SIGSEGV +++ [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6375 [pid 5818] newfstatat(4, "", [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6370, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5822] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... openat resumed>) = 3 [pid 6375] setpgid(0, 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6375] <... setpgid resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 113.252517][ T6371] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.261524][ T6371] exFAT-fs (loop3): Filesystem has been set read-only [ 113.280151][ T6372] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.284559][ T6374] loop1: detected capacity change from 0 to 256 [ 113.289256][ T6372] exFAT-fs (loop4): Filesystem has been set read-only [pid 5818] getdents64(4, [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./50/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./50/file2") = 0 [pid 6375] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./50/binderfs") = 0 [pid 5822] getdents64(3, [pid 5818] getdents64(4, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6375] write(3, "1000", 4 [pid 5818] close(4 [pid 5822] rmdir("./50" [pid 6375] <... write resumed>) = 4 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 6375] close(3 [pid 6374] <... mount resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6375] <... close resumed>) = 0 [pid 6374] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] rmdir("./47/file2" [pid 5821] newfstatat(AT_FDCWD, "./50/file2", [pid 6375] symlink("/dev/binderfs", "./binderfs" [pid 5822] mkdir("./51", 0777 [pid 6375] <... symlink resumed>) = 0 [pid 6374] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 5818] <... rmdir resumed>) = 0 [pid 6375] write(1, "executing program\n", 18 [pid 6374] chdir("./file2" [pid 5821] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./47/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6375] <... write resumed>) = 18 [pid 6374] <... chdir resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6375] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6374] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(AT_FDCWD, "./47/binderfs", [pid 6375] <... futex resumed>) = 0 [pid 6374] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... openat resumed>) = 4 [pid 6375] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6374] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 5821] newfstatat(4, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6375] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6374] <... futex resumed>) = 1 [pid 6373] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] unlink("./47/binderfs" [pid 6375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6374] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6373] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(4, [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6374] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6373] <... futex resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... unlink resumed>) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 113.334838][ T6374] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.352634][ T6374] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5822] close(3 [pid 6375] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6374] mkdir("./file3", 0777 [pid 6373] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] getdents64(4, [pid 6375] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] getdents64(3, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6375] <... mprotect resumed>) = 0 [pid 5821] close(4 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6375] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] rmdir("./50/file2" [pid 5818] close(3 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6374] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5821] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6377 attached [pid 6375] <... clone3 resumed> => {parent_tid=[6377]}, 88) = 6377 [pid 6377] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6374] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6375] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] rmdir("./47" [pid 6377] <... rseq resumed>) = 0 [pid 6375] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] newfstatat(AT_FDCWD, "./50/binderfs", ./strace-static-x86_64: Process 6376 attached [pid 6377] set_robust_list(0x7fbb68bde9a0, 24 [pid 6375] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = ? [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6377] <... set_robust_list resumed>) = 0 [pid 6376] set_robust_list(0x55555eedf6a0, 24 [pid 6375] <... futex resumed>) = 0 [pid 6374] +++ killed by SIGSEGV +++ [pid 6373] +++ killed by SIGSEGV +++ [pid 5821] unlink("./50/binderfs" [pid 6377] rt_sigprocmask(SIG_SETMASK, [], [pid 6375] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... unlink resumed>) = 0 [pid 6377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6376] <... set_robust_list resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6376 [pid 5821] getdents64(3, [pid 5818] mkdir("./48", 0777 [pid 6377] memfd_create("syzkaller", 0 [pid 6376] chdir("./51" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6377] <... memfd_create resumed>) = 3 [pid 6376] <... chdir resumed>) = 0 [pid 5821] close(3 [pid 5818] <... mkdir resumed>) = 0 [pid 6377] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... close resumed>) = 0 [pid 6377] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] rmdir("./50" [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6373, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6377] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6376] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... rmdir resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] mkdir("./51", 0777 [pid 6376] <... prctl resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6376] setpgid(0, 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... openat resumed>) = 3 [pid 6376] <... setpgid resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [ 113.382811][ T6374] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.392050][ T6374] exFAT-fs (loop1): Filesystem has been set read-only [pid 6376] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6377] <... write resumed>) = 131072 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 6376] <... openat resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 5818] close(3 [pid 6376] write(3, "1000", 4 [pid 5819] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 6377] munmap(0x7fbb60600000, 138412032) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6377] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6376] <... write resumed>) = 4 [pid 6377] <... openat resumed>) = 4 [pid 6376] close(3 [pid 5819] newfstatat(3, "", [pid 6377] ioctl(4, LOOP_SET_FD, 3 [pid 6376] <... close resumed>) = 0 ./strace-static-x86_64: Process 6378 attached [pid 6376] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6378 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(3, [pid 6378] set_robust_list(0x55555eedf6a0, 24 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6378] <... set_robust_list resumed>) = 0 [pid 6376] <... symlink resumed>) = 0 executing program [pid 5819] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6376] write(1, "executing program\n", 18 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6379 [pid 6378] chdir("./51" [pid 6376] <... write resumed>) = 18 ./strace-static-x86_64: Process 6379 attached [pid 6378] <... chdir resumed>) = 0 [pid 6376] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... umount2 resumed>) = 0 [pid 6378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6376] <... futex resumed>) = 0 [pid 5819] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6378] setpgid(0, 0 [pid 6376] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6379] set_robust_list(0x55555eedf6a0, 24 [pid 6378] <... setpgid resumed>) = 0 [pid 6376] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] newfstatat(AT_FDCWD, "./50/file2", [pid 6376] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6376] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6379] <... set_robust_list resumed>) = 0 [pid 6378] <... openat resumed>) = 3 [pid 6376] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6379] chdir("./48" [pid 6378] write(3, "1000", 4 [pid 6376] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... openat resumed>) = 4 [pid 6378] <... write resumed>) = 4 [pid 6376] <... mprotect resumed>) = 0 [pid 6378] close(3 [pid 6376] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] newfstatat(4, "", executing program [pid 6378] <... close resumed>) = 0 [pid 6376] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6378] symlink("/dev/binderfs", "./binderfs" [pid 6376] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] getdents64(4, ./strace-static-x86_64: Process 6380 attached 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6378] <... symlink resumed>) = 0 [pid 6376] <... clone3 resumed> => {parent_tid=[6380]}, 88) = 6380 [pid 5819] getdents64(4, [pid 6378] write(1, "executing program\n", 18 [pid 6376] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6378] <... write resumed>) = 18 [pid 6376] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] close(4 [pid 6380] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6378] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 6380] <... rseq resumed>) = 0 [pid 6376] <... futex resumed>) = 0 [pid 5819] rmdir("./50/file2" [pid 6380] set_robust_list(0x7fbb68bde9a0, 24 [pid 6378] <... futex resumed>) = 0 [pid 6376] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... rmdir resumed>) = 0 [pid 6380] <... set_robust_list resumed>) = 0 [pid 6378] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6377] <... ioctl resumed>) = 0 [pid 5819] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6380] rt_sigprocmask(SIG_SETMASK, [], [pid 6379] <... chdir resumed>) = 0 [pid 6378] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6377] close(3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6379] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6377] <... close resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./50/binderfs", [pid 6380] memfd_create("syzkaller", 0 [pid 6378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6377] close(4 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] unlink("./50/binderfs" [pid 6380] <... memfd_create resumed>) = 3 [pid 6379] <... prctl resumed>) = 0 [pid 6378] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6377] <... close resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 6380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6379] setpgid(0, 0 [pid 6378] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6377] mkdir("./file2", 0777 [pid 5819] getdents64(3, [pid 6380] <... mmap resumed>) = 0x7fbb60600000 [pid 6378] <... mprotect resumed>) = 0 [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 113.453921][ T6377] loop2: detected capacity change from 0 to 256 [pid 6380] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6379] <... setpgid resumed>) = 0 [pid 6378] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] close(3 [pid 6379] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6377] <... mkdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./50"./strace-static-x86_64: Process 6381 attached [pid 6377] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... rmdir resumed>) = 0 [pid 5819] mkdir("./51", 0777 [pid 6380] <... write resumed>) = 131072 [pid 5819] <... mkdir resumed>) = 0 [pid 6380] munmap(0x7fbb60600000, 138412032 [pid 6381] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6380] <... munmap resumed>) = 0 [pid 6379] <... openat resumed>) = 3 [pid 6378] <... clone3 resumed> => {parent_tid=[6381]}, 88) = 6381 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 6381] <... rseq resumed>) = 0 [pid 6379] write(3, "1000", 4 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] set_robust_list(0x7fbb68bde9a0, 24 [pid 6379] <... write resumed>) = 4 [pid 6378] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6381] <... set_robust_list resumed>) = 0 [pid 6379] close(3 [pid 6378] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] rt_sigprocmask(SIG_SETMASK, [], [pid 6379] <... close resumed>) = 0 [pid 6381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6378] <... futex resumed>) = 0 [pid 6380] <... openat resumed>) = 4 [pid 6381] memfd_create("syzkaller", 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6379] symlink("/dev/binderfs", "./binderfs" [pid 6378] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] close(3 [pid 6381] <... memfd_create resumed>) = 3 [pid 6379] <... symlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6380] ioctl(4, LOOP_SET_FD, 3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 6381] <... mmap resumed>) = 0x7fbb60600000 [pid 6379] write(1, "executing program\n", 18 [pid 6381] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6379] <... write resumed>) = 18 ./strace-static-x86_64: Process 6382 attached [pid 6379] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6382 [pid 6379] <... futex resumed>) = 0 [pid 6379] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, executing program [pid 6382] set_robust_list(0x55555eedf6a0, 24 [pid 6379] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6382] <... set_robust_list resumed>) = 0 [pid 6382] chdir("./51") = 0 [pid 6382] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6382] setpgid(0, 0) = 0 [pid 6382] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6382] write(3, "1000", 4) = 4 [pid 6382] close(3) = 0 [pid 6382] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6382] write(1, "executing program\n", 18) = 18 [pid 6382] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6382] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6382] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6380] <... ioctl resumed>) = 0 [pid 6379] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6382] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6380] close(3 [pid 6382] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6380] <... close resumed>) = 0 [pid 6379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6382] <... mprotect resumed>) = 0 [pid 6380] close(4 [pid 6382] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6380] <... close resumed>) = 0 [pid 6382] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6380] mkdir("./file2", 0777 [pid 6381] <... write resumed>) = 131072 [pid 6379] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6380] <... mkdir resumed>) = 0 [pid 6379] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6381] munmap(0x7fbb60600000, 138412032 [pid 6380] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6379] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6381] <... munmap resumed>) = 0 [pid 6379] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6383 attached [pid 6382] <... clone3 resumed> => {parent_tid=[6383]}, 88) = 6383 [pid 6381] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6383] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6382] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] <... openat resumed>) = 4 [ 113.496440][ T6377] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.515738][ T6380] loop4: detected capacity change from 0 to 256 [pid 6379] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6383] <... rseq resumed>) = 0 [pid 6382] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6381] ioctl(4, LOOP_SET_FD, 3 [pid 6379] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6379] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6384 attached [pid 6382] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] set_robust_list(0x7fbb68bde9a0, 24 [pid 6382] <... futex resumed>) = 0 [pid 6383] <... set_robust_list resumed>) = 0 [pid 6382] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6384] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6383] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] <... ioctl resumed>) = 0 [pid 6379] <... clone3 resumed> => {parent_tid=[6384]}, 88) = 6384 [pid 6384] <... rseq resumed>) = 0 [pid 6384] set_robust_list(0x7fbb68bde9a0, 24 [pid 6379] rt_sigprocmask(SIG_SETMASK, [], [pid 6384] <... set_robust_list resumed>) = 0 [pid 6381] close(3 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] <... close resumed>) = 0 [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] close(4 [pid 6379] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] memfd_create("syzkaller", 0 [pid 6383] memfd_create("syzkaller", 0 [pid 6379] <... futex resumed>) = 0 [pid 6384] <... memfd_create resumed>) = 3 [pid 6384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6379] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6384] <... mmap resumed>) = 0x7fbb60600000 [pid 6383] <... memfd_create resumed>) = 3 [pid 6381] <... close resumed>) = 0 [pid 6383] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6384] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6383] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6381] mkdir("./file2", 0777 [pid 6384] <... write resumed>) = 131072 [pid 6383] <... write resumed>) = 131072 [pid 6383] munmap(0x7fbb60600000, 138412032 [pid 6384] munmap(0x7fbb60600000, 138412032 [pid 6383] <... munmap resumed>) = 0 [pid 6381] <... mkdir resumed>) = 0 [pid 6377] <... mount resumed>) = 0 [pid 6383] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6384] <... munmap resumed>) = 0 [pid 6381] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6384] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6383] <... openat resumed>) = 4 [pid 6377] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6377] chdir("./file2" [pid 6384] <... openat resumed>) = 4 [pid 6377] <... chdir resumed>) = 0 [pid 6384] ioctl(4, LOOP_SET_FD, 3 [pid 6377] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6377] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6383] ioctl(4, LOOP_SET_FD, 3 [pid 6377] mkdir("./file3", 0777 [pid 6375] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6384] <... ioctl resumed>) = 0 [pid 6384] close(3) = 0 [ 113.540342][ T6377] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.551703][ T6381] loop3: detected capacity change from 0 to 256 [ 113.555560][ T6380] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.582464][ T6384] loop0: detected capacity change from 0 to 256 [ 113.584605][ T6383] loop1: detected capacity change from 0 to 256 [pid 6384] close(4 [pid 6383] <... ioctl resumed>) = 0 [pid 6384] <... close resumed>) = 0 [pid 6384] mkdir("./file2", 0777 [pid 6383] close(3) = 0 [pid 6383] close(4) = 0 [pid 6383] mkdir("./file2", 0777) = 0 [pid 6383] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6384] <... mkdir resumed>) = 0 [pid 6384] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6375] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6375] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6375] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6385]}, 88) = 6385 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6375] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6385 attached [pid 6385] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6385] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6385] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6377] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6385] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... futex resumed>) = 1 [pid 6377] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6385] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6375] <... futex resumed>) = ? [pid 6385] <... ioctl resumed>) = ? [pid 6385] +++ killed by SIGSEGV +++ [ 113.597546][ T6377] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.600386][ T6380] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.609223][ T6377] exFAT-fs (loop2): Filesystem has been set read-only [ 113.635983][ T6383] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6380] <... mount resumed>) = 0 [pid 6380] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6380] chdir("./file2") = 0 [pid 6380] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6380] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6380] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6376] <... futex resumed>) = 0 [pid 6376] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = 0 [pid 6376] <... futex resumed>) = 1 [pid 6380] mkdir("./file3", 0777 [pid 6376] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6377] +++ killed by SIGSEGV +++ [pid 6375] +++ killed by SIGSEGV +++ [pid 6383] <... mount resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6375, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6383] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6383] chdir("./file2") = 0 [pid 6383] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5820] <... umount2 resumed>) = 0 [ 113.663038][ T6383] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.673600][ T6380] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.699956][ T6380] exFAT-fs (loop4): Filesystem has been set read-only [pid 6383] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6380] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6383] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6380] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6383] <... futex resumed>) = 1 [pid 6382] <... futex resumed>) = 0 [pid 6383] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6382] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6382] <... futex resumed>) = 0 [pid 6380] +++ killed by SIGSEGV +++ [pid 6376] +++ killed by SIGSEGV +++ [pid 6383] mkdir("./file3", 0777 [pid 6382] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6376, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./49/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./49/file2") = 0 [pid 5820] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./49/binderfs") = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./49") = 0 [pid 5820] mkdir("./50", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 5822] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... close resumed>) = 0 [ 113.701216][ T6384] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.712276][ T6381] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.737892][ T6383] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6386 attached [pid 5822] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 6382] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6386 [pid 6386] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6386] chdir("./50") = 0 [pid 6383] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6382] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6382] <... futex resumed>) = 0 [pid 5822] getdents64(3, [pid 6382] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6386] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6382] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6382] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] <... prctl resumed>) = 0 [pid 6386] setpgid(0, 0 [pid 6382] <... mprotect resumed>) = 0 [pid 6386] <... setpgid resumed>) = 0 [pid 6386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6382] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6382] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6387 attached => {parent_tid=[6387]}, 88) = 6387 [pid 6387] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6383] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6382] rt_sigprocmask(SIG_SETMASK, [], ) = ? [pid 6386] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = 0 [pid 6386] write(3, "1000", 4) = 4 [pid 6386] close(3) = 0 [pid 6386] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6386] write(1, "executing program\n", 18) = 18 [pid 5822] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6387] <... rseq resumed>) = ? [pid 6386] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... mount resumed>) = 0 [pid 6383] +++ killed by SIGSEGV +++ [ 113.760124][ T6381] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.767450][ T6384] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 113.789322][ T6383] exFAT-fs (loop1): Filesystem has been set read-only [pid 6381] <... mount resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6387] +++ killed by SIGSEGV +++ [pid 6386] <... futex resumed>) = 0 [pid 6384] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6382] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(AT_FDCWD, "./51/file2", [pid 6386] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6384] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6382, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6386] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6384] chdir("./file2" [pid 5822] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6384] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6384] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6381] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... openat resumed>) = 4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6386] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6384] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] newfstatat(4, "", [pid 5819] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6386] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6384] <... futex resumed>) = 1 [pid 6379] <... futex resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6386] <... mprotect resumed>) = 0 [pid 6384] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 5819] newfstatat(3, "", [pid 6386] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6384] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6379] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6386] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6384] mkdir("./file3", 0777 [pid 6379] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] getdents64(4, [pid 5819] getdents64(3, [pid 6386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6381] <... openat resumed>) = 3 [pid 6381] chdir("./file2") = 0 [pid 6381] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6381] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6388 attached [pid 6381] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6386] <... clone3 resumed> => {parent_tid=[6388]}, 88) = 6388 [pid 6381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6378] <... futex resumed>) = 0 [pid 5822] close(4 [pid 5819] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6386] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] mkdir("./file3", 0777 [pid 6378] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... close resumed>) = 0 [pid 6388] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6386] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... rseq resumed>) = 0 [pid 6386] <... futex resumed>) = 0 [pid 6388] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6386] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] rmdir("./51/file2" [pid 6388] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... umount2 resumed>) = 0 [pid 6388] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6388] memfd_create("syzkaller", 0 [pid 5822] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6388] <... memfd_create resumed>) = 3 [pid 6384] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6384] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5819] newfstatat(AT_FDCWD, "./51/file2", [pid 6388] <... mmap resumed>) = 0x7fbb60600000 [pid 6379] <... futex resumed>) = ? [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6388] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6384] +++ killed by SIGSEGV +++ [pid 6381] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6379] +++ killed by SIGSEGV +++ [pid 5822] unlink("./51/binderfs" [pid 5819] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6388] <... write resumed>) = 131072 [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6379, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6388] munmap(0x7fbb60600000, 138412032) = 0 [pid 6381] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(3, [pid 5819] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6378] <... futex resumed>) = ? [pid 5819] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", [pid 6388] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6381] +++ killed by SIGSEGV +++ [pid 6378] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6388] <... openat resumed>) = 4 [pid 5822] close(3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6378, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./51" [pid 5819] getdents64(4, [pid 6388] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... rmdir resumed>) = 0 [pid 5818] umount2("./48", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] mkdir("./52", 0777 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(4, [pid 5822] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [ 113.856648][ T6384] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.872436][ T6381] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 113.884344][ T6384] exFAT-fs (loop0): Filesystem has been set read-only [ 113.885231][ T6381] exFAT-fs (loop3): Filesystem has been set read-only [pid 5819] close(4 [pid 5821] <... openat resumed>) = 3 [pid 6388] <... ioctl resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] rmdir("./51/file2") = 0 [pid 6388] close(3 [pid 5822] <... openat resumed>) = 3 [pid 5821] newfstatat(3, "", [pid 5819] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6388] <... close resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 3 [pid 6388] close(4 [pid 5822] <... ioctl resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] newfstatat(AT_FDCWD, "./51/binderfs", [pid 5818] newfstatat(3, "", [pid 6388] <... close resumed>) = 0 [pid 5822] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... close resumed>) = 0 [pid 6388] mkdir("./file2", 0777 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(3, [pid 6388] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] unlink("./51/binderfs" [pid 6388] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./48/file2", [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6389 attached [pid 5819] close(3 [pid 5818] umount2("./48/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] rmdir("./51" [pid 5818] openat(AT_FDCWD, "./48/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6389] set_robust_list(0x55555eedf6a0, 24 [pid 5821] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(4, "", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6389] <... set_robust_list resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./51/file2", [pid 5819] <... rmdir resumed>) = 0 [pid 6389] chdir("./52" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 6389] <... chdir resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6389 [pid 5821] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] mkdir("./52", 0777 [pid 6389] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6389] <... prctl resumed>) = 0 [ 113.921253][ T6388] loop2: detected capacity change from 0 to 256 [pid 5821] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 6389] setpgid(0, 0 [pid 5821] <... openat resumed>) = 4 [pid 5818] <... close resumed>) = 0 [pid 6389] <... setpgid resumed>) = 0 [pid 5818] rmdir("./48/file2" [pid 6389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] newfstatat(4, "", [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6389] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 5821] getdents64(4, [pid 5818] umount2("./48/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6389] write(3, "1000", 4 [pid 5821] getdents64(4, [pid 5819] <... ioctl resumed>) = 0 [pid 6389] <... write resumed>) = 4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(AT_FDCWD, "./48/binderfs", [pid 6389] close(3 [pid 5819] close(3 [pid 6389] <... close resumed>) = 0 [pid 5821] close(4 [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6389] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... close resumed>) = 0 [pid 6389] <... symlink resumed>) = 0 [pid 5821] rmdir("./51/file2" [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] unlink("./48/binderfs" [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6389] write(1, "executing program\n", 18 [pid 6388] <... mount resumed>) = 0 executing program [pid 5818] getdents64(3, [pid 6389] <... write resumed>) = 18 [pid 6389] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6389] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6390 [pid 6389] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6389] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./51/binderfs" [pid 6389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... unlink resumed>) = 0 [pid 6389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./51") = 0 [pid 6389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] mkdir("./52", 0777 [pid 6389] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6388] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] close(3 [pid 6389] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 6388] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 5818] rmdir("./48" [pid 6389] <... mprotect resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6390 attached [pid 6389] rt_sigprocmask(SIG_BLOCK, ~[], [ 113.965099][ T6388] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 113.979738][ T6388] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6388] chdir("./file2" [pid 5821] <... ioctl resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6388] <... chdir resumed>) = 0 [pid 5818] mkdir("./49", 0777 [pid 6388] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6391]}, 88) = 6391 [pid 5818] <... mkdir resumed>) = 0 [pid 6389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6388] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6390] set_robust_list(0x55555eedf6a0, 24 [pid 6388] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... openat resumed>) = 3 [pid 6390] <... set_robust_list resumed>) = 0 [pid 6388] <... futex resumed>) = 1 [pid 6386] <... futex resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6389] <... futex resumed>) = 0 [pid 5821] close(3 [pid 6390] chdir("./52" [pid 6389] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6388] mkdir("./file3", 0777 [pid 6386] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... close resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6390] <... chdir resumed>) = 0 [pid 5818] close(3 [pid 6390] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6386] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6391 attached [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6392 attached [pid 6391] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6390] <... prctl resumed>) = 0 [pid 6386] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... close resumed>) = 0 [pid 6391] <... rseq resumed>) = 0 [pid 6391] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6392 [pid 6391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6391] memfd_create("syzkaller", 0) = 3 [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6392] set_robust_list(0x55555eedf6a0, 24 [pid 6391] <... mmap resumed>) = 0x7fbb60600000 [pid 6392] <... set_robust_list resumed>) = 0 [pid 6392] chdir("./52" [pid 6391] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6392] <... chdir resumed>) = 0 [pid 6392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6392] setpgid(0, 0) = 0 [pid 6392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6391] <... write resumed>) = 131072 [pid 6390] setpgid(0, 0executing program [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6390] <... setpgid resumed>) = 0 [pid 6392] <... openat resumed>) = 3 [pid 6392] write(3, "1000", 4) = 4 [pid 6392] close(3) = 0 [pid 6392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6392] write(1, "executing program\n", 18 [pid 6391] munmap(0x7fbb60600000, 138412032 [pid 6392] <... write resumed>) = 18 [pid 6391] <... munmap resumed>) = 0 [pid 6392] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6393 attached [pid 6393] set_robust_list(0x55555eedf6a0, 24 [pid 6392] <... futex resumed>) = 0 [pid 6392] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6393] <... set_robust_list resumed>) = 0 [pid 6392] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6393] chdir("./49" [pid 6392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6391] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6390] <... openat resumed>) = 3 [pid 6388] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6393 [pid 6390] write(3, "1000", 4 [pid 6388] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6390] <... write resumed>) = 4 [pid 6386] <... futex resumed>) = ? [pid 6393] <... chdir resumed>) = 0 [pid 6392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6391] <... openat resumed>) = 4 [pid 6390] close(3 [pid 6388] +++ killed by SIGSEGV +++ [pid 6393] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6392] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6391] ioctl(4, LOOP_SET_FD, 3 [pid 6390] <... close resumed>) = 0 [pid 6386] +++ killed by SIGSEGV +++ [pid 6393] <... prctl resumed>) = 0 [pid 6392] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6390] symlink("/dev/binderfs", "./binderfs" [pid 6393] setpgid(0, 0 [pid 6390] <... symlink resumed>) = 0 executing program [pid 6390] write(1, "executing program\n", 18) = 18 [pid 6390] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6390] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6393] <... setpgid resumed>) = 0 [pid 6392] <... mprotect resumed>) = 0 [pid 6390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6386, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6390] <... clone3 resumed> => {parent_tid=[6394]}, 88) = 6394 [pid 6392] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6390] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6390] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6390] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6394 attached [pid 6392] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6391] <... ioctl resumed>) = 0 [pid 6394] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6393] <... openat resumed>) = 3 [pid 6392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... restart_syscall resumed>) = 0 [pid 6394] <... rseq resumed>) = 0 [pid 6394] set_robust_list(0x7fbb68bde9a0, 24) = 0 ./strace-static-x86_64: Process 6395 attached [pid 6394] rt_sigprocmask(SIG_SETMASK, [], [pid 6395] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6394] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6392] <... clone3 resumed> => {parent_tid=[6395]}, 88) = 6395 [pid 6395] <... rseq resumed>) = 0 [pid 6394] memfd_create("syzkaller", 0 [pid 6395] set_robust_list(0x7fbb68bde9a0, 24 [pid 6394] <... memfd_create resumed>) = 3 [pid 6392] rt_sigprocmask(SIG_SETMASK, [], [pid 6391] close(3 [pid 6393] write(3, "1000", 4 [pid 6391] <... close resumed>) = 0 [pid 6395] <... set_robust_list resumed>) = 0 [pid 6394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6393] <... write resumed>) = 4 [pid 6392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6391] close(4) = 0 [pid 5820] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6391] mkdir("./file2", 0777 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6391] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 114.007547][ T6388] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.026837][ T6388] exFAT-fs (loop2): Filesystem has been set read-only [ 114.042855][ T6391] loop4: detected capacity change from 0 to 256 [pid 6391] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6395] rt_sigprocmask(SIG_SETMASK, [], [pid 6394] <... mmap resumed>) = 0x7fbb60600000 [pid 6393] close(3 [pid 6392] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6395] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6392] <... futex resumed>) = 0 [pid 6393] <... close resumed>) = 0 [pid 6392] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 6395] memfd_create("syzkaller", 0 [pid 6394] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6393] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... umount2 resumed>) = 0 [pid 6395] <... memfd_create resumed>) = 3 [pid 6395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6394] <... write resumed>) = 131072 [pid 6393] <... symlink resumed>) = 0 [pid 5820] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6395] <... mmap resumed>) = 0x7fbb60600000 [pid 6393] write(1, "executing program\n", 18 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./50/file2", [pid 6395] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6394] munmap(0x7fbb60600000, 138412032 [pid 6393] <... write resumed>) = 18 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6393] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6394] <... munmap resumed>) = 0 [pid 6393] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... openat resumed>) = 4 [pid 6394] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6393] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] newfstatat(4, "", [pid 6393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6394] <... openat resumed>) = 4 [pid 6393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6394] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6395] <... write resumed>) = 131072 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./50/file2") = 0 [pid 5820] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6395] munmap(0x7fbb60600000, 138412032 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6395] <... munmap resumed>) = 0 [pid 6393] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./50/binderfs" [pid 6395] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6393] <... mprotect resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 6395] <... openat resumed>) = 4 [pid 6393] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... close resumed>) = 0 [pid 6395] ioctl(4, LOOP_SET_FD, 3 [ 114.092860][ T6391] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.126991][ T6394] loop1: detected capacity change from 0 to 256 [pid 5820] rmdir("./50") = 0 [pid 5820] mkdir("./51", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 6393] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6396 attached [pid 6394] <... ioctl resumed>) = 0 [pid 6393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6391] <... mount resumed>) = 0 [pid 6396] set_robust_list(0x55555eedf6a0, 24 [pid 6391] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6397 attached [pid 6396] <... set_robust_list resumed>) = 0 [pid 6394] close(3 [pid 6393] <... clone3 resumed> => {parent_tid=[6397]}, 88) = 6397 [pid 6391] <... openat resumed>) = 3 [pid 6397] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6395] <... ioctl resumed>) = 0 [pid 6394] <... close resumed>) = 0 [pid 6393] rt_sigprocmask(SIG_SETMASK, [], [pid 6397] <... rseq resumed>) = 0 [pid 6396] chdir("./51" [pid 6395] close(3 [pid 6394] close(4 [pid 6393] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6391] chdir("./file2" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6396 [pid 6397] set_robust_list(0x7fbb68bde9a0, 24 [pid 6396] <... chdir resumed>) = 0 [pid 6395] <... close resumed>) = 0 [pid 6394] <... close resumed>) = 0 [pid 6393] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... chdir resumed>) = 0 [pid 6397] <... set_robust_list resumed>) = 0 [pid 6396] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6395] close(4 [pid 6393] <... futex resumed>) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6397] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] <... prctl resumed>) = 0 [pid 6394] mkdir("./file2", 0777 [pid 6393] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6391] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6397] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6396] setpgid(0, 0 [pid 6395] <... close resumed>) = 0 [ 114.143646][ T6391] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.144916][ T6395] loop3: detected capacity change from 0 to 256 [pid 6397] memfd_create("syzkaller", 0 [pid 6396] <... setpgid resumed>) = 0 [pid 6395] mkdir("./file2", 0777 [pid 6391] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6395] <... mkdir resumed>) = 0 [pid 6391] <... futex resumed>) = 1 [pid 6389] <... futex resumed>) = 0 [pid 6397] <... memfd_create resumed>) = 3 [pid 6394] <... mkdir resumed>) = 0 [pid 6389] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6389] <... futex resumed>) = 0 [pid 6397] <... mmap resumed>) = 0x7fbb60600000 [pid 6396] <... openat resumed>) = 3 [pid 6394] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6391] mkdir("./file3", 0777 [pid 6389] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6395] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6396] write(3, "1000", 4) = 4 [pid 6396] close(3) = 0 [pid 6396] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6396] write(1, "executing program\n", 18) = 18 [pid 6396] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6396] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6398 attached => {parent_tid=[6398]}, 88) = 6398 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6396] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6398] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6398] memfd_create("syzkaller", 0 [pid 6397] <... write resumed>) = 131072 [pid 6398] <... memfd_create resumed>) = 3 [pid 6398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6396] <... futex resumed>) = 0 [ 114.194541][ T6391] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.222358][ T6395] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.224742][ T6391] exFAT-fs (loop4): Filesystem has been set read-only [pid 6396] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6398] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6397] munmap(0x7fbb60600000, 138412032 [pid 6398] <... write resumed>) = 131072 [pid 6397] <... munmap resumed>) = 0 [pid 6398] munmap(0x7fbb60600000, 138412032) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6398] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6398] ioctl(4, LOOP_SET_FD, 3 [pid 6397] <... openat resumed>) = 4 [pid 6397] ioctl(4, LOOP_SET_FD, 3 [pid 6398] <... ioctl resumed>) = 0 [pid 6391] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6389] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6389] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6389] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6398] close(3 [pid 6389] <... mprotect resumed>) = 0 [pid 6398] <... close resumed>) = 0 [pid 6389] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6398] close(4 [pid 6389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6398] <... close resumed>) = 0 [pid 6389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6399 attached [pid 6398] mkdir("./file2", 0777 [pid 6399] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6398] <... mkdir resumed>) = 0 [pid 6389] <... clone3 resumed> => {parent_tid=[6399]}, 88) = 6399 [pid 6399] <... rseq resumed>) = 0 [pid 6398] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6389] rt_sigprocmask(SIG_SETMASK, [], [pid 6399] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6389] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6399] <... set_robust_list resumed>) = 0 [pid 6397] <... ioctl resumed>) = 0 [pid 6391] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6389] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 6399] +++ killed by SIGSEGV +++ [pid 6397] close(3) = 0 [pid 6397] close(4 [pid 6395] <... mount resumed>) = 0 [pid 6397] <... close resumed>) = 0 [pid 6397] mkdir("./file2", 0777 [pid 6395] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6397] <... mkdir resumed>) = 0 [pid 6395] <... openat resumed>) = 3 [pid 6394] <... mount resumed>) = 0 [ 114.246412][ T6398] loop2: detected capacity change from 0 to 256 [ 114.253615][ T6394] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.266631][ T6397] loop0: detected capacity change from 0 to 256 [ 114.274737][ T6395] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.284964][ T6394] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6397] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6395] chdir("./file2" [pid 6394] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6391] +++ killed by SIGSEGV +++ [pid 6395] <... chdir resumed>) = 0 [pid 6389] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6389, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6395] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6395] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... openat resumed>) = 3 [pid 6395] <... futex resumed>) = 1 [pid 6394] chdir("./file2" [pid 6392] <... futex resumed>) = 0 [pid 6395] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6392] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... chdir resumed>) = 0 [pid 6395] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6392] <... futex resumed>) = 0 [pid 6395] mkdir("./file3", 0777 [pid 6392] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6394] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6394] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] <... futex resumed>) = 0 [pid 6394] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6390] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6394] mkdir("./file3", 0777 [pid 6390] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6390] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.314690][ T6398] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.333290][ T6395] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.333966][ T6398] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.355133][ T6394] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5822] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6398] <... mount resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 6398] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6395] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6394] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6398] <... openat resumed>) = 3 [pid 6398] chdir("./file2") = 0 [pid 6398] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6398] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6398] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6395] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6394] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6398] <... futex resumed>) = 0 [pid 6396] <... futex resumed>) = 1 [pid 6390] <... futex resumed>) = ? [pid 6398] mkdir("./file3", 0777 [pid 6396] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] <... futex resumed>) = ? [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6397] <... mount resumed>) = 0 [pid 5822] getdents64(3, [pid 6395] +++ killed by SIGSEGV +++ [pid 6392] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6392, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5822] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6394] +++ killed by SIGSEGV +++ [pid 6390] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6390, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [ 114.357276][ T6395] exFAT-fs (loop3): Filesystem has been set read-only [ 114.374369][ T6394] exFAT-fs (loop1): Filesystem has been set read-only [ 114.378007][ T6397] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.395062][ T6397] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.405088][ T6398] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] <... umount2 resumed>) = 0 [pid 6397] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6397] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6397] chdir("./file2" [pid 5822] newfstatat(AT_FDCWD, "./52/file2", [pid 6397] <... chdir resumed>) = 0 [pid 5821] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 6398] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] newfstatat(3, "", [pid 6398] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6397] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6397] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] getdents64(3, [pid 6396] <... futex resumed>) = ? [pid 6393] <... futex resumed>) = 0 [pid 5822] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6398] +++ killed by SIGSEGV +++ [pid 6397] <... futex resumed>) = 1 [pid 6393] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6397] mkdir("./file3", 0777 [pid 6396] +++ killed by SIGSEGV +++ [pid 6393] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6393] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6396, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] newfstatat(AT_FDCWD, "./52/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... openat resumed>) = 4 [pid 5821] <... openat resumed>) = 4 [pid 5819] <... umount2 resumed>) = 0 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] newfstatat(4, "", [pid 5819] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] newfstatat(AT_FDCWD, "./52/file2", [pid 5822] getdents64(4, [pid 5821] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 5820] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] close(4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6397] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] close(4 [pid 5822] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] rmdir("./52/file2" [pid 5821] <... close resumed>) = 0 [pid 6397] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6393] <... futex resumed>) = ? [pid 5822] <... rmdir resumed>) = 0 [pid 5821] rmdir("./52/file2" [pid 5820] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5819] <... openat resumed>) = 4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(4, "", [pid 5822] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6397] +++ killed by SIGSEGV +++ [pid 6393] +++ killed by SIGSEGV +++ [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(4, [pid 5822] unlink("./52/binderfs" [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6393, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] unlink("./52/binderfs" [pid 5822] <... unlink resumed>) = 0 [ 114.421026][ T6398] exFAT-fs (loop2): Filesystem has been set read-only [ 114.452841][ T6397] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.464605][ T6397] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] getdents64(4, [pid 5821] getdents64(3, [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 5821] close(3 [pid 5822] close(3 [pid 5821] <... close resumed>) = 0 [pid 5820] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... restart_syscall resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] rmdir("./52" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... close resumed>) = 0 [pid 5822] rmdir("./52" [pid 5820] newfstatat(AT_FDCWD, "./51/file2", [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] rmdir("./52/file2" [pid 5822] mkdir("./53", 0777 [pid 5821] mkdir("./53", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./49", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5822] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 4 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] unlink("./52/binderfs" [pid 5818] newfstatat(3, "", [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] newfstatat(4, "", [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] close(3 [pid 5822] close(3 [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] rmdir("./52") = 0 [pid 5819] mkdir("./53", 0777 [pid 5822] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, [pid 5819] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6400 attached [pid 6400] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6400] chdir("./53" [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6400 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... umount2 resumed>) = 0 [pid 5820] close(4) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5820] rmdir("./51/file2" [pid 6400] <... chdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6401 attached [pid 5820] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6400] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./51/binderfs", [pid 6401] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6400] <... prctl resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6400] setpgid(0, 0 [pid 5820] unlink("./51/binderfs" [pid 5819] close(3 [pid 5818] newfstatat(AT_FDCWD, "./49/file2", [pid 6401] chdir("./53" [pid 6400] <... setpgid resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6401 [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6401] <... chdir resumed>) = 0 [pid 6400] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] getdents64(3, [pid 6401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6400] <... openat resumed>) = 3 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./49/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6401] setpgid(0, 0 [pid 5820] close(3 [pid 6401] <... setpgid resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./49/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] rmdir("./51" [pid 5818] <... openat resumed>) = 4 [pid 6400] write(3, "1000", 4) = 4 [pid 5818] newfstatat(4, "", [pid 6401] <... openat resumed>) = 3 [pid 6400] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6402 attached [pid 6401] write(3, "1000", 4 [pid 6400] <... close resumed>) = 0 [pid 5820] mkdir("./52", 0777 [pid 5818] getdents64(4, [pid 6401] <... write resumed>) = 4 [pid 6400] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6402] set_robust_list(0x55555eedf6a0, 24 [pid 6401] close(3executing program [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 6400] write(1, "executing program\n", 18 [pid 5818] <... close resumed>) = 0 [pid 6402] <... set_robust_list resumed>) = 0 [pid 6401] <... close resumed>) = 0 [pid 6400] <... write resumed>) = 18 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6402 [pid 5818] rmdir("./49/file2" [pid 6402] chdir("./53" [pid 6401] symlink("/dev/binderfs", "./binderfs" [pid 6400] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6400] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5818] umount2("./49/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6400] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5818] newfstatat(AT_FDCWD, "./49/binderfs", [pid 6400] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6400] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] unlink("./49/binderfs" [pid 6402] <... chdir resumed>) = 0 [pid 6401] <... symlink resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWRexecuting program [pid 5818] <... unlink resumed>) = 0 [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6401] write(1, "executing program\n", 18 [pid 6400] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6402] <... prctl resumed>) = 0 [pid 6401] <... write resumed>) = 18 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6402] setpgid(0, 0 [pid 6401] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] getdents64(3, [pid 6402] <... setpgid resumed>) = 0 [pid 6401] <... futex resumed>) = 0 [pid 6400] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6403 attached [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6401] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] close(3 [pid 6403] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6401] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6400] <... clone3 resumed> => {parent_tid=[6403]}, 88) = 6403 [pid 6400] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] close(3 [pid 6403] <... rseq resumed>) = 0 [pid 6402] <... openat resumed>) = 3 [pid 6401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6403] set_robust_list(0x7fbb68bde9a0, 24 [pid 6401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6403] <... set_robust_list resumed>) = 0 [pid 6401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6402] write(3, "1000", 4 [pid 6400] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] rmdir("./49" [pid 6402] <... write resumed>) = 4 [pid 6401] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6402] close(3 [pid 6401] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6402] <... close resumed>) = 0 [pid 6402] symlink("/dev/binderfs", "./binderfs" [pid 6401] <... mprotect resumed>) = 0 [pid 6400] <... futex resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6402] <... symlink resumed>) = 0 [pid 6400] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6403] rt_sigprocmask(SIG_SETMASK, [], [pid 6401] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6401] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6403] memfd_create("syzkaller", 0 [pid 6401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6404 attached [pid 6403] <... memfd_create resumed>) = 3 [pid 6402] write(1, "executing program\n", 18executing program ./strace-static-x86_64: Process 6405 attached [pid 6404] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6402] <... write resumed>) = 18 [pid 6401] <... clone3 resumed> => {parent_tid=[6404]}, 88) = 6404 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6405 [pid 5818] mkdir("./50", 0777 [pid 6404] <... rseq resumed>) = 0 [pid 6403] <... mmap resumed>) = 0x7fbb60600000 [pid 6402] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6401] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... mkdir resumed>) = 0 [pid 6404] set_robust_list(0x7fbb68bde9a0, 24 [pid 6401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] set_robust_list(0x55555eedf6a0, 24 [pid 6404] <... set_robust_list resumed>) = 0 [pid 6401] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] <... set_robust_list resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6401] <... futex resumed>) = 0 [pid 6405] chdir("./52" [pid 6404] rt_sigprocmask(SIG_SETMASK, [], [pid 6402] <... futex resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6405] <... chdir resumed>) = 0 [pid 6404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6403] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6402] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6401] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6405] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6404] memfd_create("syzkaller", 0 [pid 6402] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6405] <... prctl resumed>) = 0 [pid 6402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] close(3 [pid 6405] setpgid(0, 0 [pid 6403] <... write resumed>) = 131072 [pid 6402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] <... setpgid resumed>) = 0 [pid 6404] <... memfd_create resumed>) = 3 [pid 6403] munmap(0x7fbb60600000, 138412032 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6404] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6402] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... close resumed>) = 0 [pid 6405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6405] write(3, "1000", 4) = 4 [pid 6405] close(3) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6405] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6404] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6403] <... munmap resumed>) = 0 [pid 6402] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6406 attached [pid 6406] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6406] chdir("./50") = 0 [pid 6406] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6405] write(1, "executing program\n", 18 [pid 6406] <... prctl resumed>) = 0 [pid 6406] setpgid(0, 0 [pid 6405] <... write resumed>) = 18 [pid 6406] <... setpgid resumed>) = 0 [pid 6405] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6405] <... futex resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6406 [pid 6405] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6406] <... openat resumed>) = 3 [pid 6405] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6406] write(3, "1000", 4 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6406] <... write resumed>) = 4 [pid 6405] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6406] close(3) = 0 [pid 6405] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITEexecuting program ) = 0 [pid 6406] symlink("/dev/binderfs", "./binderfs" [pid 6404] <... write resumed>) = 131072 [pid 6403] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6402] <... mprotect resumed>) = 0 [pid 6406] <... symlink resumed>) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6407 attached [pid 6406] write(1, "executing program\n", 18) = 18 [pid 6405] <... clone3 resumed> => {parent_tid=[6407]}, 88) = 6407 [pid 6406] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], [pid 6402] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6407] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6406] <... futex resumed>) = 0 [pid 6405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6407] <... rseq resumed>) = 0 [pid 6406] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6405] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] set_robust_list(0x7fbb68bde9a0, 24 [pid 6406] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6405] <... futex resumed>) = 0 [pid 6407] <... set_robust_list resumed>) = 0 [pid 6406] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6405] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6404] munmap(0x7fbb60600000, 138412032 [pid 6403] <... openat resumed>) = 4 [pid 6402] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6407] rt_sigprocmask(SIG_SETMASK, [], [pid 6406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6406] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6407] memfd_create("syzkaller", 0 [pid 6406] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6404] <... munmap resumed>) = 0 [pid 6403] ioctl(4, LOOP_SET_FD, 3 [pid 6402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6406] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6407] <... memfd_create resumed>) = 3 [pid 6406] <... mprotect resumed>) = 0 [pid 6407] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6406] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6407] <... mmap resumed>) = 0x7fbb60600000 [pid 6406] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 6408 attached [pid 6407] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6404] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6403] <... ioctl resumed>) = 0 [pid 6402] <... clone3 resumed> => {parent_tid=[6408]}, 88) = 6408 [pid 6408] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6404] <... openat resumed>) = 4 [pid 6403] close(3 [pid 6408] <... rseq resumed>) = 0 [pid 6404] ioctl(4, LOOP_SET_FD, 3 [pid 6403] <... close resumed>) = 0 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], [pid 6408] set_robust_list(0x7fbb68bde9a0, 24 [pid 6406] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6409]}, 88) = 6409 [pid 6406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6406] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6409 attached [pid 6408] <... set_robust_list resumed>) = 0 [pid 6407] <... write resumed>) = 131072 [pid 6403] close(4 [pid 6402] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6409] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], [pid 6403] <... close resumed>) = 0 [pid 6402] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... rseq resumed>) = 0 [pid 6408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6403] mkdir("./file2", 0777 [pid 6402] <... futex resumed>) = 0 [pid 6408] memfd_create("syzkaller", 0 [pid 6402] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] set_robust_list(0x7fbb68bde9a0, 24 [pid 6408] <... memfd_create resumed>) = 3 [pid 6404] <... ioctl resumed>) = 0 [pid 6403] <... mkdir resumed>) = 0 [pid 6409] <... set_robust_list resumed>) = 0 [pid 6408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6403] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6408] <... mmap resumed>) = 0x7fbb60600000 [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6408] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6407] munmap(0x7fbb60600000, 138412032 [pid 6409] memfd_create("syzkaller", 0 [pid 6407] <... munmap resumed>) = 0 [pid 6409] <... memfd_create resumed>) = 3 [pid 6408] <... write resumed>) = 131072 [pid 6404] close(3 [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6404] <... close resumed>) = 0 [pid 6407] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6407] ioctl(4, LOOP_SET_FD, 3 [pid 6409] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6408] munmap(0x7fbb60600000, 138412032 [pid 6404] close(4 [pid 6408] <... munmap resumed>) = 0 [ 114.673519][ T6403] loop3: detected capacity change from 0 to 256 [ 114.686633][ T6404] loop4: detected capacity change from 0 to 256 [ 114.711500][ T6407] loop2: detected capacity change from 0 to 256 [pid 6407] <... ioctl resumed>) = 0 [pid 6409] <... write resumed>) = 131072 [pid 6408] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6404] <... close resumed>) = 0 [pid 6407] close(3) = 0 [pid 6407] close(4) = 0 [pid 6407] mkdir("./file2", 0777) = 0 [pid 6407] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6409] munmap(0x7fbb60600000, 138412032 [pid 6408] <... openat resumed>) = 4 [pid 6404] mkdir("./file2", 0777) = 0 [pid 6409] <... munmap resumed>) = 0 [pid 6408] ioctl(4, LOOP_SET_FD, 3 [pid 6404] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [ 114.731729][ T6403] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.754259][ T6408] loop1: detected capacity change from 0 to 256 [ 114.758625][ T6407] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_SET_FD, 3 [pid 6408] <... ioctl resumed>) = 0 [pid 6408] close(3 [pid 6409] <... ioctl resumed>) = 0 [pid 6408] <... close resumed>) = 0 [pid 6403] <... mount resumed>) = 0 [pid 6409] close(3 [pid 6408] close(4 [pid 6407] <... mount resumed>) = 0 [pid 6404] <... mount resumed>) = 0 [pid 6403] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6408] <... close resumed>) = 0 [pid 6407] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6404] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6403] <... openat resumed>) = 3 [pid 6408] mkdir("./file2", 0777 [pid 6407] <... openat resumed>) = 3 [pid 6404] <... openat resumed>) = 3 [pid 6403] chdir("./file2") = 0 [pid 6407] chdir("./file2" [pid 6404] chdir("./file2" [pid 6403] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6408] <... mkdir resumed>) = 0 [pid 6407] <... chdir resumed>) = 0 [pid 6404] <... chdir resumed>) = 0 [pid 6403] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6408] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6407] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6403] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6404] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6403] <... futex resumed>) = 1 [pid 6400] <... futex resumed>) = 0 [pid 6407] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6403] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6400] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6407] <... futex resumed>) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6404] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6400] <... futex resumed>) = 0 [pid 6409] <... close resumed>) = 0 [pid 6407] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 114.766953][ T6404] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.781865][ T6403] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.796670][ T6409] loop0: detected capacity change from 0 to 256 [ 114.803518][ T6407] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.812080][ T6404] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6405] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6404] <... futex resumed>) = 1 [pid 6403] mkdir("./file3", 0777 [pid 6401] <... futex resumed>) = 0 [pid 6400] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] close(4 [pid 6407] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6405] <... futex resumed>) = 0 [pid 6404] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6409] <... close resumed>) = 0 [pid 6409] mkdir("./file2", 0777 [pid 6407] mkdir("./file3", 0777 [pid 6405] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6401] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... mkdir resumed>) = 0 [pid 6404] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6401] <... futex resumed>) = 0 [pid 6401] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 114.840620][ T6403] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.853859][ T6407] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.865807][ T6403] exFAT-fs (loop3): Filesystem has been set read-only [ 114.867960][ T6408] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6404] mkdir("./file3", 0777 [pid 6409] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6400] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6400] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6400] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6400] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6403] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6403] +++ killed by SIGSEGV +++ [pid 6400] +++ killed by SIGSEGV +++ [pid 6407] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6400, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6407] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6405] <... futex resumed>) = ? [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6407] +++ killed by SIGSEGV +++ [pid 6405] +++ killed by SIGSEGV +++ [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6405, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 114.873029][ T6404] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.895191][ T6407] exFAT-fs (loop2): Filesystem has been set read-only [ 114.913502][ T6408] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 114.913835][ T6404] exFAT-fs (loop4): Filesystem has been set read-only [pid 5820] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6404] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6408] <... mount resumed>) = 0 [pid 6401] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... umount2 resumed>) = 0 [pid 6404] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6408] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6409] <... mount resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./52/file2", [pid 6409] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6408] chdir("./file2" [pid 5821] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6409] <... openat resumed>) = 3 [pid 6408] <... chdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6409] chdir("./file2" [pid 6408] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6409] <... chdir resumed>) = 0 [pid 6408] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6409] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6408] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6409] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 1 [pid 6404] +++ killed by SIGSEGV +++ [pid 6402] <... futex resumed>) = 0 [pid 6401] +++ killed by SIGSEGV +++ [pid 5820] <... openat resumed>) = 4 [pid 6409] <... futex resumed>) = 1 [pid 6408] mkdir("./file3", 0777 [pid 6406] <... futex resumed>) = 0 [pid 6402] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(3, [pid 5820] newfstatat(4, "", [pid 6409] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] <... futex resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6401, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6402] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6406] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6409] <... futex resumed>) = 0 [ 114.926513][ T6409] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 114.943052][ T6409] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6406] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] getdents64(4, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6409] mkdir("./file3", 0777 [pid 5822] <... openat resumed>) = 3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] newfstatat(3, "", [pid 5820] getdents64(4, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6408] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6408] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6402] <... futex resumed>) = ? [pid 5822] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(4) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 6409] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6408] +++ killed by SIGSEGV +++ [pid 6402] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = 0 [pid 5820] rmdir("./52/file2" [pid 5822] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6409] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6406] <... futex resumed>) = ? [pid 5822] newfstatat(AT_FDCWD, "./53/file2", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] newfstatat(AT_FDCWD, "./53/file2", [pid 5822] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6402, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] <... openat resumed>) = 4 [pid 5821] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5821] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(4, "", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6409] +++ killed by SIGSEGV +++ [pid 6406] +++ killed by SIGSEGV +++ [pid 5822] getdents64(4, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6406, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(4, [pid 5820] unlink("./52/binderfs" [pid 5819] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./50", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] close(4 [pid 5820] <... unlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... close resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] rmdir("./53/file2" [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] close(4 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 5819] newfstatat(3, "", [pid 5818] newfstatat(3, "", [pid 5821] <... close resumed>) = 0 [pid 5820] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 5822] <... rmdir resumed>) = 0 [pid 5821] rmdir("./53/file2" [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 114.981304][ T6408] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.983134][ T6409] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 114.991690][ T6408] exFAT-fs (loop1): Filesystem has been set read-only [ 115.008866][ T6409] exFAT-fs (loop0): Filesystem has been set read-only [pid 5818] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5820] rmdir("./52" [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5819] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] mkdir("./53", 0777) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5819] <... umount2 resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./53/binderfs" [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... unlink resumed>) = 0 [pid 5821] unlink("./53/binderfs") = 0 [pid 5820] <... openat resumed>) = 3 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] getdents64(3, [pid 5821] getdents64(3, [pid 5819] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./53/file2", [pid 5818] newfstatat(AT_FDCWD, "./50/file2", [pid 5821] <... close resumed>) = 0 [pid 5822] close(3 [pid 5820] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] rmdir("./53" [pid 5819] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./50/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] openat(AT_FDCWD, "./50/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(4, "", [pid 5818] <... openat resumed>) = 4 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 5818] newfstatat(4, "", [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 5822] rmdir("./53" [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] mkdir("./54", 0777 [pid 5822] mkdir("./54", 0777 [pid 5818] getdents64(4, [pid 5821] <... mkdir resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6410 attached [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6410] set_robust_list(0x55555eedf6a0, 24 [pid 5821] close(3 [pid 5819] close(4 [pid 5818] close(4 [pid 5819] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5819] rmdir("./53/file2" [pid 5818] rmdir("./50/file2" [pid 6410] <... set_robust_list resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6410 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6410] chdir("./53" [pid 5819] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./50/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./50/binderfs", [pid 5821] <... close resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./50/binderfs") = 0 [pid 5819] unlink("./53/binderfs") = 0 [pid 5818] getdents64(3, [pid 5819] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5819] close(3) = 0 [pid 5818] rmdir("./50" [pid 5819] rmdir("./53" [pid 5818] <... rmdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6410] <... chdir resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] mkdir("./51", 0777 [pid 6410] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] mkdir("./54", 0777./strace-static-x86_64: Process 6411 attached [pid 6410] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 6412 attached [pid 6410] setpgid(0, 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6410] <... setpgid resumed>) = 0 [pid 6411] set_robust_list(0x55555eedf6a0, 24 [pid 6410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6411] <... set_robust_list resumed>) = 0 [pid 6412] set_robust_list(0x55555eedf6a0, 24 [pid 6411] chdir("./54" [pid 6410] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 6411] <... chdir resumed>) = 0 [pid 6410] write(3, "1000", 4 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6412 [pid 6411] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6410] <... write resumed>) = 4 [pid 6411] <... prctl resumed>) = 0 [pid 6410] close(3 [pid 6412] <... set_robust_list resumed>) = 0 [pid 6411] setpgid(0, 0 [pid 6410] <... close resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6411 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6412] chdir("./54" [pid 6411] <... setpgid resumed>) = 0 [pid 6410] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... openat resumed>) = 3 [pid 5818] <... ioctl resumed>) = 0 [pid 6412] <... chdir resumed>) = 0 [pid 6410] <... symlink resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] close(3 [pid 6412] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6410] write(1, "executing program\n", 18 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6412] <... prctl resumed>) = 0 [pid 5819] close(3executing program [pid 6410] <... write resumed>) = 18 [pid 6412] setpgid(0, 0 [pid 6410] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... setpgid resumed>) = 0 [pid 6411] <... openat resumed>) = 3 [pid 6410] <... futex resumed>) = 0 [pid 6411] write(3, "1000", 4 [pid 6410] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6411] <... write resumed>) = 4 [pid 6410] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6411] close(3 [pid 6410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6412] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... close resumed>) = 0 [pid 6412] <... openat resumed>) = 3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6413 attached [pid 6412] write(3, "1000", 4 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6413] set_robust_list(0x55555eedf6a0, 24 [pid 6412] <... write resumed>) = 4 [pid 6411] <... close resumed>) = 0 [pid 6413] <... set_robust_list resumed>) = 0 [pid 6412] close(3 [pid 6411] symlink("/dev/binderfs", "./binderfs" [pid 6410] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6413] chdir("./51" [pid 6412] <... close resumed>) = 0 [pid 6413] <... chdir resumed>) = 0 [pid 6412] symlink("/dev/binderfs", "./binderfs" [pid 6413] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6412] <... symlink resumed>) = 0 [pid 6413] <... prctl resumed>) = 0 [pid 6413] setpgid(0, 0 [pid 6411] <... symlink resumed>) = 0 [pid 6410] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6413 executing program [pid 6413] <... setpgid resumed>) = 0 [pid 6412] write(1, "executing program\n", 18 [pid 6411] write(1, "executing program\n", 18 [pid 6410] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6414 attached [pid 6413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6412] <... write resumed>) = 18 [pid 6410] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6414 [pid 6410] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6413] <... openat resumed>) = 3 [pid 6412] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}executing program ./strace-static-x86_64: Process 6415 attached [pid 6414] set_robust_list(0x55555eedf6a0, 24 [pid 6412] <... futex resumed>) = 0 [pid 6411] <... write resumed>) = 18 [pid 6413] write(3, "1000", 4 [pid 6412] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6415] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6414] <... set_robust_list resumed>) = 0 [pid 6413] <... write resumed>) = 4 [pid 6412] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6411] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] <... clone3 resumed> => {parent_tid=[6415]}, 88) = 6415 [pid 6415] <... rseq resumed>) = 0 [pid 6414] chdir("./54" [pid 6413] close(3 [pid 6412] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6411] <... futex resumed>) = 0 [pid 6410] rt_sigprocmask(SIG_SETMASK, [], [pid 6415] set_robust_list(0x7fbb68bde9a0, 24 [pid 6414] <... chdir resumed>) = 0 [pid 6413] <... close resumed>) = 0 [pid 6412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6410] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6413] symlink("/dev/binderfs", "./binderfs" [pid 6412] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6411] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6410] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... set_robust_list resumed>) = 0 [pid 6414] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6413] <... symlink resumed>) = 0 [pid 6412] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6410] <... futex resumed>) = 0 [pid 6415] rt_sigprocmask(SIG_SETMASK, [], [pid 6414] <... prctl resumed>) = 0 [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6410] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6415] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6414] setpgid(0, 0 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6413] write(1, "executing program\n", 18executing program [pid 6412] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6411] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6415] memfd_create("syzkaller", 0 [pid 6414] <... setpgid resumed>) = 0 [pid 6415] <... memfd_create resumed>) = 3 [pid 6413] <... write resumed>) = 18 [pid 6412] <... mprotect resumed>) = 0 [pid 6411] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6413] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6411] <... mprotect resumed>) = 0 [pid 6413] <... futex resumed>) = 0 [pid 6412] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6413] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6412] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6413] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6416 attached [pid 6413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6416] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6416] <... rseq resumed>) = 0 [pid 6413] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6412] <... clone3 resumed> => {parent_tid=[6416]}, 88) = 6416 [pid 6416] set_robust_list(0x7fbb68bde9a0, 24 [pid 6413] <... mprotect resumed>) = 0 [pid 6416] <... set_robust_list resumed>) = 0 [pid 6413] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6412] rt_sigprocmask(SIG_SETMASK, [], [pid 6416] rt_sigprocmask(SIG_SETMASK, [], [pid 6415] <... mmap resumed>) = 0x7fbb60600000 [pid 6411] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6414] <... openat resumed>) = 3 [pid 6413] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6412] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6415] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6412] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 6417 attached [pid 6416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6412] <... futex resumed>) = 0 [pid 6411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6418 attached [pid 6417] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6416] memfd_create("syzkaller", 0 [pid 6414] write(3, "1000", 4 [pid 6412] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6418] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6417] <... rseq resumed>) = 0 [pid 6416] <... memfd_create resumed>) = 3 [pid 6415] <... write resumed>) = 131072 [pid 6414] <... write resumed>) = 4 [pid 6413] <... clone3 resumed> => {parent_tid=[6417]}, 88) = 6417 [pid 6411] <... clone3 resumed> => {parent_tid=[6418]}, 88) = 6418 [pid 6418] <... rseq resumed>) = 0 [pid 6417] set_robust_list(0x7fbb68bde9a0, 24 [pid 6416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6414] close(3 [pid 6413] rt_sigprocmask(SIG_SETMASK, [], [pid 6411] rt_sigprocmask(SIG_SETMASK, [], [pid 6418] set_robust_list(0x7fbb68bde9a0, 24 [pid 6417] <... set_robust_list resumed>) = 0 [pid 6416] <... mmap resumed>) = 0x7fbb60600000 [pid 6415] munmap(0x7fbb60600000, 138412032 [pid 6414] <... close resumed>) = 0 [pid 6413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] <... set_robust_list resumed>) = 0 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], [pid 6415] <... munmap resumed>) = 0 [pid 6414] symlink("/dev/binderfs", "./binderfs" [pid 6413] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], [pid 6417] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6414] <... symlink resumed>) = 0 [pid 6413] <... futex resumed>) = 0 [pid 6411] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6417] memfd_create("syzkaller", 0executing program [pid 6415] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6414] write(1, "executing program\n", 18 [pid 6411] <... futex resumed>) = 0 [pid 6418] memfd_create("syzkaller", 0 [pid 6413] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6415] <... openat resumed>) = 4 [pid 6418] <... memfd_create resumed>) = 3 [pid 6417] <... memfd_create resumed>) = 3 [pid 6415] ioctl(4, LOOP_SET_FD, 3 [pid 6414] <... write resumed>) = 18 [pid 6411] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6418] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6416] <... write resumed>) = 131072 [pid 6414] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... mmap resumed>) = 0x7fbb60600000 [pid 6414] <... futex resumed>) = 0 [pid 6414] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6418] <... mmap resumed>) = 0x7fbb60600000 [pid 6417] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6416] munmap(0x7fbb60600000, 138412032) = 0 [pid 6416] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6416] ioctl(4, LOOP_SET_FD, 3 [pid 6418] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6417] <... write resumed>) = 131072 [pid 6415] <... ioctl resumed>) = 0 [pid 6414] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6417] munmap(0x7fbb60600000, 138412032) = 0 [pid 6415] close(3) = 0 [pid 6415] close(4 [pid 6417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6417] ioctl(4, LOOP_SET_FD, 3 [pid 6416] <... ioctl resumed>) = 0 [pid 6416] close(3 [pid 6418] <... write resumed>) = 131072 [pid 6416] <... close resumed>) = 0 [pid 6415] <... close resumed>) = 0 [pid 6416] close(4 [pid 6415] mkdir("./file2", 0777 [pid 6416] <... close resumed>) = 0 [pid 6416] mkdir("./file2", 0777) = 0 [pid 6416] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6415] <... mkdir resumed>) = 0 [pid 6415] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6418] munmap(0x7fbb60600000, 138412032) = 0 [ 115.231462][ T6415] loop2: detected capacity change from 0 to 256 [ 115.237599][ T6416] loop3: detected capacity change from 0 to 256 [ 115.251099][ T6417] loop0: detected capacity change from 0 to 256 [pid 6414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6418] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6417] <... ioctl resumed>) = 0 [pid 6418] <... openat resumed>) = 4 [pid 6417] close(3) = 0 [pid 6417] close(4 [pid 6418] ioctl(4, LOOP_SET_FD, 3 [pid 6414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6418] <... ioctl resumed>) = 0 [pid 6417] <... close resumed>) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6418] close(3 [pid 6417] mkdir("./file2", 0777 [pid 6414] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6418] <... close resumed>) = 0 [pid 6417] <... mkdir resumed>) = 0 [pid 6418] close(4 [pid 6417] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6414] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6418] <... close resumed>) = 0 [pid 6414] <... mprotect resumed>) = 0 [pid 6418] mkdir("./file2", 0777 [pid 6414] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6418] <... mkdir resumed>) = 0 [pid 6414] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6416] <... mount resumed>) = 0 [ 115.273600][ T6416] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.297266][ T6418] loop4: detected capacity change from 0 to 256 [ 115.299280][ T6416] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6416] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6416] chdir("./file2") = 0 [pid 6416] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6416] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] <... futex resumed>) = 0 [pid 6416] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6412] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6412] <... futex resumed>) = 0 [pid 6416] mkdir("./file3", 0777 [pid 6412] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6419 attached [pid 6418] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6414] <... clone3 resumed> => {parent_tid=[6419]}, 88) = 6419 [pid 6419] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [ 115.334816][ T6417] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.344207][ T6416] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 115.356084][ T6415] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.367866][ T6416] exFAT-fs (loop3): Filesystem has been set read-only [ 115.375420][ T6417] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6414] rt_sigprocmask(SIG_SETMASK, [], [pid 6416] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6419] <... rseq resumed>) = 0 [pid 6414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6416] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6412] <... futex resumed>) = ? [pid 6416] +++ killed by SIGSEGV +++ [pid 6412] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6412, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6419] set_robust_list(0x7fbb68bde9a0, 24 [pid 6414] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... set_robust_list resumed>) = 0 [pid 6414] <... futex resumed>) = 0 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], [pid 6414] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6419] memfd_create("syzkaller", 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 6419] <... memfd_create resumed>) = 3 [pid 6419] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5821] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 6419] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6419] <... write resumed>) = 131072 [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6419] munmap(0x7fbb60600000, 138412032) = 0 [pid 5821] newfstatat(AT_FDCWD, "./54/file2", [pid 6419] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6417] <... mount resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6419] <... openat resumed>) = 4 [pid 6417] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6419] ioctl(4, LOOP_SET_FD, 3 [pid 6415] <... mount resumed>) = 0 [pid 6417] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 6417] chdir("./file2" [pid 6415] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [ 115.387652][ T6415] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 115.414059][ T6419] loop1: detected capacity change from 0 to 256 [ 115.425186][ T6418] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6419] <... ioctl resumed>) = 0 [pid 6417] <... chdir resumed>) = 0 [pid 6415] <... openat resumed>) = 3 [pid 5821] close(4 [pid 6419] close(3 [pid 6417] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6415] chdir("./file2" [pid 6419] <... close resumed>) = 0 [pid 6417] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6419] close(4 [pid 6417] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... chdir resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./54/file2") = 0 [pid 5821] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6415] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6419] <... close resumed>) = 0 [pid 6419] mkdir("./file2", 0777 [pid 6418] <... mount resumed>) = 0 [pid 6417] <... futex resumed>) = 1 [pid 6415] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6413] <... futex resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./54/binderfs", [pid 6419] <... mkdir resumed>) = 0 [pid 6418] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6417] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6415] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6418] <... openat resumed>) = 3 [pid 6417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6415] <... futex resumed>) = 1 [pid 6413] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6418] chdir("./file2" [ 115.438585][ T6418] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 115.460853][ T6419] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.474872][ T6417] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6417] mkdir("./file3", 0777 [pid 6415] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6413] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] unlink("./54/binderfs" [pid 6418] <... chdir resumed>) = 0 [pid 6415] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6410] <... futex resumed>) = 0 [pid 6418] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6415] mkdir("./file3", 0777 [pid 6410] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6418] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6418] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6418] mkdir("./file3", 0777 [pid 6411] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6419] <... mount resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6419] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] getdents64(3, [pid 6419] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./54" [pid 6419] chdir("./file2" [pid 5821] <... rmdir resumed>) = 0 [pid 6419] <... chdir resumed>) = 0 [pid 5821] mkdir("./55", 0777 [pid 6419] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6419] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 6419] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6415] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6413] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6410] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6413] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6410] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6419] <... futex resumed>) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6413] <... futex resumed>) = 0 [pid 6410] <... futex resumed>) = 0 [pid 6418] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 6420 attached [pid 6419] mkdir("./file3", 0777 [pid 6417] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6415] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6414] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6411] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6410] ???( [pid 6414] <... futex resumed>) = 0 [pid 6413] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6411] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6413] ???( [pid 6411] <... futex resumed>) = 0 [pid 6414] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6410] <... ??? resumed>) = ? [pid 6413] <... ??? resumed>) = ? [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6411] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6418] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6411] <... mprotect resumed>) = 0 [ 115.476741][ T6419] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 115.487175][ T6417] exFAT-fs (loop0): Filesystem has been set read-only [ 115.500065][ T6415] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 115.507771][ T6418] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 115.509636][ T6415] exFAT-fs (loop2): Filesystem has been set read-only [ 115.529360][ T6418] exFAT-fs (loop4): Filesystem has been set read-only [pid 6418] +++ killed by SIGSEGV +++ [pid 6417] +++ killed by SIGSEGV +++ [pid 6413] +++ killed by SIGSEGV +++ [pid 6411] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6411, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6413, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6415] +++ killed by SIGSEGV +++ [pid 6410] +++ killed by SIGSEGV +++ [pid 6420] set_robust_list(0x55555eedf6a0, 24 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6410, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6420] <... set_robust_list resumed>) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5822] <... restart_syscall resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./51", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] newfstatat(3, "", [pid 5820] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", [pid 5822] getdents64(3, [pid 5820] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 6420] chdir("./55" [pid 5822] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6420 [pid 5820] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6420] <... chdir resumed>) = 0 [pid 6419] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6420] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... umount2 resumed>) = 0 [pid 6420] <... prctl resumed>) = 0 [pid 6419] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6420] setpgid(0, 0 [pid 5820] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6420] <... setpgid resumed>) = 0 [pid 6414] <... futex resumed>) = ? [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] newfstatat(AT_FDCWD, "./53/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(AT_FDCWD, "./51/file2", [pid 5820] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./51/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 4 [pid 5818] openat(AT_FDCWD, "./51/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(4, "", [pid 5818] <... openat resumed>) = 4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6419] +++ killed by SIGSEGV +++ [pid 6414] +++ killed by SIGSEGV +++ [pid 5822] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(4, "", [pid 6420] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6414, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6420] write(3, "1000", 4 [pid 5822] newfstatat(AT_FDCWD, "./54/file2", [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5818] getdents64(4, [pid 6420] <... write resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] getdents64(4, [pid 6420] close(3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6420] <... close resumed>) = 0 [pid 5822] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(4 [pid 6420] symlink("/dev/binderfs", "./binderfs" [pid 5818] getdents64(4, [pid 6420] <... symlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5820] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6420] write(1, "executing program\n", 18 [pid 5822] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] rmdir("./53/file2" [pid 5818] close(4 [pid 6420] <... write resumed>) = 18 [pid 5819] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6420] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 6420] <... futex resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] rmdir("./51/file2" [pid 6420] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6420] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6420] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 4 [pid 5820] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 5818] <... rmdir resumed>) = 0 [pid 6420] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(4, "", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] umount2("./51/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6420] <... mprotect resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./53/binderfs", [pid 6420] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6420] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] newfstatat(AT_FDCWD, "./51/binderfs", ./strace-static-x86_64: Process 6421 attached [pid 6421] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6420] <... clone3 resumed> => {parent_tid=[6421]}, 88) = 6421 [pid 5819] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6421] <... rseq resumed>) = 0 [pid 6420] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6421] set_robust_list(0x7fbb68bde9a0, 24 [pid 6420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] unlink("./53/binderfs" [pid 5818] unlink("./51/binderfs" [pid 6421] <... set_robust_list resumed>) = 0 [pid 6420] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6421] rt_sigprocmask(SIG_SETMASK, [], [pid 6420] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5818] getdents64(3, [pid 6421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6420] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] close(4 [pid 5820] getdents64(3, [pid 5819] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6421] memfd_create("syzkaller", 0 [pid 5822] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 6421] <... memfd_create resumed>) = 3 [pid 5822] rmdir("./54/file2" [pid 5820] close(3 [pid 5819] newfstatat(AT_FDCWD, "./54/file2", [pid 5818] <... close resumed>) = 0 [pid 6421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./51" [pid 6421] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... close resumed>) = 0 [pid 5819] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./53" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... rmdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [ 115.556928][ T6419] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 115.567416][ T6419] exFAT-fs (loop1): Filesystem has been set read-only [pid 5819] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] mkdir("./52", 0777 [pid 6421] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] newfstatat(AT_FDCWD, "./54/binderfs", [pid 5820] mkdir("./54", 0777 [pid 5819] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5822] unlink("./54/binderfs") = 0 [pid 5819] newfstatat(4, "", [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5822] getdents64(3, [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] getdents64(4, [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... ioctl resumed>) = 0 [pid 5819] getdents64(4, [pid 6421] <... write resumed>) = 131072 [pid 5822] close(3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5819] close(4 [pid 6421] munmap(0x7fbb60600000, 138412032 [pid 5819] <... close resumed>) = 0 [pid 6421] <... munmap resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] rmdir("./54/file2" [pid 5818] <... close resumed>) = 0 [pid 6421] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] rmdir("./54" [pid 5820] close(3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6421] <... openat resumed>) = 4 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./54/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./54") = 0 [pid 5819] mkdir("./55", 0777./strace-static-x86_64: Process 6422 attached [pid 6421] ioctl(4, LOOP_SET_FD, 3 [pid 5822] mkdir("./55", 0777 [pid 5820] <... close resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6422] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... mkdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6422 [pid 5822] <... openat resumed>) = 3 [pid 6422] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 6423 attached [pid 6422] chdir("./52" [pid 6421] <... ioctl resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] <... openat resumed>) = 3 [pid 6423] set_robust_list(0x55555eedf6a0, 24 [pid 6422] <... chdir resumed>) = 0 [pid 6421] close(3 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6423 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6423] <... set_robust_list resumed>) = 0 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6421] <... close resumed>) = 0 [pid 5822] close(3 [pid 6423] chdir("./54" [pid 6422] <... prctl resumed>) = 0 [pid 6421] close(4 [pid 5819] <... ioctl resumed>) = 0 [pid 6423] <... chdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] close(3./strace-static-x86_64: Process 6424 attached [pid 6422] setpgid(0, 0 [pid 6423] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6421] <... close resumed>) = 0 [pid 6423] <... prctl resumed>) = 0 [pid 6422] <... setpgid resumed>) = 0 [pid 6421] mkdir("./file2", 0777 [pid 6423] setpgid(0, 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6424] set_robust_list(0x55555eedf6a0, 24 [pid 6423] <... setpgid resumed>) = 0 [pid 6422] <... openat resumed>) = 3 [pid 6421] <... mkdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6424 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6422] write(3, "1000", 4 [pid 6421] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6422] <... write resumed>) = 4 ./strace-static-x86_64: Process 6425 attached [pid 6422] close(3) = 0 [pid 6425] set_robust_list(0x55555eedf6a0, 24 [pid 6422] symlink("/dev/binderfs", "./binderfs" [pid 6424] <... set_robust_list resumed>) = 0 [pid 6425] <... set_robust_list resumed>) = 0 [pid 6424] chdir("./55" [pid 6422] <... symlink resumed>) = 0 [pid 6425] chdir("./55" [pid 6424] <... chdir resumed>) = 0 executing program [pid 6422] write(1, "executing program\n", 18 [pid 6425] <... chdir resumed>) = 0 [pid 6424] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6425 [pid 6422] <... write resumed>) = 18 [pid 6425] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6424] <... prctl resumed>) = 0 [pid 6425] <... prctl resumed>) = 0 [pid 6424] setpgid(0, 0 [pid 6423] <... openat resumed>) = 3 [pid 6422] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] setpgid(0, 0 [pid 6424] <... setpgid resumed>) = 0 [pid 6425] <... setpgid resumed>) = 0 [pid 6424] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6423] write(3, "1000", 4 [pid 6422] <... futex resumed>) = 0 [pid 6425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6424] <... openat resumed>) = 3 [pid 6423] <... write resumed>) = 4 [pid 6422] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6425] <... openat resumed>) = 3 [ 115.659415][ T6421] loop3: detected capacity change from 0 to 256 [pid 6424] write(3, "1000", 4) = 4 [pid 6424] close(3) = 0 [pid 6424] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6424] write(1, "executing program\n", 18 [pid 6425] write(3, "1000", 4 [pid 6423] close(3 [pid 6422] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6424] <... write resumed>) = 18 [pid 6424] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6424] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6425] <... write resumed>) = 4 [pid 6423] <... close resumed>) = 0 [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] close(3 [pid 6423] symlink("/dev/binderfs", "./binderfs" [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6425] <... close resumed>) = 0 [pid 6424] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6423] <... symlink resumed>) = 0 [pid 6425] symlink("/dev/binderfs", "./binderfs" [pid 6423] write(1, "executing program\n", 18 [pid 6422] <... mmap resumed>) = 0x7fbb68bbe000 executing program [pid 6425] <... symlink resumed>) = 0 [pid 6424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] <... write resumed>) = 18 [pid 6422] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6425] write(1, "executing program\n", 18executing program [pid 6423] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... mprotect resumed>) = 0 [pid 6425] <... write resumed>) = 18 [pid 6424] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6423] <... futex resumed>) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6421] <... mount resumed>) = 0 [pid 6425] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6424] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6423] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6422] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6421] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6425] <... futex resumed>) = 0 [pid 6424] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6423] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6421] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6426 attached [pid 6425] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6424] <... mprotect resumed>) = 0 [pid 6423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6421] chdir("./file2" [pid 6426] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6425] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6424] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] <... clone3 resumed> => {parent_tid=[6426]}, 88) = 6426 [pid 6421] <... chdir resumed>) = 0 [pid 6426] <... rseq resumed>) = 0 [pid 6425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6424] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6421] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6426] set_robust_list(0x7fbb68bde9a0, 24 [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6424] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6423] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6421] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6426] <... set_robust_list resumed>) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6423] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6422] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6421] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6427 attached [pid 6426] rt_sigprocmask(SIG_SETMASK, [], [pid 6425] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6423] <... mprotect resumed>) = 0 [pid 6422] <... futex resumed>) = 0 [pid 6421] <... futex resumed>) = 1 [pid 6420] <... futex resumed>) = 0 [pid 6427] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6424] <... clone3 resumed> => {parent_tid=[6427]}, 88) = 6427 [pid 6423] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6422] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6421] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6420] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6427] <... rseq resumed>) = 0 [pid 6426] memfd_create("syzkaller", 0 [pid 6425] <... mprotect resumed>) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6421] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6420] <... futex resumed>) = 0 [pid 6427] set_robust_list(0x7fbb68bde9a0, 24 [pid 6426] <... memfd_create resumed>) = 3 [pid 6425] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6424] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 115.712961][ T6421] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.727401][ T6421] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6421] mkdir("./file3", 0777 [pid 6420] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6428 attached [pid 6427] <... set_robust_list resumed>) = 0 [pid 6426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6425] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6424] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6423] <... clone3 resumed> => {parent_tid=[6428]}, 88) = 6428 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6425] <... clone3 resumed> => {parent_tid=[6429]}, 88) = 6429 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] <... futex resumed>) = 0 [pid 6425] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6429 attached [pid 6428] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6425] <... futex resumed>) = 0 [pid 6424] <... futex resumed>) = 0 [pid 6426] <... mmap resumed>) = 0x7fbb60600000 [pid 6425] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6428] <... rseq resumed>) = 0 [pid 6427] rt_sigprocmask(SIG_SETMASK, [], [pid 6428] set_robust_list(0x7fbb68bde9a0, 24 [pid 6427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6424] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6428] <... set_robust_list resumed>) = 0 [pid 6427] memfd_create("syzkaller", 0 [pid 6428] rt_sigprocmask(SIG_SETMASK, [], [pid 6427] <... memfd_create resumed>) = 3 [pid 6428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6429] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6428] memfd_create("syzkaller", 0 [pid 6427] <... mmap resumed>) = 0x7fbb60600000 [pid 6426] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6429] <... rseq resumed>) = 0 [pid 6429] set_robust_list(0x7fbb68bde9a0, 24 [pid 6428] <... memfd_create resumed>) = 3 [pid 6427] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6426] <... write resumed>) = 131072 [pid 6429] <... set_robust_list resumed>) = 0 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], [pid 6428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6427] <... write resumed>) = 131072 [pid 6429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6429] memfd_create("syzkaller", 0 [pid 6428] <... mmap resumed>) = 0x7fbb60600000 [pid 6429] <... memfd_create resumed>) = 3 [pid 6428] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6427] munmap(0x7fbb60600000, 138412032 [pid 6426] munmap(0x7fbb60600000, 138412032 [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6427] <... munmap resumed>) = 0 [pid 6426] <... munmap resumed>) = 0 [pid 6426] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6429] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6428] <... write resumed>) = 131072 [pid 6426] <... openat resumed>) = 4 [pid 6427] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6427] ioctl(4, LOOP_SET_FD, 3 [pid 6429] <... write resumed>) = 131072 [pid 6428] munmap(0x7fbb60600000, 138412032 [ 115.766478][ T6421] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 115.799517][ T6421] exFAT-fs (loop3): Filesystem has been set read-only [ 115.807884][ T6427] loop4: detected capacity change from 0 to 256 [pid 6426] ioctl(4, LOOP_SET_FD, 3 [pid 6428] <... munmap resumed>) = 0 [pid 6420] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6428] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6420] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... openat resumed>) = 4 [pid 6420] <... futex resumed>) = 0 [pid 6428] ioctl(4, LOOP_SET_FD, 3 [pid 6420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6429] munmap(0x7fbb60600000, 138412032 [pid 6420] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6420] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6429] <... munmap resumed>) = 0 [pid 6420] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6429] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6420] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6429] <... openat resumed>) = 4 [pid 6426] <... ioctl resumed>) = 0 [pid 6420] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6429] ioctl(4, LOOP_SET_FD, 3 [pid 6426] close(3./strace-static-x86_64: Process 6430 attached [pid 6421] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6420] <... clone3 resumed> => {parent_tid=[6430]}, 88) = 6430 [pid 6430] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6421] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6420] rt_sigprocmask(SIG_SETMASK, [], [pid 6430] <... rseq resumed>) = ? [pid 6420] <... rt_sigprocmask resumed> ) = ? [pid 6430] +++ killed by SIGSEGV +++ [pid 6427] <... ioctl resumed>) = 0 [pid 6427] close(3) = 0 [pid 6427] close(4) = 0 [pid 6426] <... close resumed>) = 0 [pid 6426] close(4 [pid 6427] mkdir("./file2", 0777) = 0 [pid 6426] <... close resumed>) = 0 [pid 6426] mkdir("./file2", 0777) = 0 [pid 6421] +++ killed by SIGSEGV +++ [pid 6420] +++ killed by SIGSEGV +++ [pid 6427] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6420, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6426] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6428] <... ioctl resumed>) = 0 [pid 6429] <... ioctl resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [ 115.816043][ T6426] loop0: detected capacity change from 0 to 256 [ 115.818421][ T6428] loop2: detected capacity change from 0 to 256 [ 115.832970][ T6429] loop1: detected capacity change from 0 to 256 [pid 6429] close(3 [pid 6428] close(3 [pid 6429] <... close resumed>) = 0 [pid 6429] close(4 [pid 6428] <... close resumed>) = 0 [pid 6429] <... close resumed>) = 0 [pid 6428] close(4 [pid 6429] mkdir("./file2", 0777 [pid 6428] <... close resumed>) = 0 [pid 6429] <... mkdir resumed>) = 0 [pid 6428] mkdir("./file2", 0777) = 0 [pid 6429] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6428] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 115.860990][ T6427] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.882141][ T6426] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.898266][ T6427] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5821] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./55/file2") = 0 [pid 5821] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./55/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./55") = 0 [pid 6427] <... mount resumed>) = 0 [pid 6426] <... mount resumed>) = 0 [ 115.918364][ T6426] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 115.938493][ T6428] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 115.942868][ T6429] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] mkdir("./56", 0777) = 0 [pid 6427] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6426] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6427] <... openat resumed>) = 3 [pid 6426] <... openat resumed>) = 3 [pid 6426] chdir("./file2" [pid 6427] chdir("./file2" [pid 6426] <... chdir resumed>) = 0 [pid 6427] <... chdir resumed>) = 0 [pid 6426] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6431 attached ) = -1 EBUSY (Device or resource busy) [pid 6426] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6422] <... futex resumed>) = 0 [pid 6426] mkdir("./file3", 0777 [pid 6422] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6431] set_robust_list(0x55555eedf6a0, 24 [pid 6427] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6431] <... set_robust_list resumed>) = 0 [pid 6427] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] chdir("./56" [pid 6427] <... futex resumed>) = 1 [pid 6431] <... chdir resumed>) = 0 [pid 6427] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6431] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6431 [pid 6431] setpgid(0, 0) = 0 [pid 6431] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6424] <... futex resumed>) = 0 [pid 6431] write(3, "1000", 4) = 4 [pid 6431] close(3) = 0 [pid 6424] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6431] write(1, "executing program\n", 18) = 18 [pid 6431] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6431] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6428] <... mount resumed>) = 0 [pid 6431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6428] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6424] <... futex resumed>) = 1 [pid 6431] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6428] <... openat resumed>) = 3 [ 115.953923][ T6428] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 115.964168][ T6429] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 115.991598][ T6426] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6427] <... futex resumed>) = 0 [pid 6431] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6428] chdir("./file2" [pid 6431] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6428] <... chdir resumed>) = 0 [pid 6427] mkdir("./file3", 0777 [pid 6431] <... mprotect resumed>) = 0 [pid 6428] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6424] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... mount resumed>) = 0 [pid 6428] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6429] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6428] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... openat resumed>) = 3 [pid 6428] <... futex resumed>) = 1 [pid 6423] <... futex resumed>) = 0 [pid 6429] chdir("./file2" [pid 6428] mkdir("./file3", 0777 [pid 6423] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... chdir resumed>) = 0 [pid 6423] <... futex resumed>) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6423] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6422] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6431] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6429] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6429] <... futex resumed>) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6422] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6429] mkdir("./file3", 0777 [pid 6425] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6425] <... futex resumed>) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 6432 attached [pid 6431] <... clone3 resumed> => {parent_tid=[6432]}, 88) = 6432 [pid 6426] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6425] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6422] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6431] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] <... mprotect resumed>) = 0 [pid 6431] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6432] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6431] <... futex resumed>) = 0 [pid 6422] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6432] <... rseq resumed>) = 0 [pid 6431] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6433 attached [pid 6432] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6422] <... clone3 resumed> => {parent_tid=[6433]}, 88) = 6433 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6427] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6426] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6433] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6433] <... rseq resumed>) = 0 [pid 6432] memfd_create("syzkaller", 0 [pid 6422] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6432] <... memfd_create resumed>) = 3 [pid 6422] <... futex resumed>) = 0 [pid 6433] <... set_robust_list resumed>) = 0 [pid 6432] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6422] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6433] rt_sigprocmask(SIG_SETMASK, [], [pid 6432] <... mmap resumed>) = 0x7fbb60600000 [pid 6433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6432] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6433] openat(AT_FDCWD, ".", O_RDONLY [pid 6432] munmap(0x7fbb60600000, 138412032) = 0 [pid 6428] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6427] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 116.010488][ T6427] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.024671][ T6428] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.027613][ T6426] exFAT-fs (loop0): Filesystem has been set read-only [ 116.039080][ T6429] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.042431][ T6427] exFAT-fs (loop4): Filesystem has been set read-only [ 116.057165][ T6428] exFAT-fs (loop2): Filesystem has been set read-only [pid 6432] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6433] <... openat resumed>) = ? [pid 6429] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6428] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6424] <... futex resumed>) = ? [pid 6422] <... futex resumed>) = ? [pid 6433] +++ killed by SIGSEGV +++ [pid 6432] <... openat resumed>) = 4 [pid 6429] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6425] <... futex resumed>) = ? [pid 6423] <... futex resumed>) = ? [pid 6429] +++ killed by SIGSEGV +++ [pid 6425] +++ killed by SIGSEGV +++ [pid 6426] +++ killed by SIGSEGV +++ [pid 6422] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6425, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6422, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6432] ioctl(4, LOOP_SET_FD, 3 [pid 6427] +++ killed by SIGSEGV +++ [pid 6424] +++ killed by SIGSEGV +++ [pid 5818] <... restart_syscall resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6424, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./52", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... openat resumed>) = 3 [pid 5819] newfstatat(3, "", [pid 5818] newfstatat(3, "", [pid 5822] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, [pid 5819] getdents64(3, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] getdents64(3, [pid 5822] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = 0 [pid 6428] +++ killed by SIGSEGV +++ [pid 6423] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6423, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6432] <... ioctl resumed>) = 0 [pid 6432] close(3 [pid 5822] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 5818] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6432] <... close resumed>) = 0 [pid 5820] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6432] close(4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6432] <... close resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./55/file2", [pid 5820] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./52/file2", [pid 6432] mkdir("./file2", 0777 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] newfstatat(AT_FDCWD, "./55/file2", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./52/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6432] <... mkdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... openat resumed>) = 4 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 4 [pid 5818] openat(AT_FDCWD, "./52/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6432] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] newfstatat(4, "", [pid 5820] <... umount2 resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... openat resumed>) = 4 [pid 5822] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [ 116.065780][ T6429] exFAT-fs (loop1): Filesystem has been set read-only [ 116.083631][ T6432] loop3: detected capacity change from 0 to 256 [pid 5818] getdents64(4, [pid 5822] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] getdents64(4, [pid 5818] getdents64(4, [pid 5822] close(4 [pid 5820] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(4 [pid 5818] close(4 [pid 5822] rmdir("./55/file2" [pid 5819] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./54/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./55/file2" [pid 5818] rmdir("./52/file2" [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5822] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] newfstatat(AT_FDCWD, "./55/binderfs", [pid 5820] <... openat resumed>) = 4 [pid 5819] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./52/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(4, "", [pid 5822] unlink("./55/binderfs" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(AT_FDCWD, "./55/binderfs", [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(AT_FDCWD, "./52/binderfs", [pid 5822] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] unlink("./55/binderfs" [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 5820] getdents64(4, [pid 5819] <... unlink resumed>) = 0 [pid 5818] unlink("./52/binderfs" [pid 5822] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] rmdir("./55" [pid 5820] close(4 [pid 5818] <... unlink resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 5820] rmdir("./54/file2" [pid 5818] getdents64(3, [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5822] mkdir("./56", 0777 [pid 5818] <... close resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5819] close(3 [pid 5818] rmdir("./52" [pid 5819] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./55" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... rmdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./54/binderfs", [pid 5822] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] mkdir("./53", 0777 [pid 6432] <... mount resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] unlink("./54/binderfs" [pid 5819] mkdir("./56", 0777 [pid 5818] <... mkdir resumed>) = 0 [pid 6432] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... ioctl resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... unlink resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6432] <... openat resumed>) = 3 [pid 5822] close(3 [pid 5820] getdents64(3, [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6432] chdir("./file2" [pid 5818] close(3 [pid 6432] <... chdir resumed>) = 0 [pid 6432] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6432] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 5820] close(3) = 0 [pid 6432] <... futex resumed>) = 1 [pid 6431] <... futex resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] rmdir("./54" [pid 5819] <... openat resumed>) = 3 [pid 6431] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6434 attached [pid 6431] <... futex resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6434 [pid 5819] <... ioctl resumed>) = 0 [pid 6431] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] close(3) = 0 [ 116.135145][ T6432] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.157738][ T6432] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6432] mkdir("./file3", 0777 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6436 attached ./strace-static-x86_64: Process 6435 attached [pid 6434] set_robust_list(0x55555eedf6a0, 24 [pid 5820] mkdir("./55", 0777 [pid 6434] <... set_robust_list resumed>) = 0 [pid 6435] set_robust_list(0x55555eedf6a0, 24 [pid 5820] <... mkdir resumed>) = 0 [pid 6436] set_robust_list(0x55555eedf6a0, 24 [pid 6435] <... set_robust_list resumed>) = 0 [pid 6434] chdir("./56" [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6436] <... set_robust_list resumed>) = 0 [pid 6435] chdir("./53" [pid 5820] <... openat resumed>) = 3 [pid 6436] chdir("./56" [pid 6435] <... chdir resumed>) = 0 [pid 6434] <... chdir resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6434] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6435] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6435 [pid 6436] <... chdir resumed>) = 0 [pid 6435] <... prctl resumed>) = 0 [pid 6434] <... prctl resumed>) = 0 [pid 5820] close(3 [pid 6436] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6436 [pid 5820] <... close resumed>) = 0 [pid 6436] <... prctl resumed>) = 0 [pid 6435] setpgid(0, 0 [pid 6434] setpgid(0, 0 [pid 6432] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6436] setpgid(0, 0 [pid 6435] <... setpgid resumed>) = 0 [pid 6434] <... setpgid resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6436] <... setpgid resumed>) = 0 [pid 6434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6434] <... openat resumed>) = 3 [pid 6436] <... openat resumed>) = 3 [pid 6435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6436] write(3, "1000", 4./strace-static-x86_64: Process 6437 attached [pid 6435] <... openat resumed>) = 3 [pid 6434] write(3, "1000", 4 [pid 6432] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6431] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6435] write(3, "1000", 4 [pid 6436] <... write resumed>) = 4 [pid 6435] <... write resumed>) = 4 [pid 6432] +++ killed by SIGSEGV +++ [pid 6434] <... write resumed>) = 4 [pid 6431] +++ killed by SIGSEGV +++ [pid 6437] set_robust_list(0x55555eedf6a0, 24 [pid 6436] close(3 [pid 6435] close(3 [pid 6434] close(3 [pid 6437] <... set_robust_list resumed>) = 0 [pid 6436] <... close resumed>) = 0 [pid 6435] <... close resumed>) = 0 [pid 6434] <... close resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6431, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6435] symlink("/dev/binderfs", "./binderfs" [pid 6437] chdir("./55" [pid 6436] symlink("/dev/binderfs", "./binderfs" [pid 6435] <... symlink resumed>) = 0 [pid 6434] symlink("/dev/binderfs", "./binderfs" executing program [pid 6436] <... symlink resumed>) = 0 [pid 6435] write(1, "executing program\n", 18) = 18 executing program [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6437 [pid 6436] write(1, "executing program\n", 18 [pid 6435] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 6434] <... symlink resumed>) = 0 [pid 5821] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6437] <... chdir resumed>) = 0 [pid 6436] <... write resumed>) = 18 [pid 6435] <... futex resumed>) = 0 [pid 6434] write(1, "executing program\n", 18 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6437] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6436] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] <... write resumed>) = 18 [pid 5821] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6436] <... futex resumed>) = 0 [ 116.218553][ T6432] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.234414][ T6432] exFAT-fs (loop3): Filesystem has been set read-only [pid 6435] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] <... openat resumed>) = 3 [pid 6436] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6437] <... prctl resumed>) = 0 [pid 6436] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6435] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6434] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] newfstatat(3, "", [pid 6437] setpgid(0, 0 [pid 6436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6434] <... futex resumed>) = 0 [pid 6437] <... setpgid resumed>) = 0 [pid 6436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6434] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6434] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] getdents64(3, [pid 6436] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6436] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6435] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6436] <... mprotect resumed>) = 0 [pid 6435] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6434] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6437] <... openat resumed>) = 3 [pid 6436] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6435] <... mprotect resumed>) = 0 [pid 6434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6436] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 6438 attached [pid 6435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6434] <... mmap resumed>) = 0x7fbb68bbe000 ./strace-static-x86_64: Process 6439 attached [pid 6435] <... clone3 resumed> => {parent_tid=[6439]}, 88) = 6439 [pid 6437] write(3, "1000", 4 [pid 6436] <... clone3 resumed> => {parent_tid=[6438]}, 88) = 6438 [pid 6434] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6439] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6437] <... write resumed>) = 4 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], [pid 6435] rt_sigprocmask(SIG_SETMASK, [], [pid 6434] <... mprotect resumed>) = 0 [pid 6439] <... rseq resumed>) = 0 [pid 6438] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6437] close(3 [pid 6436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6438] <... rseq resumed>) = 0 [pid 6436] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6435] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... close resumed>) = 0 [pid 6439] set_robust_list(0x7fbb68bde9a0, 24 [pid 6438] set_robust_list(0x7fbb68bde9a0, 24 [pid 6437] symlink("/dev/binderfs", "./binderfs" [pid 6436] <... futex resumed>) = 0 [pid 6435] <... futex resumed>) = 0 [pid 6434] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6439] <... set_robust_list resumed>) = 0 [pid 6438] <... set_robust_list resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 6436] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6439] memfd_create("syzkaller", 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], [pid 6435] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6439] <... memfd_create resumed>) = 3 [pid 6438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6438] memfd_create("syzkaller", 0 [pid 6439] <... mmap resumed>) = 0x7fbb60600000 [pid 6438] <... memfd_create resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6437] <... symlink resumed>) = 0 [pid 6434] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] newfstatat(AT_FDCWD, "./56/file2", executing program [pid 6439] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6438] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6437] write(1, "executing program\n", 18 [pid 6434] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6437] <... write resumed>) = 18 ./strace-static-x86_64: Process 6440 attached [pid 6438] <... mmap resumed>) = 0x7fbb60600000 [pid 6437] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6440] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6438] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6437] <... futex resumed>) = 0 [pid 6434] <... clone3 resumed> => {parent_tid=[6440]}, 88) = 6440 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6440] <... rseq resumed>) = 0 [pid 6437] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6434] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6440] set_robust_list(0x7fbb68bde9a0, 24 [pid 6437] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6434] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... set_robust_list resumed>) = 0 [pid 6439] <... write resumed>) = 131072 [pid 6438] <... write resumed>) = 131072 [pid 6437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6434] <... futex resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], [pid 6437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6434] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] newfstatat(4, "", [pid 6440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6439] munmap(0x7fbb60600000, 138412032) = 0 [pid 6437] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6438] munmap(0x7fbb60600000, 138412032 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6440] memfd_create("syzkaller", 0 [pid 6439] <... openat resumed>) = 4 [pid 6438] <... munmap resumed>) = 0 [pid 6437] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] getdents64(4, [pid 6439] ioctl(4, LOOP_SET_FD, 3 [pid 6440] <... memfd_create resumed>) = 3 [pid 6438] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6437] <... mprotect resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6438] <... openat resumed>) = 4 [pid 6437] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] getdents64(4, [pid 6437] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6440] <... mmap resumed>) = 0x7fbb60600000 [pid 6438] ioctl(4, LOOP_SET_FD, 3 [pid 6437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] close(4 [pid 6440] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./56/file2" [pid 6440] <... write resumed>) = 131072 [pid 6439] <... ioctl resumed>) = 0 [pid 6438] <... ioctl resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6441 attached [pid 6440] munmap(0x7fbb60600000, 138412032 [pid 6439] close(3 [pid 6438] close(3 [pid 5821] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6441] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6439] <... close resumed>) = 0 [pid 6438] <... close resumed>) = 0 [pid 6437] <... clone3 resumed> => {parent_tid=[6441]}, 88) = 6441 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6441] <... rseq resumed>) = 0 [pid 6440] <... munmap resumed>) = 0 [pid 6439] close(4 [pid 6438] close(4 [pid 6441] set_robust_list(0x7fbb68bde9a0, 24 [pid 6440] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6437] rt_sigprocmask(SIG_SETMASK, [], [pid 6439] <... close resumed>) = 0 [pid 6441] <... set_robust_list resumed>) = 0 [pid 6438] <... close resumed>) = 0 [pid 6441] rt_sigprocmask(SIG_SETMASK, [], [pid 6440] <... openat resumed>) = 4 [pid 6438] mkdir("./file2", 0777 [pid 6437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6439] mkdir("./file2", 0777 [pid 5821] newfstatat(AT_FDCWD, "./56/binderfs", [pid 6441] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6438] <... mkdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6439] <... mkdir resumed>) = 0 [pid 5821] unlink("./56/binderfs" [pid 6440] ioctl(4, LOOP_SET_FD, 3 [pid 6439] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6438] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6437] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... unlink resumed>) = 0 [pid 6441] <... futex resumed>) = 0 [pid 6437] <... futex resumed>) = 1 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3 [pid 6441] memfd_create("syzkaller", 0 [pid 5821] <... close resumed>) = 0 [pid 6437] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] rmdir("./56") = 0 [pid 5821] mkdir("./57", 0777) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 6441] <... memfd_create resumed>) = 3 [pid 6441] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6441] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 6442 attached [pid 6442] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6441] <... write resumed>) = 131072 [pid 6442] chdir("./57" [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6442 [pid 6442] <... chdir resumed>) = 0 [pid 6442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6442] setpgid(0, 0) = 0 [ 116.338116][ T6439] loop0: detected capacity change from 0 to 256 [ 116.342852][ T6438] loop1: detected capacity change from 0 to 256 [ 116.365077][ T6440] loop4: detected capacity change from 0 to 256 [pid 6442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6442] write(3, "1000", 4) = 4 [pid 6442] close(3) = 0 [pid 6442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6441] munmap(0x7fbb60600000, 138412032 [pid 6440] <... ioctl resumed>) = 0 [pid 6440] close(3executing program [pid 6442] write(1, "executing program\n", 18 [pid 6441] <... munmap resumed>) = 0 [pid 6440] <... close resumed>) = 0 [pid 6440] close(4 [pid 6442] <... write resumed>) = 18 [pid 6442] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... close resumed>) = 0 [pid 6440] mkdir("./file2", 0777 [pid 6442] <... futex resumed>) = 0 [pid 6442] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6440] <... mkdir resumed>) = 0 [pid 6442] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6440] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6441] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6442] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6442] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6443]}, 88) = 6443 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6442] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6443 attached [pid 6443] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6443] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6443] memfd_create("syzkaller", 0) = 3 [pid 6443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6443] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6441] <... openat resumed>) = 4 [ 116.398251][ T6439] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.406135][ T6438] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.434158][ T6439] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6441] ioctl(4, LOOP_SET_FD, 3 [pid 6443] <... write resumed>) = 131072 [pid 6443] munmap(0x7fbb60600000, 138412032) = 0 [pid 6443] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6443] close(3 [pid 6438] <... mount resumed>) = 0 [pid 6441] <... ioctl resumed>) = 0 [pid 6439] <... mount resumed>) = 0 [pid 6438] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6441] close(3 [pid 6439] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6443] <... close resumed>) = 0 [pid 6439] <... openat resumed>) = 3 [pid 6443] close(4 [pid 6439] chdir("./file2" [pid 6443] <... close resumed>) = 0 [pid 6439] <... chdir resumed>) = 0 [pid 6443] mkdir("./file2", 0777 [pid 6439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6443] <... mkdir resumed>) = 0 [pid 6441] <... close resumed>) = 0 [pid 6439] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] close(4) = 0 [pid 6439] <... futex resumed>) = 1 [pid 6438] <... openat resumed>) = 3 [pid 6435] <... futex resumed>) = 0 [pid 6441] mkdir("./file2", 0777 [pid 6438] chdir("./file2" [pid 6435] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 116.452263][ T6438] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 116.463807][ T6441] loop2: detected capacity change from 0 to 256 [ 116.469082][ T6443] loop3: detected capacity change from 0 to 256 [ 116.477032][ T6440] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.491454][ T6440] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6439] mkdir("./file3", 0777 [pid 6441] <... mkdir resumed>) = 0 [pid 6435] <... futex resumed>) = 0 [pid 6438] <... chdir resumed>) = 0 [pid 6443] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6441] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6440] <... mount resumed>) = 0 [pid 6438] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6435] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6438] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6438] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... openat resumed>) = 3 [pid 6438] <... futex resumed>) = 1 [ 116.504195][ T6439] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.514473][ T6439] exFAT-fs (loop0): Filesystem has been set read-only [ 116.529618][ T6441] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6439] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6440] chdir("./file2" [pid 6438] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6436] <... futex resumed>) = 0 [pid 6439] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6440] <... chdir resumed>) = 0 [pid 6440] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6440] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6438] <... futex resumed>) = 0 [pid 6438] mkdir("./file3", 0777 [pid 6436] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] <... futex resumed>) = 1 [pid 6441] <... mount resumed>) = 0 [pid 6440] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6435] <... futex resumed>) = ? [pid 6439] +++ killed by SIGSEGV +++ [pid 6438] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6434] <... futex resumed>) = 0 [pid 6434] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... mount resumed>) = 0 [pid 6440] <... futex resumed>) = 0 [pid 6438] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6434] <... futex resumed>) = 1 [pid 6443] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6441] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6440] mkdir("./file3", 0777 [pid 6434] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] <... openat resumed>) = 3 [pid 6443] chdir("./file2") = 0 [ 116.549001][ T6443] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.549628][ T6441] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 116.568528][ T6438] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.572658][ T6443] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 116.580632][ T6438] exFAT-fs (loop1): Filesystem has been set read-only [pid 6443] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6436] <... futex resumed>) = ? [pid 6443] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6443] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6441] <... openat resumed>) = 3 [pid 6435] +++ killed by SIGSEGV +++ [pid 6443] <... futex resumed>) = 1 [pid 6442] <... futex resumed>) = 0 [pid 6441] chdir("./file2" [pid 6443] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6435, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6438] +++ killed by SIGSEGV +++ [pid 6436] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6436, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6442] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] <... chdir resumed>) = 0 [pid 6440] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... restart_syscall resumed>) = 0 [pid 6442] <... futex resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 6442] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6443] mkdir("./file3", 0777 [pid 6441] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6440] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6441] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] <... futex resumed>) = ? [pid 5819] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./53", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6441] <... futex resumed>) = 1 [pid 6437] <... futex resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6441] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6437] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6441] mkdir("./file3", 0777 [pid 6437] <... futex resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 6437] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] newfstatat(3, "", [pid 6440] +++ killed by SIGSEGV +++ [pid 6434] +++ killed by SIGSEGV +++ [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6434, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] getdents64(3, [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(3, "", [pid 5822] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 116.602530][ T6440] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.614466][ T6440] exFAT-fs (loop4): Filesystem has been set read-only [ 116.633409][ T6441] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 116.638092][ T6443] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5822] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6441] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... umount2 resumed>) = 0 [pid 6443] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6441] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... umount2 resumed>) = 0 [pid 5819] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = 0 [pid 6443] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6437] <... futex resumed>) = ? [pid 5822] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6441] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./56/file2", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./56/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(AT_FDCWD, "./53/file2", [pid 5822] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... openat resumed>) = 4 [pid 5819] <... openat resumed>) = 4 [pid 5818] umount2("./53/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5819] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6437] +++ killed by SIGSEGV +++ [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] openat(AT_FDCWD, "./53/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] getdents64(4, [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6437, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] getdents64(4, [pid 5818] <... openat resumed>) = 4 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5818] newfstatat(4, "", [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 5818] getdents64(4, [pid 5822] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 5822] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5822] <... close resumed>) = 0 [pid 5819] rmdir("./56/file2" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] rmdir("./56/file2" [pid 5818] close(4) = 0 [pid 5818] rmdir("./53/file2" [pid 6442] <... futex resumed>) = ? [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6443] +++ killed by SIGSEGV +++ [pid 5822] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 [pid 6442] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./56/binderfs", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./56/binderfs", [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6442, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5820] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./53/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] unlink("./56/binderfs" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... unlink resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./53/binderfs", [pid 5822] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 116.642921][ T6441] exFAT-fs (loop2): Filesystem has been set read-only [ 116.657801][ T6443] exFAT-fs (loop3): Filesystem has been set read-only [pid 5818] unlink("./53/binderfs" [pid 5822] close(3 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5819] unlink("./56/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 5822] <... close resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./56" [pid 5818] getdents64(3, [pid 5822] rmdir("./56" [pid 5821] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] mkdir("./57", 0777 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] close(3 [pid 5821] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5821] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5818] rmdir("./53" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] mkdir("./57", 0777 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... rmdir resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... close resumed>) = 0 [pid 5820] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./55/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6444 attached [pid 5821] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] mkdir("./54", 0777 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5820] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6444 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./55/file2") = 0 [pid 5821] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6444] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... ioctl resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./57/file2", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./55/binderfs", [pid 6444] <... set_robust_list resumed>) = 0 [pid 5822] close(3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6444] chdir("./57" [pid 5821] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] unlink("./55/binderfs" [pid 5821] newfstatat(4, "", [pid 5820] <... unlink resumed>) = 0 [pid 6444] <... chdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5821] getdents64(4, [pid 5818] <... ioctl resumed>) = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] getdents64(3, [pid 5818] close(3 [pid 6444] <... prctl resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6444] setpgid(0, 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6444] <... setpgid resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 5821] close(4 [pid 5820] <... close resumed>) = 0 [pid 6444] <... openat resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 5820] rmdir("./55" [pid 6444] write(3, "1000", 4./strace-static-x86_64: Process 6445 attached ) = 4 [pid 5821] rmdir("./57/file2" [pid 5820] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6446 attached [pid 6444] close(3 [pid 5821] <... rmdir resumed>) = 0 [pid 6444] <... close resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6445 executing program [pid 6446] set_robust_list(0x55555eedf6a0, 24 [pid 6445] set_robust_list(0x55555eedf6a0, 24 [pid 6444] symlink("/dev/binderfs", "./binderfs" [pid 5820] mkdir("./56", 0777 [pid 6444] <... symlink resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 6444] write(1, "executing program\n", 18 [pid 6446] <... set_robust_list resumed>) = 0 [pid 6444] <... write resumed>) = 18 [pid 6446] chdir("./54" [pid 6445] <... set_robust_list resumed>) = 0 [pid 6444] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6446 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] newfstatat(AT_FDCWD, "./57/binderfs", [pid 5820] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] unlink("./57/binderfs" [pid 5820] close(3 [pid 6446] <... chdir resumed>) = 0 [pid 6445] chdir("./57" [pid 6444] <... futex resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6446] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6445] <... chdir resumed>) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] getdents64(3, [pid 6446] <... prctl resumed>) = 0 [pid 6445] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6444] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6446] setpgid(0, 0 [pid 6445] <... prctl resumed>) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6446] <... setpgid resumed>) = 0 [pid 6445] setpgid(0, 0 [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6445] <... setpgid resumed>) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] close(3) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6447 [pid 6445] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6444] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] rmdir("./57"./strace-static-x86_64: Process 6447 attached [pid 6446] <... openat resumed>) = 3 [pid 6445] <... openat resumed>) = 3 [pid 6444] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... rmdir resumed>) = 0 [pid 5821] mkdir("./58", 0777 [pid 6447] set_robust_list(0x55555eedf6a0, 24 [pid 6445] write(3, "1000", 4 [pid 6444] <... mprotect resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 6447] <... set_robust_list resumed>) = 0 [pid 6446] write(3, "1000", 4 [pid 6445] <... write resumed>) = 4 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6446] <... write resumed>) = 4 [pid 6445] close(3 [pid 6447] chdir("./56" [pid 6446] close(3 [pid 6445] <... close resumed>) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6447] <... chdir resumed>) = 0 [pid 6446] <... close resumed>) = 0 [pid 6445] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6448 attached ) = 0 [pid 5821] close(3executing program executing program executing program ) = 0 [pid 6448] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6447] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6446] symlink("/dev/binderfs", "./binderfs" [pid 6445] <... symlink resumed>) = 0 [pid 6444] <... clone3 resumed> => {parent_tid=[6448]}, 88) = 6448 [pid 6447] <... prctl resumed>) = 0 [pid 6446] <... symlink resumed>) = 0 [pid 6445] write(1, "executing program\n", 18 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6447] setpgid(0, 0 [pid 6446] write(1, "executing program\n", 18 [pid 6445] <... write resumed>) = 18 [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6447] <... setpgid resumed>) = 0 [pid 6446] <... write resumed>) = 18 [pid 6445] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6446] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = 0 [pid 6444] <... futex resumed>) = 0 [pid 6447] <... openat resumed>) = 3 [pid 6446] <... futex resumed>) = 0 [pid 6445] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6444] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6447] write(3, "1000", 4 [pid 6446] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6445] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6447] <... write resumed>) = 4 [pid 6446] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6445] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6447] close(3 [pid 6446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6447] <... close resumed>) = 0 [pid 6446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6447] symlink("/dev/binderfs", "./binderfs" [pid 6446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6445] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6447] <... symlink resumed>) = 0 [pid 6446] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6445] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6447] write(1, "executing program\n", 18 [pid 6446] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6445] <... mprotect resumed>) = 0 [pid 6447] <... write resumed>) = 18 [pid 6446] <... mprotect resumed>) = 0 [pid 6445] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6448] <... rseq resumed>) = 0 [pid 6447] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6445] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6448] set_robust_list(0x7fbb68bde9a0, 24 [pid 6447] <... futex resumed>) = 0 [pid 6446] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6449 attached [pid 6447] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6451 attached ./strace-static-x86_64: Process 6450 attached [pid 6449] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6448] <... set_robust_list resumed>) = 0 [pid 6447] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6445] <... clone3 resumed> => {parent_tid=[6449]}, 88) = 6449 [pid 6451] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6449] <... rseq resumed>) = 0 [pid 6447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6446] <... clone3 resumed> => {parent_tid=[6451]}, 88) = 6451 [pid 6445] rt_sigprocmask(SIG_SETMASK, [], [pid 6451] <... rseq resumed>) = 0 [pid 6449] set_robust_list(0x7fbb68bde9a0, 24 [pid 6447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] rt_sigprocmask(SIG_SETMASK, [], [pid 6445] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6451] set_robust_list(0x7fbb68bde9a0, 24 [pid 6450] set_robust_list(0x55555eedf6a0, 24 [pid 6449] <... set_robust_list resumed>) = 0 [pid 6448] rt_sigprocmask(SIG_SETMASK, [], [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6446] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6445] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6450 [pid 6451] <... set_robust_list resumed>) = 0 [pid 6450] <... set_robust_list resumed>) = 0 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], [pid 6448] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6447] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6446] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = 0 [pid 6451] rt_sigprocmask(SIG_SETMASK, [], [pid 6449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6448] memfd_create("syzkaller", 0 [pid 6447] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6446] <... futex resumed>) = 0 [pid 6445] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6450] chdir("./58" [pid 6449] memfd_create("syzkaller", 0 [pid 6448] <... memfd_create resumed>) = 3 [pid 6447] <... mprotect resumed>) = 0 [pid 6446] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] memfd_create("syzkaller", 0 [pid 6450] <... chdir resumed>) = 0 [pid 6449] <... memfd_create resumed>) = 3 [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6451] <... memfd_create resumed>) = 3 [pid 6450] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6449] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6448] <... mmap resumed>) = 0x7fbb60600000 [pid 6447] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6450] <... prctl resumed>) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6452 attached => {parent_tid=[6452]}, 88) = 6452 [pid 6452] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6449] <... mmap resumed>) = 0x7fbb60600000 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], [pid 6452] <... rseq resumed>) = 0 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6450] setpgid(0, 0 [pid 6449] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6448] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6450] <... setpgid resumed>) = 0 [pid 6452] set_robust_list(0x7fbb68bde9a0, 24 [pid 6451] <... mmap resumed>) = 0x7fbb60600000 [pid 6450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6447] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] <... set_robust_list resumed>) = 0 [pid 6447] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6451] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6452] memfd_create("syzkaller", 0) = 3 [pid 6449] <... write resumed>) = 131072 [pid 6448] <... write resumed>) = 131072 [pid 6452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6452] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6450] <... openat resumed>) = 3 [pid 6448] munmap(0x7fbb60600000, 138412032 [pid 6451] <... write resumed>) = 131072 [pid 6450] write(3, "1000", 4 [pid 6449] munmap(0x7fbb60600000, 138412032 [pid 6448] <... munmap resumed>) = 0 [pid 6450] <... write resumed>) = 4 [pid 6448] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6450] close(3) = 0 [pid 6448] <... openat resumed>) = 4 [pid 6452] <... write resumed>) = 131072 [pid 6449] <... munmap resumed>) = 0 [pid 6451] munmap(0x7fbb60600000, 138412032 [pid 6452] munmap(0x7fbb60600000, 138412032 [pid 6451] <... munmap resumed>) = 0 [pid 6450] symlink("/dev/binderfs", "./binderfs" [pid 6448] ioctl(4, LOOP_SET_FD, 3 [pid 6449] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6449] ioctl(4, LOOP_SET_FD, 3 [pid 6451] <... openat resumed>) = 4 [pid 6451] ioctl(4, LOOP_SET_FD, 3 [pid 6450] <... symlink resumed>) = 0 [pid 6449] <... ioctl resumed>) = 0 [pid 6449] close(3) = 0 [pid 6449] close(4) = 0 [pid 6449] mkdir("./file2", 0777) = 0 executing program [pid 6452] <... munmap resumed>) = 0 [pid 6451] <... ioctl resumed>) = 0 [pid 6450] write(1, "executing program\n", 18 [pid 6448] <... ioctl resumed>) = 0 [pid 6450] <... write resumed>) = 18 [pid 6450] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6449] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6450] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6452] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6450] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6450] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6451] close(3 [pid 6450] <... mprotect resumed>) = 0 [pid 6448] close(3 [pid 6452] <... openat resumed>) = 4 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6452] ioctl(4, LOOP_SET_FD, 3 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6453 attached [pid 6451] <... close resumed>) = 0 [pid 6448] <... close resumed>) = 0 [pid 6453] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6450] <... clone3 resumed> => {parent_tid=[6453]}, 88) = 6453 [pid 6453] <... rseq resumed>) = 0 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], [pid 6453] set_robust_list(0x7fbb68bde9a0, 24 [pid 6450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6453] <... set_robust_list resumed>) = 0 [pid 6450] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6450] <... futex resumed>) = 0 [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 116.890025][ T6449] loop4: detected capacity change from 0 to 256 [ 116.891832][ T6448] loop1: detected capacity change from 0 to 256 [ 116.897749][ T6451] loop0: detected capacity change from 0 to 256 [ 116.928759][ T6452] loop2: detected capacity change from 0 to 256 [pid 6450] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6453] memfd_create("syzkaller", 0 [pid 6452] <... ioctl resumed>) = 0 [pid 6451] close(4 [pid 6448] close(4 [pid 6453] <... memfd_create resumed>) = 3 [pid 6451] <... close resumed>) = 0 [pid 6448] <... close resumed>) = 0 [pid 6453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6452] close(3 [pid 6451] mkdir("./file2", 0777 [pid 6448] mkdir("./file2", 0777 [pid 6453] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6452] <... close resumed>) = 0 [pid 6451] <... mkdir resumed>) = 0 [pid 6448] <... mkdir resumed>) = 0 [pid 6453] <... write resumed>) = 131072 [pid 6453] munmap(0x7fbb60600000, 138412032) = 0 [pid 6452] close(4 [pid 6451] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6448] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6453] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6452] <... close resumed>) = 0 [pid 6449] <... mount resumed>) = 0 [pid 6453] <... openat resumed>) = 4 [pid 6452] mkdir("./file2", 0777 [pid 6449] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6453] ioctl(4, LOOP_SET_FD, 3 [pid 6449] <... openat resumed>) = 3 [ 116.952493][ T6449] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.972115][ T6449] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6452] <... mkdir resumed>) = 0 [pid 6449] chdir("./file2" [pid 6452] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6449] <... chdir resumed>) = 0 [pid 6449] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6449] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6449] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6445] <... futex resumed>) = 0 [ 116.997392][ T6448] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 116.998272][ T6451] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.010867][ T6453] loop3: detected capacity change from 0 to 256 [ 117.040016][ T6448] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6445] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6449] <... futex resumed>) = 0 [pid 6445] <... futex resumed>) = 1 [pid 6453] <... ioctl resumed>) = 0 [pid 6449] mkdir("./file3", 0777 [pid 6445] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6453] close(3) = 0 [pid 6453] close(4) = 0 [pid 6453] mkdir("./file2", 0777) = 0 [pid 6453] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6451] <... mount resumed>) = 0 [pid 6448] <... mount resumed>) = 0 [pid 6448] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6448] chdir("./file2") = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6448] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6444] <... futex resumed>) = 1 [pid 6448] mkdir("./file3", 0777 [ 117.049744][ T6451] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 117.062215][ T6449] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.073669][ T6452] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.075472][ T6449] exFAT-fs (loop4): Filesystem has been set read-only [ 117.093997][ T6452] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6444] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6449] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6451] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6445] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6445] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6445] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6445] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6445] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6454]}, 88) = 6454 [pid 6445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6445] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... openat resumed>) = 3 [pid 6449] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6451] chdir("./file2") = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6451] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6451] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6446] <... futex resumed>) = 0 [pid 6446] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] <... futex resumed>) = 0 [pid 6446] <... futex resumed>) = 1 [pid 6451] mkdir("./file3", 0777 [pid 6446] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6454 attached [pid 6445] <... futex resumed>) = ? [pid 6454] +++ killed by SIGSEGV +++ [pid 6452] <... mount resumed>) = 0 [pid 6452] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6449] +++ killed by SIGSEGV +++ [pid 6445] +++ killed by SIGSEGV +++ [pid 6452] <... openat resumed>) = 3 [pid 6452] chdir("./file2" [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6445, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6452] <... chdir resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [ 117.101927][ T6448] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.109863][ T6453] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.125930][ T6448] exFAT-fs (loop1): Filesystem has been set read-only [ 117.136003][ T6453] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6452] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6453] <... mount resumed>) = 0 [pid 6452] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6448] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6453] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6452] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6444] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... restart_syscall resumed>) = 0 [pid 6453] <... openat resumed>) = 3 [pid 6452] <... futex resumed>) = 1 [pid 6453] chdir("./file2" [pid 6452] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] <... chdir resumed>) = 0 [pid 6453] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6447] <... futex resumed>) = 0 [pid 6453] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6453] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6453] <... futex resumed>) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6453] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6450] <... futex resumed>) = 1 [pid 6453] mkdir("./file3", 0777 [pid 6450] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6452] <... futex resumed>) = 0 [pid 6451] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6448] +++ killed by SIGSEGV +++ [pid 6447] <... futex resumed>) = 1 [pid 6444] +++ killed by SIGSEGV +++ [pid 5822] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6452] mkdir("./file3", 0777 [pid 6451] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6447] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... openat resumed>) = 3 [pid 6446] <... futex resumed>) = ? [pid 5822] newfstatat(3, "", [pid 6452] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6451] +++ killed by SIGSEGV +++ [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6444, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6452] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(3, [pid 6447] <... futex resumed>) = ? [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6446] +++ killed by SIGSEGV +++ [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6446, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5818] umount2("./54", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6453] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6452] +++ killed by SIGSEGV +++ [pid 6447] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(3, "", [pid 6453] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 6450] <... futex resumed>) = ? [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6453] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6447, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] newfstatat(3, "", [pid 5818] getdents64(3, [pid 5822] newfstatat(AT_FDCWD, "./57/file2", [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6450] +++ killed by SIGSEGV +++ [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] getdents64(3, [pid 5818] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6450, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./57/file2", [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(AT_FDCWD, "./54/file2", [pid 5822] getdents64(4, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./54/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] close(4 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] rmdir("./57/file2" [pid 5821] newfstatat(3, "", [pid 5820] newfstatat(3, "", [pid 5818] openat(AT_FDCWD, "./54/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... openat resumed>) = 4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(4, "", [pid 5818] <... openat resumed>) = 4 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(4, [pid 5818] newfstatat(4, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./57/file2" [pid 5822] newfstatat(AT_FDCWD, "./57/binderfs", [pid 5821] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 117.136475][ T6451] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.155179][ T6451] exFAT-fs (loop0): Filesystem has been set read-only [ 117.166688][ T6453] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.177364][ T6453] exFAT-fs (loop3): Filesystem has been set read-only [ 117.184191][ T6452] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.184219][ T6452] exFAT-fs (loop2): Filesystem has been set read-only [pid 5818] getdents64(4, [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] unlink("./57/binderfs" [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, [pid 5822] <... unlink resumed>) = 0 [pid 5821] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(3, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./57/binderfs", [pid 5818] close(4 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] newfstatat(AT_FDCWD, "./58/file2", [pid 5820] newfstatat(AT_FDCWD, "./56/file2", [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... close resumed>) = 0 [pid 5822] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./57/binderfs" [pid 5818] rmdir("./54/file2" [pid 5822] <... close resumed>) = 0 [pid 5821] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... unlink resumed>) = 0 [pid 5822] rmdir("./57" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [pid 5818] <... rmdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./54/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... rmdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] close(3 [pid 5818] newfstatat(AT_FDCWD, "./54/binderfs", [pid 5820] <... openat resumed>) = 4 [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(4, "", [pid 5822] mkdir("./58", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] rmdir("./57" [pid 5818] unlink("./54/binderfs" [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5820] getdents64(4, [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] newfstatat(4, "", [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... openat resumed>) = 3 [pid 5818] <... unlink resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] getdents64(3, [pid 5819] mkdir("./58", 0777 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] getdents64(4, [pid 5820] getdents64(4, [pid 5819] <... mkdir resumed>) = 0 [pid 5818] close(3 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] close(4 [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./54") = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5822] <... close resumed>) = 0 [pid 5821] getdents64(4, [pid 5820] <... close resumed>) = 0 [pid 5818] mkdir("./55", 0777 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] rmdir("./56/file2" [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5821] close(4 [pid 5820] <... rmdir resumed>) = 0 [pid 5821] <... close resumed>) = 0 ./strace-static-x86_64: Process 6455 attached [pid 5821] rmdir("./58/file2" [pid 5820] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(3 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6455] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] newfstatat(AT_FDCWD, "./56/binderfs", [pid 5819] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6455 [pid 5821] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6455] chdir("./58" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] unlink("./56/binderfs" [pid 5818] close(3 [pid 6455] <... chdir resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./58/binderfs", [pid 6455] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6456 attached [pid 6455] setpgid(0, 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 6456] set_robust_list(0x55555eedf6a0, 24 [pid 6455] <... setpgid resumed>) = 0 [pid 5821] unlink("./58/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6456 [pid 5821] close(3) = 0 [pid 5820] close(3 [pid 5821] rmdir("./58" [pid 5820] <... close resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] rmdir("./56") = 0 [pid 5821] mkdir("./59", 0777 [pid 5820] mkdir("./57", 0777 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6455] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6456] <... set_robust_list resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 6456] chdir("./58" [pid 6455] <... openat resumed>) = 3 [pid 5821] close(3 [pid 5820] close(3./strace-static-x86_64: Process 6457 attached [pid 6456] <... chdir resumed>) = 0 [pid 6455] write(3, "1000", 4 [pid 6457] set_robust_list(0x55555eedf6a0, 24 [pid 6456] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6455] <... write resumed>) = 4 [pid 5821] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6457 [pid 6457] <... set_robust_list resumed>) = 0 [pid 6456] <... prctl resumed>) = 0 [pid 6455] close(3 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6456] setpgid(0, 0 [pid 6455] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6458 attached [pid 6457] chdir("./55" [pid 6456] <... setpgid resumed>) = 0 [pid 6455] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6459 attached [pid 6458] set_robust_list(0x55555eedf6a0, 24 [pid 6457] <... chdir resumed>) = 0 executing program executing program executing program [pid 6456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6455] <... symlink resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6458 [pid 6459] set_robust_list(0x55555eedf6a0, 24 [pid 6457] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6456] <... openat resumed>) = 3 [pid 6455] write(1, "executing program\n", 18 [pid 6459] <... set_robust_list resumed>) = 0 [pid 6457] <... prctl resumed>) = 0 [pid 6456] write(3, "1000", 4 [pid 6455] <... write resumed>) = 18 [pid 6459] chdir("./57" [pid 6457] setpgid(0, 0 [pid 6456] <... write resumed>) = 4 [pid 6455] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... chdir resumed>) = 0 [pid 6457] <... setpgid resumed>) = 0 [pid 6456] close(3 [pid 6455] <... futex resumed>) = 0 [pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6457] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6456] <... close resumed>) = 0 [pid 6455] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6459] <... prctl resumed>) = 0 [pid 6457] <... openat resumed>) = 3 [pid 6456] symlink("/dev/binderfs", "./binderfs" [pid 6455] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6459] setpgid(0, 0 [pid 6457] write(3, "1000", 4 [pid 6456] <... symlink resumed>) = 0 [pid 6455] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6459] <... setpgid resumed>) = 0 [pid 6457] <... write resumed>) = 4 [pid 6456] write(1, "executing program\n", 18 [pid 6455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6457] close(3 [pid 6456] <... write resumed>) = 18 [pid 6455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6459] <... openat resumed>) = 3 [pid 6457] <... close resumed>) = 0 [pid 6456] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6455] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6459] write(3, "1000", 4 [pid 6457] symlink("/dev/binderfs", "./binderfs" [pid 6456] <... futex resumed>) = 0 [pid 6455] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6459] <... write resumed>) = 4 [pid 6457] <... symlink resumed>) = 0 [pid 6456] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6455] <... mprotect resumed>) = 0 [pid 6459] close(3 [pid 6457] write(1, "executing program\n", 18 [pid 6456] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6455] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6459] <... close resumed>) = 0 [pid 6457] <... write resumed>) = 18 [pid 6456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6455] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6459] symlink("/dev/binderfs", "./binderfs" [pid 6457] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6455] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6460 attached [pid 6459] <... symlink resumed>) = 0 [pid 6457] <... futex resumed>) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6460] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6459] write(1, "executing program\n", 18 executing program [pid 6457] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6456] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6455] <... clone3 resumed> => {parent_tid=[6460]}, 88) = 6460 [pid 6460] <... rseq resumed>) = 0 [pid 6459] <... write resumed>) = 18 [pid 6457] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6456] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6455] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] set_robust_list(0x7fbb68bde9a0, 24 [pid 6459] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... set_robust_list resumed>) = 0 [pid 6457] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6456] <... mprotect resumed>) = 0 [pid 6455] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6459 [pid 6460] <... set_robust_list resumed>) = 0 [pid 6459] <... futex resumed>) = 0 [pid 6457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6455] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] rt_sigprocmask(SIG_SETMASK, [], [pid 6459] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6457] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6455] <... futex resumed>) = 0 [pid 6460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6459] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6457] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6456] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6455] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] memfd_create("syzkaller", 0 [pid 6459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6457] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6460] <... memfd_create resumed>) = 3 [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6457] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6461 attached [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6458] chdir("./59" [pid 6457] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6460] <... mmap resumed>) = 0x7fbb60600000 [pid 6459] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6458] <... chdir resumed>) = 0 [pid 6457] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6461] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6460] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6458] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6457] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6461] <... rseq resumed>) = 0 [pid 6459] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6458] <... prctl resumed>) = 0 [pid 6456] <... clone3 resumed> => {parent_tid=[6461]}, 88) = 6461 [pid 6461] set_robust_list(0x7fbb68bde9a0, 24 [pid 6458] setpgid(0, 0 [pid 6461] <... set_robust_list resumed>) = 0 [pid 6458] <... setpgid resumed>) = 0 [pid 6461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6462 attached [pid 6461] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6460] <... write resumed>) = 131072 [pid 6459] <... mprotect resumed>) = 0 [pid 6458] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6456] rt_sigprocmask(SIG_SETMASK, [], [pid 6462] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6458] <... openat resumed>) = 3 [pid 6462] <... rseq resumed>) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6458] write(3, "1000", 4 [pid 6457] <... clone3 resumed> => {parent_tid=[6462]}, 88) = 6462 [pid 6456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] <... write resumed>) = 4 [pid 6458] close(3 [pid 6462] set_robust_list(0x7fbb68bde9a0, 24 [pid 6460] munmap(0x7fbb60600000, 138412032 [pid 6459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6458] <... close resumed>) = 0 [pid 6457] rt_sigprocmask(SIG_SETMASK, [], [pid 6456] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] symlink("/dev/binderfs", "./binderfs" [pid 6461] <... futex resumed>) = 0 [pid 6460] <... munmap resumed>) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6458] <... symlink resumed>) = 0 [pid 6457] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6456] <... futex resumed>) = 1 executing program [pid 6462] <... set_robust_list resumed>) = 0 [pid 6461] memfd_create("syzkaller", 0 [pid 6458] write(1, "executing program\n", 18 [pid 6457] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6463 attached [pid 6462] rt_sigprocmask(SIG_SETMASK, [], [pid 6461] <... memfd_create resumed>) = 3 [pid 6458] <... write resumed>) = 18 [pid 6457] <... futex resumed>) = 0 [pid 6463] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6461] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6458] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6462] memfd_create("syzkaller", 0 [pid 6461] <... mmap resumed>) = 0x7fbb60600000 [pid 6460] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6458] <... futex resumed>) = 0 [pid 6462] <... memfd_create resumed>) = 3 [pid 6460] <... openat resumed>) = 4 [pid 6459] <... clone3 resumed> => {parent_tid=[6463]}, 88) = 6463 [pid 6462] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6460] ioctl(4, LOOP_SET_FD, 3 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6463] <... rseq resumed>) = 0 [pid 6462] <... mmap resumed>) = 0x7fbb60600000 [pid 6461] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6458] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6463] set_robust_list(0x7fbb68bde9a0, 24 [pid 6458] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6458] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6463] <... set_robust_list resumed>) = 0 [pid 6462] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6461] <... write resumed>) = 131072 [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6463] rt_sigprocmask(SIG_SETMASK, [], [pid 6458] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6463] memfd_create("syzkaller", 0 [pid 6459] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6463] <... memfd_create resumed>) = 3 [pid 6463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6459] <... futex resumed>) = 0 [pid 6463] <... mmap resumed>) = 0x7fbb60600000 [pid 6459] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6462] <... write resumed>) = 131072 [pid 6461] munmap(0x7fbb60600000, 138412032 [pid 6458] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6460] <... ioctl resumed>) = 0 [pid 6458] <... mprotect resumed>) = 0 [pid 6462] munmap(0x7fbb60600000, 138412032 [pid 6461] <... munmap resumed>) = 0 [pid 6458] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6463] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6462] <... munmap resumed>) = 0 [pid 6460] close(3) = 0 [pid 6460] close(4) = 0 [pid 6460] mkdir("./file2", 0777) = 0 [pid 6458] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6462] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6458] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6462] <... openat resumed>) = 4 [pid 6460] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6463] <... write resumed>) = 131072 [pid 6462] ioctl(4, LOOP_SET_FD, 3 [ 117.405139][ T6460] loop4: detected capacity change from 0 to 256 [ 117.435986][ T6462] loop0: detected capacity change from 0 to 256 [pid 6461] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6463] munmap(0x7fbb60600000, 138412032 [pid 6461] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6464 attached [pid 6463] <... munmap resumed>) = 0 [pid 6461] ioctl(4, LOOP_SET_FD, 3 [pid 6458] <... clone3 resumed> => {parent_tid=[6464]}, 88) = 6464 [pid 6464] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6458] rt_sigprocmask(SIG_SETMASK, [], [pid 6464] <... rseq resumed>) = 0 [pid 6464] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6464] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... ioctl resumed>) = 0 [pid 6463] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6461] <... ioctl resumed>) = 0 [pid 6458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6462] close(3) = 0 [pid 6462] close(4 [pid 6458] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... close resumed>) = 0 [pid 6458] <... futex resumed>) = 1 [pid 6463] <... openat resumed>) = 4 [pid 6462] mkdir("./file2", 0777) = 0 [pid 6458] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6463] ioctl(4, LOOP_SET_FD, 3 [ 117.448397][ T6460] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.470870][ T6461] loop1: detected capacity change from 0 to 256 [ 117.471873][ T6460] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 117.492284][ T6463] loop2: detected capacity change from 0 to 256 [pid 6462] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6464] <... futex resumed>) = 0 [pid 6464] memfd_create("syzkaller", 0) = 3 [pid 6464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6464] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6463] <... ioctl resumed>) = 0 [pid 6461] close(3 [pid 6460] <... mount resumed>) = 0 [pid 6464] <... write resumed>) = 131072 [pid 6463] close(3 [pid 6461] <... close resumed>) = 0 [pid 6463] <... close resumed>) = 0 [pid 6461] close(4 [pid 6463] close(4 [pid 6461] <... close resumed>) = 0 [pid 6463] <... close resumed>) = 0 [pid 6461] mkdir("./file2", 0777 [pid 6464] munmap(0x7fbb60600000, 138412032) = 0 [pid 6463] mkdir("./file2", 0777 [pid 6464] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6460] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6464] ioctl(4, LOOP_SET_FD, 3 [pid 6463] <... mkdir resumed>) = 0 [pid 6461] <... mkdir resumed>) = 0 [pid 6460] chdir("./file2") = 0 [pid 6463] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6460] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6460] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6455] <... futex resumed>) = 0 [pid 6455] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6460] <... futex resumed>) = 0 [pid 6460] mkdir("./file3", 0777 [pid 6461] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6455] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] <... ioctl resumed>) = 0 [pid 6464] close(3) = 0 [pid 6464] close(4) = 0 [pid 6464] mkdir("./file2", 0777) = 0 [ 117.506297][ T6462] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.525022][ T6464] loop3: detected capacity change from 0 to 256 [ 117.536801][ T6460] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6464] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6455] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6455] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6455] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6460] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6455] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6455] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6460] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6455] <... mprotect resumed>) = ? [ 117.566665][ T6464] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.581625][ T6462] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 117.585904][ T6460] exFAT-fs (loop4): Filesystem has been set read-only [ 117.604774][ T6463] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6464] <... mount resumed>) = 0 [pid 6462] <... mount resumed>) = 0 [pid 6464] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6462] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6464] <... openat resumed>) = 3 [pid 6462] <... openat resumed>) = 3 [pid 6464] chdir("./file2" [pid 6462] chdir("./file2" [pid 6464] <... chdir resumed>) = 0 [pid 6462] <... chdir resumed>) = 0 [pid 6464] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6462] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6460] +++ killed by SIGSEGV +++ [pid 6455] +++ killed by SIGSEGV +++ [pid 6464] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6455, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6464] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6464] <... futex resumed>) = 1 [pid 6464] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6458] <... futex resumed>) = 0 [pid 6462] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... mount resumed>) = 0 [pid 6458] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... restart_syscall resumed>) = 0 [pid 6462] <... futex resumed>) = 1 [pid 6457] <... futex resumed>) = 0 [pid 6463] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6464] <... futex resumed>) = 0 [pid 6457] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] mkdir("./file3", 0777 [pid 6457] <... futex resumed>) = 0 [pid 6461] <... mount resumed>) = 0 [pid 6461] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6461] chdir("./file2") = 0 [pid 6461] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6457] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6461] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [ 117.605765][ T6464] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 117.617768][ T6463] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 117.632036][ T6461] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 117.652353][ T6461] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6456] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6463] <... openat resumed>) = 3 [pid 6462] mkdir("./file3", 0777 [pid 6461] <... futex resumed>) = 0 [pid 6458] <... futex resumed>) = 1 [pid 6456] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] chdir("./file2" [pid 6461] mkdir("./file3", 0777 [pid 6464] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6458] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... chdir resumed>) = 0 [pid 5822] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", [pid 6463] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6463] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] getdents64(3, [pid 6463] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6463] <... futex resumed>) = 1 [pid 5822] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6463] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6464] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6461] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6459] <... futex resumed>) = 0 [pid 6462] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6461] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6459] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] <... futex resumed>) = ? [pid 6457] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... umount2 resumed>) = 0 [pid 6464] +++ killed by SIGSEGV +++ [pid 6457] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6456] <... futex resumed>) = ? [pid 5822] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6462] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6459] <... futex resumed>) = 1 [pid 6458] +++ killed by SIGSEGV +++ [pid 6457] <... futex resumed>) = 0 [pid 6463] <... futex resumed>) = 0 [pid 6459] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6461] +++ killed by SIGSEGV +++ [pid 6456] +++ killed by SIGSEGV +++ [pid 6462] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6458, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6463] mkdir("./file3", 0777 [pid 5822] newfstatat(AT_FDCWD, "./58/file2", [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6456, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 117.665900][ T6464] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.675413][ T6464] exFAT-fs (loop3): Filesystem has been set read-only [ 117.680708][ T6461] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.683803][ T6462] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.697403][ T6461] exFAT-fs (loop1): Filesystem has been set read-only [ 117.701307][ T6462] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(3, "", [pid 5822] getdents64(4, [pid 5821] newfstatat(3, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(3, [pid 6457] +++ killed by SIGSEGV +++ [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, [pid 5821] getdents64(3, [pid 6463] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... umount2 resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6457, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6463] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... restart_syscall resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] newfstatat(AT_FDCWD, "./58/file2", [pid 6459] <... futex resumed>) = ? [pid 5822] <... close resumed>) = 0 [pid 5821] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6463] +++ killed by SIGSEGV +++ [pid 5822] rmdir("./58/file2" [pid 5819] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./55", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(4, "", [pid 6459] +++ killed by SIGSEGV +++ [pid 5822] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6459, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] getdents64(4, [pid 5822] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] getdents64(4, [pid 5821] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(3, "", [pid 5822] unlink("./58/binderfs" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(4 [pid 5822] <... unlink resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./59/file2", [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./58/file2" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, [pid 5822] close(3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... close resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5822] rmdir("./58" [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5820] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] rmdir("./59/file2" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] mkdir("./59", 0777 [pid 5820] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./55/file2", [pid 5820] newfstatat(3, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] umount2("./55/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(3, [pid 5819] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] openat(AT_FDCWD, "./55/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] unlink("./58/binderfs" [pid 5821] unlink("./59/binderfs" [pid 5818] <... openat resumed>) = 4 [pid 5821] <... unlink resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 5819] getdents64(3, [pid 5821] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] getdents64(4, [pid 5820] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] close(3 [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5821] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] rmdir("./58" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] rmdir("./59" [pid 5820] newfstatat(AT_FDCWD, "./57/file2", [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] close(4 [pid 5819] mkdir("./59", 0777 [pid 5821] mkdir("./60", 0777 [ 117.733585][ T6463] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 117.747626][ T6463] exFAT-fs (loop2): Filesystem has been set read-only [pid 5818] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] rmdir("./55/file2") = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5818] umount2("./55/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] getdents64(4, [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] close(3 [pid 5818] newfstatat(AT_FDCWD, "./55/binderfs", [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] close(4) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] unlink("./55/binderfs" [pid 5820] rmdir("./57/file2") = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... unlink resumed>) = 0 [pid 5818] getdents64(3, [pid 5820] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3./strace-static-x86_64: Process 6465 attached [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] newfstatat(AT_FDCWD, "./57/binderfs", [pid 5819] close(3 [pid 5818] <... close resumed>) = 0 [pid 6465] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6465 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./55" [pid 5820] unlink("./57/binderfs") = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6465] <... set_robust_list resumed>) = 0 [pid 5820] getdents64(3, [pid 5818] mkdir("./56", 0777 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6465] chdir("./59" [pid 5820] <... close resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5820] rmdir("./57"./strace-static-x86_64: Process 6467 attached ./strace-static-x86_64: Process 6466 attached [pid 6467] set_robust_list(0x55555eedf6a0, 24 [pid 6465] <... chdir resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6467 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6467] <... set_robust_list resumed>) = 0 [pid 6466] set_robust_list(0x55555eedf6a0, 24 [pid 6465] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] mkdir("./58", 0777 [pid 6466] <... set_robust_list resumed>) = 0 [pid 6465] <... prctl resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6467] chdir("./60" [pid 6466] chdir("./59" [pid 6465] setpgid(0, 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6466 [pid 6466] <... chdir resumed>) = 0 [pid 6467] <... chdir resumed>) = 0 [pid 6465] <... setpgid resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6466] setpgid(0, 0) = 0 [pid 6466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6466] write(3, "1000", 4) = 4 [pid 5818] <... ioctl resumed>) = 0 [pid 6466] close(3 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6467] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6466] <... close resumed>) = 0 [pid 6465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] close(3 [pid 6467] <... prctl resumed>) = 0 [pid 6466] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... openat resumed>) = 3 [pid 6467] setpgid(0, 0 [pid 6466] <... symlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6467] <... setpgid resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FDexecuting program [pid 6466] write(1, "executing program\n", 18 [pid 6465] <... openat resumed>) = 3 [pid 6467] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... ioctl resumed>) = 0 [pid 6467] <... openat resumed>) = 3 [pid 6466] <... write resumed>) = 18 [pid 6466] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] close(3 [pid 6466] <... futex resumed>) = 0 [pid 6466] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 6467] write(3, "1000", 4 [pid 6465] write(3, "1000", 4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6467] <... write resumed>) = 4 [pid 6466] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6465] <... write resumed>) = 4 [pid 6466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6466] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6466] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6466] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6469]}, 88) = 6469 [pid 6466] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6466] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6466] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6469 attached [pid 6469] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6469] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6469] memfd_create("syzkaller", 0) = 3 [pid 6469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 ./strace-static-x86_64: Process 6471 attached ./strace-static-x86_64: Process 6470 attached [pid 6467] close(3 [pid 6465] close(3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6470 [pid 6467] <... close resumed>) = 0 [pid 6465] <... close resumed>) = 0 [pid 6470] set_robust_list(0x55555eedf6a0, 24 [pid 6467] symlink("/dev/binderfs", "./binderfs" [pid 6465] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6471 [pid 6470] <... set_robust_list resumed>) = 0 [pid 6471] set_robust_list(0x55555eedf6a0, 24 [pid 6470] chdir("./56" [pid 6467] <... symlink resumed>) = 0 [pid 6465] <... symlink resumed>) = 0 [pid 6471] <... set_robust_list resumed>) = 0 [pid 6470] <... chdir resumed>) = 0 executing program executing program [pid 6471] chdir("./58" [pid 6470] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6467] write(1, "executing program\n", 18 [pid 6465] write(1, "executing program\n", 18 [pid 6471] <... chdir resumed>) = 0 [pid 6470] <... prctl resumed>) = 0 [pid 6469] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6467] <... write resumed>) = 18 [pid 6465] <... write resumed>) = 18 [pid 6471] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6470] setpgid(0, 0 [pid 6469] <... write resumed>) = 131072 [pid 6471] <... prctl resumed>) = 0 [pid 6470] <... setpgid resumed>) = 0 [pid 6467] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] setpgid(0, 0 [pid 6470] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6467] <... futex resumed>) = 0 [pid 6465] <... futex resumed>) = 0 [pid 6467] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6465] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6467] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6465] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6471] <... setpgid resumed>) = 0 [pid 6470] <... openat resumed>) = 3 [pid 6469] munmap(0x7fbb60600000, 138412032 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6467] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6470] write(3, "1000", 4 [pid 6469] <... munmap resumed>) = 0 [pid 6465] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6471] <... openat resumed>) = 3 [pid 6470] <... write resumed>) = 4 [pid 6467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6465] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6470] close(3 [pid 6467] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6465] <... mprotect resumed>) = 0 [pid 6471] write(3, "1000", 4 [pid 6469] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6467] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6465] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6470] <... close resumed>) = 0 [pid 6471] <... write resumed>) = 4 [pid 6469] <... openat resumed>) = 4 [pid 6467] <... mprotect resumed>) = 0 [pid 6465] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6470] symlink("/dev/binderfs", "./binderfs" [pid 6471] close(3 [pid 6469] ioctl(4, LOOP_SET_FD, 3 [pid 6467] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6471] <... close resumed>) = 0 [pid 6470] <... symlink resumed>) = 0 [pid 6467] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6471] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 6472 attached [pid 6470] write(1, "executing program\n", 18 [pid 6467] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6471] <... symlink resumed>) = 0 executing program executing program [pid 6471] write(1, "executing program\n", 18 [pid 6472] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6470] <... write resumed>) = 18 [pid 6465] <... clone3 resumed> => {parent_tid=[6472]}, 88) = 6472 [pid 6472] <... rseq resumed>) = 0 [pid 6472] set_robust_list(0x7fbb68bde9a0, 24 [pid 6465] rt_sigprocmask(SIG_SETMASK, [], [pid 6472] <... set_robust_list resumed>) = 0 [pid 6470] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6467] <... clone3 resumed> => {parent_tid=[6473]}, 88) = 6473 [pid 6465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6472] rt_sigprocmask(SIG_SETMASK, [], [pid 6467] rt_sigprocmask(SIG_SETMASK, [], [pid 6472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6470] <... futex resumed>) = 0 [pid 6467] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6465] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] memfd_create("syzkaller", 0 [pid 6471] <... write resumed>) = 18 [pid 6470] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6467] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = 0 [pid 6471] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6470] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6467] <... futex resumed>) = 0 [pid 6465] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6471] <... futex resumed>) = 0 [pid 6470] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6467] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6470] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6473 attached [pid 6471] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6470] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6473] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6471] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6473] <... rseq resumed>) = 0 [pid 6471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6473] set_robust_list(0x7fbb68bde9a0, 24 [pid 6471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] <... set_robust_list resumed>) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6473] rt_sigprocmask(SIG_SETMASK, [], [pid 6471] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6471] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6473] memfd_create("syzkaller", 0 [pid 6471] <... mprotect resumed>) = 0 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6474 attached => {parent_tid=[6474]}, 88) = 6474 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], [pid 6473] <... memfd_create resumed>) = 3 [pid 6471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6471] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... mmap resumed>) = 0x7fbb60600000 [pid 6471] <... futex resumed>) = 0 [pid 6474] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6473] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6471] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6474] <... rseq resumed>) = 0 [pid 6474] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6474] memfd_create("syzkaller", 0) = 3 [pid 6474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6474] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6473] <... write resumed>) = 131072 [pid 6472] <... memfd_create resumed>) = 3 [pid 6470] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6470] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6469] <... ioctl resumed>) = 0 [pid 6472] <... mmap resumed>) = 0x7fbb60600000 [pid 6470] <... mprotect resumed>) = 0 [pid 6469] close(3) = 0 [pid 6473] munmap(0x7fbb60600000, 138412032 [pid 6469] close(4 [pid 6473] <... munmap resumed>) = 0 [pid 6472] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6470] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6469] <... close resumed>) = 0 [pid 6474] <... write resumed>) = 131072 [pid 6473] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6472] <... write resumed>) = 131072 [pid 6470] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6469] mkdir("./file2", 0777 [pid 6470] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6469] <... mkdir resumed>) = 0 [pid 6473] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6475 attached [pid 6470] <... clone3 resumed> => {parent_tid=[6475]}, 88) = 6475 [ 117.919070][ T6469] loop1: detected capacity change from 0 to 256 [pid 6475] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6473] ioctl(4, LOOP_SET_FD, 3 [pid 6470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6475] <... rseq resumed>) = 0 [pid 6474] munmap(0x7fbb60600000, 138412032 [pid 6472] munmap(0x7fbb60600000, 138412032 [pid 6470] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6470] <... futex resumed>) = 0 [pid 6472] <... munmap resumed>) = 0 [pid 6470] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6475] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6474] <... munmap resumed>) = 0 [pid 6475] rt_sigprocmask(SIG_SETMASK, [], [pid 6474] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6472] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6474] <... openat resumed>) = 4 [pid 6472] <... openat resumed>) = 4 [pid 6474] ioctl(4, LOOP_SET_FD, 3 [pid 6472] ioctl(4, LOOP_SET_FD, 3 [pid 6475] memfd_create("syzkaller", 0) = 3 [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6473] <... ioctl resumed>) = 0 [pid 6473] close(3) = 0 [pid 6473] close(4) = 0 [pid 6473] mkdir("./file2", 0777) = 0 [ 117.964730][ T6473] loop3: detected capacity change from 0 to 256 [ 117.978836][ T6472] loop4: detected capacity change from 0 to 256 [ 117.979273][ T6474] loop2: detected capacity change from 0 to 256 [pid 6473] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6475] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6474] <... ioctl resumed>) = 0 [pid 6472] <... ioctl resumed>) = 0 [pid 6475] <... write resumed>) = 131072 [pid 6472] close(3) = 0 [pid 6475] munmap(0x7fbb60600000, 138412032 [pid 6474] close(3 [pid 6472] close(4 [pid 6474] <... close resumed>) = 0 [pid 6472] <... close resumed>) = 0 [pid 6474] close(4 [pid 6472] mkdir("./file2", 0777 [pid 6474] <... close resumed>) = 0 [pid 6475] <... munmap resumed>) = 0 [pid 6474] mkdir("./file2", 0777 [pid 6472] <... mkdir resumed>) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6474] <... mkdir resumed>) = 0 [pid 6472] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6475] <... openat resumed>) = 4 [pid 6474] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6475] ioctl(4, LOOP_SET_FD, 3 [pid 6469] <... mount resumed>) = 0 [pid 6469] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6469] chdir("./file2") = 0 [pid 6469] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [ 118.004178][ T6469] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.022354][ T6469] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.041525][ T6473] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.041565][ T6475] loop0: detected capacity change from 0 to 256 [pid 6469] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6466] <... futex resumed>) = 0 [pid 6469] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6466] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6466] <... futex resumed>) = 0 [pid 6469] mkdir("./file3", 0777 [pid 6466] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... ioctl resumed>) = 0 [pid 6475] close(3) = 0 [pid 6475] close(4) = 0 [pid 6475] mkdir("./file2", 0777) = 0 [pid 6473] <... mount resumed>) = 0 [pid 6473] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6473] chdir("./file2") = 0 [pid 6473] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6473] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6473] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6469] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6475] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6467] <... futex resumed>) = 0 [pid 6467] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6473] <... futex resumed>) = 0 [pid 6473] mkdir("./file3", 0777 [ 118.062551][ T6469] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.075533][ T6473] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.088683][ T6469] exFAT-fs (loop1): Filesystem has been set read-only [ 118.098011][ T6472] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6467] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6466] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6466] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6473] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6466] <... futex resumed>) = ? [pid 6469] +++ killed by SIGSEGV +++ [pid 6467] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6467] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6467] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6467] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6473] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6467] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6474] <... mount resumed>) = 0 [ 118.122109][ T6474] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.122225][ T6473] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.139595][ T6472] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.143916][ T6473] exFAT-fs (loop3): Filesystem has been set read-only [ 118.162662][ T6474] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6467] <... rt_sigprocmask resumed> ) = ? [pid 6466] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6466, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6472] <... mount resumed>) = 0 [pid 6472] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6474] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6473] +++ killed by SIGSEGV +++ [pid 6467] +++ killed by SIGSEGV +++ [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6472] <... openat resumed>) = 3 [pid 6472] chdir("./file2") = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6474] <... openat resumed>) = 3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6467, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5819] <... restart_syscall resumed>) = 0 [pid 6475] <... mount resumed>) = 0 [pid 6474] chdir("./file2" [pid 6472] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6475] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6474] <... chdir resumed>) = 0 [pid 6472] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] <... openat resumed>) = 3 [pid 6474] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6472] <... futex resumed>) = 1 [pid 6465] <... futex resumed>) = 0 [pid 5821] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6465] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6475] chdir("./file2" [pid 6474] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6472] mkdir("./file3", 0777 [pid 6475] <... chdir resumed>) = 0 [pid 6465] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6475] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6474] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 3 [pid 6474] <... futex resumed>) = 1 [pid 6471] <... futex resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 6474] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6471] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6474] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6471] <... futex resumed>) = 0 [pid 5821] getdents64(3, [pid 6474] mkdir("./file3", 0777 [pid 6471] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 118.180641][ T6475] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.194506][ T6475] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.209638][ T6472] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.212805][ T6474] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5821] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6475] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6475] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6475] <... futex resumed>) = 1 [pid 6470] <... futex resumed>) = 0 [pid 5819] newfstatat(3, "", [pid 6475] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6472] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6470] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6475] mkdir("./file3", 0777 [pid 5819] getdents64(3, [pid 6472] +++ killed by SIGSEGV +++ [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 5819] <... umount2 resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5819] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./60/file2") = 0 [pid 5821] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./60/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./60"executing program ) = 0 [pid 6470] <... futex resumed>) = 0 [pid 6465] <... futex resumed>) = ? [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] mkdir("./61", 0777) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] newfstatat(AT_FDCWD, "./59/file2", [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6476 [pid 6471] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6471] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6476 attached [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6471] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6476] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6471] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6476] chdir("./61" [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6476] <... chdir resumed>) = 0 [pid 6476] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6471] <... clone3 resumed> => {parent_tid=[6477]}, 88) = 6477 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6471] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] setpgid(0, 0 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6477 attached [pid 6476] <... setpgid resumed>) = 0 [pid 6477] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6476] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6477] <... rseq resumed>) = 0 [pid 6476] <... openat resumed>) = 3 [pid 6477] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6476] write(3, "1000", 4 [pid 6477] <... set_robust_list resumed>) = 0 [pid 6476] <... write resumed>) = 4 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], [pid 6476] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6476] <... close resumed>) = 0 [pid 6477] openat(AT_FDCWD, ".", O_RDONLY [pid 6476] symlink("/dev/binderfs", "./binderfs" [pid 6477] <... openat resumed>) = 4 [pid 6476] <... symlink resumed>) = 0 [pid 6477] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6476] write(1, "executing program\n", 18 [pid 6474] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6477] <... futex resumed>) = 1 [pid 6476] <... write resumed>) = 18 [pid 6474] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6476] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] +++ killed by SIGSEGV +++ [pid 6476] <... futex resumed>) = 0 [pid 5819] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6470] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6476] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6465, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6476] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6476] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6471] <... futex resumed>) = ? [pid 6477] +++ killed by SIGSEGV +++ [pid 6476] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6474] +++ killed by SIGSEGV +++ [pid 6471] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6471, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6476] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... openat resumed>) = 4 [pid 6476] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] newfstatat(4, "", [pid 6476] <... mprotect resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6476] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 6476] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... close resumed>) = 0 [pid 6476] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] rmdir("./59/file2" [pid 6476] <... clone3 resumed> => {parent_tid=[6478]}, 88) = 6478 [pid 6476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6476] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6476] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... restart_syscall resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6478 attached [pid 5822] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./59/binderfs", [pid 5822] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] newfstatat(3, "", [pid 5819] unlink("./59/binderfs" [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... unlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5820] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 5822] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6478] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5822] newfstatat(AT_FDCWD, "./59/file2", [pid 5819] close(3 [pid 6478] <... rseq resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6478] set_robust_list(0x7fbb68bde9a0, 24 [pid 5822] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 5819] <... close resumed>) = 0 [pid 6478] <... set_robust_list resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6478] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] rmdir("./59" [pid 6478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5820] getdents64(3, [pid 6478] memfd_create("syzkaller", 0 [pid 5822] newfstatat(4, "", [pid 6478] <... memfd_create resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... rmdir resumed>) = 0 [pid 6478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] getdents64(4, [pid 5820] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] mkdir("./60", 0777 [pid 6478] <... mmap resumed>) = 0x7fbb60600000 [pid 6475] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6478] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6475] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(4, [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] close(4 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] rmdir("./59/file2") = 0 [pid 5820] newfstatat(AT_FDCWD, "./58/file2", [pid 5819] <... openat resumed>) = 3 [pid 6470] <... futex resumed>) = ? [pid 5822] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6478] <... write resumed>) = 131072 [pid 6475] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5822] newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./59/binderfs") = 0 [pid 5822] getdents64(3, [pid 5819] <... ioctl resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 6470] +++ killed by SIGSEGV +++ [pid 6478] munmap(0x7fbb60600000, 138412032 [pid 5822] close(3 [pid 5820] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... close resumed>) = 0 [pid 6478] <... munmap resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6470, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6479 attached [pid 5822] rmdir("./59" [pid 5820] <... openat resumed>) = 4 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6479 [pid 5818] <... restart_syscall resumed>) = 0 [pid 6479] set_robust_list(0x55555eedf6a0, 24 [pid 6478] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] <... rmdir resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 6479] <... set_robust_list resumed>) = 0 [pid 6478] <... openat resumed>) = 4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6479] chdir("./60" [pid 6478] ioctl(4, LOOP_SET_FD, 3 [pid 5820] getdents64(4, [pid 5818] umount2("./56", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6479] <... chdir resumed>) = 0 [ 118.220863][ T6472] exFAT-fs (loop4): Filesystem has been set read-only [ 118.239908][ T6475] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.243870][ T6474] exFAT-fs (loop2): Filesystem has been set read-only [ 118.249679][ T6475] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] mkdir("./60", 0777 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6479] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] getdents64(4, [pid 5818] openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(4) = 0 [pid 6479] <... prctl resumed>) = 0 [pid 6479] setpgid(0, 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] rmdir("./58/file2" [pid 6479] <... setpgid resumed>) = 0 [pid 6479] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./56/file2", [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5818] umount2("./56/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... ioctl resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./58/binderfs", [pid 5818] openat(AT_FDCWD, "./56/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] close(3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... openat resumed>) = 4 [pid 6478] <... ioctl resumed>) = 0 [pid 5820] unlink("./58/binderfs" [pid 5818] newfstatat(4, "", [pid 6478] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6478] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 6478] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... unlink resumed>) = 0 [pid 6478] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 6479] write(3, "1000", 4 [pid 6478] mkdir("./file2", 0777 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6479] <... write resumed>) = 4 [pid 6478] <... mkdir resumed>) = 0 [pid 5818] close(4 [pid 6479] close(3 [pid 6478] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... close resumed>) = 0 [pid 6479] <... close resumed>) = 0 [pid 5818] rmdir("./56/file2" [pid 5820] getdents64(3, [pid 5818] <... rmdir resumed>) = 0 [pid 6479] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./56/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6479] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] close(3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... close resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./56/binderfs", [pid 5820] rmdir("./58" [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6479] write(1, "executing program\n", 18 [pid 5818] unlink("./56/binderfs" [pid 6479] <... write resumed>) = 18 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6479] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] mkdir("./59", 0777 [pid 5818] getdents64(3, [pid 6479] <... futex resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6479] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] close(3 [pid 6479] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... close resumed>) = 0 [pid 6479] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] rmdir("./56" [pid 6479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6479] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] mkdir("./57", 0777 [pid 6479] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6479] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... openat resumed>) = 3 [pid 6479] <... mprotect resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3./strace-static-x86_64: Process 6480 attached [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 6479] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... openat resumed>) = 3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6480 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 6479] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6479] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6481 attached [ 118.312336][ T6478] loop3: detected capacity change from 0 to 256 => {parent_tid=[6481]}, 88) = 6481 [pid 5820] <... close resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6481] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6479] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] <... rseq resumed>) = 0 [pid 6479] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6482 attached [pid 6481] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6482 [pid 6481] memfd_create("syzkaller", 0) = 3 [pid 6482] set_robust_list(0x55555eedf6a0, 24 [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6482] <... set_robust_list resumed>) = 0 [pid 6481] <... mmap resumed>) = 0x7fbb60600000 [pid 6482] chdir("./57" [pid 6481] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6480] set_robust_list(0x55555eedf6a0, 24 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6482] <... chdir resumed>) = 0 [pid 6482] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 ./strace-static-x86_64: Process 6483 attached [pid 6482] setpgid(0, 0 [pid 6480] <... set_robust_list resumed>) = 0 [pid 6482] <... setpgid resumed>) = 0 [pid 6481] <... write resumed>) = 131072 [pid 6482] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6482] write(3, "1000", 4 [pid 6481] munmap(0x7fbb60600000, 138412032 [pid 6482] <... write resumed>) = 4 [pid 6481] <... munmap resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6483 [pid 6482] close(3) = 0 [pid 6482] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6483] set_robust_list(0x55555eedf6a0, 24 [pid 6480] chdir("./60" [pid 6483] <... set_robust_list resumed>) = 0 [pid 6480] <... chdir resumed>) = 0 [pid 6483] chdir("./59" executing program [pid 6482] write(1, "executing program\n", 18 [pid 6481] <... openat resumed>) = 4 [pid 6480] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6482] <... write resumed>) = 18 [pid 6481] ioctl(4, LOOP_SET_FD, 3 [pid 6480] <... prctl resumed>) = 0 [pid 6483] <... chdir resumed>) = 0 [pid 6483] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6482] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... mount resumed>) = 0 [pid 6480] setpgid(0, 0 [pid 6483] <... prctl resumed>) = 0 [pid 6480] <... setpgid resumed>) = 0 [pid 6478] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6483] setpgid(0, 0 [pid 6480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6483] <... setpgid resumed>) = 0 [pid 6482] <... futex resumed>) = 0 [pid 6482] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6480] <... openat resumed>) = 3 [pid 6482] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6482] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6482] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6478] <... openat resumed>) = 3 [pid 6482] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6483] <... openat resumed>) = 3 [pid 6482] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6483] write(3, "1000", 4) = 4 [pid 6482] <... mprotect resumed>) = 0 [pid 6483] close(3 [pid 6482] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6480] write(3, "1000", 4 [pid 6478] chdir("./file2" [pid 6480] <... write resumed>) = 4 [pid 6483] <... close resumed>) = 0 [pid 6478] <... chdir resumed>) = 0 [pid 6483] symlink("/dev/binderfs", "./binderfs" [pid 6480] close(3 [pid 6478] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6480] <... close resumed>) = 0 [pid 6482] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6483] <... symlink resumed>) = 0 [pid 6480] symlink("/dev/binderfs", "./binderfs" [pid 6478] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6482] <... clone3 resumed> => {parent_tid=[6484]}, 88) = 6484 [pid 6482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6484 attached [pid 6482] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6483] write(1, "executing program\n", 18 [pid 6482] <... futex resumed>) = 0 executing program [pid 6480] <... symlink resumed>) = 0 [pid 6478] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... rseq resumed>) = 0 [pid 6482] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 6484] set_robust_list(0x7fbb68bde9a0, 24 [pid 6483] <... write resumed>) = 18 [pid 6480] write(1, "executing program\n", 18 [pid 6478] <... futex resumed>) = 1 [pid 6476] <... futex resumed>) = 0 [pid 6484] <... set_robust_list resumed>) = 0 [pid 6483] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... write resumed>) = 18 [pid 6478] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6476] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 118.358504][ T6478] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.378418][ T6478] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.393200][ T6481] loop1: detected capacity change from 0 to 256 [pid 6484] rt_sigprocmask(SIG_SETMASK, [], [pid 6480] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6476] <... futex resumed>) = 0 [pid 6484] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6483] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6481] <... ioctl resumed>) = 0 [pid 6480] <... futex resumed>) = 0 [pid 6478] mkdir("./file3", 0777 [pid 6476] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] memfd_create("syzkaller", 0 [pid 6481] close(3 [pid 6484] <... memfd_create resumed>) = 3 [pid 6483] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6481] <... close resumed>) = 0 [pid 6480] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6481] close(4) = 0 [pid 6484] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6481] mkdir("./file2", 0777) = 0 [pid 6484] <... write resumed>) = 131072 [pid 6483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6480] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6483] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6483] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6481] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6484] munmap(0x7fbb60600000, 138412032) = 0 [pid 6483] <... mprotect resumed>) = 0 [pid 6480] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6483] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6480] <... mprotect resumed>) = 0 [pid 6484] ioctl(4, LOOP_SET_FD, 3 [pid 6483] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6480] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6485 attached [pid 6483] <... clone3 resumed> => {parent_tid=[6485]}, 88) = 6485 ./strace-static-x86_64: Process 6486 attached [pid 6485] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6483] rt_sigprocmask(SIG_SETMASK, [], [pid 6480] <... clone3 resumed> => {parent_tid=[6486]}, 88) = 6486 [pid 6478] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6486] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6485] <... rseq resumed>) = 0 [pid 6483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], [pid 6486] <... rseq resumed>) = 0 [pid 6485] set_robust_list(0x7fbb68bde9a0, 24 [pid 6480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6478] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6483] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6486] set_robust_list(0x7fbb68bde9a0, 24 [pid 6485] <... set_robust_list resumed>) = 0 [pid 6480] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6483] <... futex resumed>) = 0 [pid 6485] rt_sigprocmask(SIG_SETMASK, [], [pid 6483] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6480] <... futex resumed>) = 0 [pid 6485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6486] <... set_robust_list resumed>) = 0 [pid 6485] memfd_create("syzkaller", 0 [pid 6480] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6476] <... futex resumed>) = ? [pid 6478] +++ killed by SIGSEGV +++ [pid 6476] +++ killed by SIGSEGV +++ [pid 6484] <... ioctl resumed>) = 0 [pid 6484] close(3) = 0 [pid 6484] close(4 [pid 6486] rt_sigprocmask(SIG_SETMASK, [], [pid 6485] <... memfd_create resumed>) = 3 [pid 6484] <... close resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6476, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6486] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 118.410463][ T6478] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.424922][ T6478] exFAT-fs (loop3): Filesystem has been set read-only [ 118.449383][ T6484] loop0: detected capacity change from 0 to 256 [pid 6485] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6484] mkdir("./file2", 0777 [pid 6486] memfd_create("syzkaller", 0 [pid 6485] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6484] <... mkdir resumed>) = 0 [pid 5821] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6486] <... memfd_create resumed>) = 3 [pid 6485] <... write resumed>) = 131072 [pid 6486] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6485] munmap(0x7fbb60600000, 138412032 [pid 5821] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6486] <... mmap resumed>) = 0x7fbb60600000 [pid 6486] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6485] <... munmap resumed>) = 0 [pid 6484] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... openat resumed>) = 3 [pid 6485] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6486] <... write resumed>) = 131072 [pid 6485] <... openat resumed>) = 4 [pid 5821] newfstatat(3, "", [ 118.496671][ T6481] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.525346][ T6481] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.530486][ T6484] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6486] munmap(0x7fbb60600000, 138412032 [pid 6485] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 6481] <... mount resumed>) = 0 [pid 6481] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6481] chdir("./file2") = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6481] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6481] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6479] <... futex resumed>) = 0 [pid 6479] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = 0 [pid 6479] <... futex resumed>) = 1 [pid 6481] mkdir("./file3", 0777 [pid 6486] <... munmap resumed>) = 0 [pid 6485] <... ioctl resumed>) = 0 [pid 6479] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6486] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6485] close(3) = 0 [pid 6485] close(4 [pid 6486] <... openat resumed>) = 4 [pid 6485] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 6485] mkdir("./file2", 0777 [pid 5821] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6486] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6485] <... mkdir resumed>) = 0 [pid 6484] <... mount resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6486] close(3 [pid 6485] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6484] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] newfstatat(AT_FDCWD, "./61/file2", [pid 6486] <... close resumed>) = 0 [pid 6481] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6484] <... openat resumed>) = 3 [pid 6486] close(4 [pid 6481] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6486] <... close resumed>) = 0 [pid 6484] chdir("./file2" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6481] +++ killed by SIGSEGV +++ [pid 6486] mkdir("./file2", 0777 [pid 6484] <... chdir resumed>) = 0 [pid 6479] <... futex resumed>) = ? [pid 5821] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6486] <... mkdir resumed>) = 0 [pid 6484] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6479] +++ killed by SIGSEGV +++ [pid 5821] <... openat resumed>) = 4 [pid 6486] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6479, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6484] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] newfstatat(4, "", [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6484] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(4, [pid 6484] <... futex resumed>) = 1 [pid 6482] <... futex resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6484] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] getdents64(4, [pid 6482] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6484] <... futex resumed>) = 0 [pid 6482] <... futex resumed>) = 1 [pid 5821] close(4 [pid 6484] mkdir("./file3", 0777 [pid 6482] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./61/file2" [pid 5819] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [ 118.547496][ T6485] loop2: detected capacity change from 0 to 256 [ 118.552718][ T6481] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.571234][ T6484] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.581409][ T6486] loop4: detected capacity change from 0 to 256 [ 118.584602][ T6481] exFAT-fs (loop1): Filesystem has been set read-only [pid 5819] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... openat resumed>) = 3 [pid 5821] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5819] newfstatat(3, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5819] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] unlink("./61/binderfs" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... unlink resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] close(3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./61" [pid 5819] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", [pid 5821] mkdir("./62", 0777 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5819] getdents64(4, [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... openat resumed>) = 3 [pid 5819] getdents64(4, [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... ioctl resumed>) = 0 [ 118.623334][ T6485] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.623698][ T6484] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.637128][ T6485] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] close(4 [pid 5821] close(3 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./60/file2" [pid 5821] <... close resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6482] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6482] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6482] <... futex resumed>) = 0 [pid 6482] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] newfstatat(AT_FDCWD, "./60/binderfs", [pid 6482] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6482] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6484] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6482] <... mprotect resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6482] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] unlink("./60/binderfs" [pid 6482] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6482] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6487]}, 88) = 6487 [pid 6482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6482] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... unlink resumed>) = 0 [pid 6482] <... futex resumed>) = 0 [pid 5819] getdents64(3, [pid 6482] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6484] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] close(3./strace-static-x86_64: Process 6487 attached [pid 6485] <... mount resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6485] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] rmdir("./60"./strace-static-x86_64: Process 6488 attached [pid 6485] <... openat resumed>) = 3 [pid 5819] <... rmdir resumed>) = 0 [pid 6487] +++ killed by SIGSEGV +++ [pid 6485] chdir("./file2" [pid 6484] +++ killed by SIGSEGV +++ [pid 6482] <... futex resumed>) = ? [pid 5819] mkdir("./61", 0777 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6488 [pid 6488] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6488] chdir("./62" [pid 6485] <... chdir resumed>) = 0 [pid 6482] +++ killed by SIGSEGV +++ [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6482, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] umount2("./57", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6488] <... chdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6488] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5818] openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6488] <... prctl resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6488] setpgid(0, 0 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6488] <... setpgid resumed>) = 0 [pid 6488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6485] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... openat resumed>) = 3 [pid 6488] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6485] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./57/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./57/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./57/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6485] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 5819] close(3 [pid 6485] <... futex resumed>) = 1 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./57/file2" [pid 6488] write(3, "1000", 4 [pid 6486] <... mount resumed>) = 0 [pid 6485] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] <... futex resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6488] <... write resumed>) = 4 [pid 6488] close(3) = 0 [ 118.667382][ T6484] exFAT-fs (loop0): Filesystem has been set read-only [ 118.689818][ T6486] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.703872][ T6486] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6488] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6486] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6483] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6485] <... futex resumed>) = 0 [pid 6483] <... futex resumed>) = 1 [pid 5818] umount2("./57/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6488] write(1, "executing program\n", 18 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6488] <... write resumed>) = 18 [pid 5818] newfstatat(AT_FDCWD, "./57/binderfs", [pid 6485] mkdir("./file3", 0777 [pid 6483] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6489 ./strace-static-x86_64: Process 6489 attached [pid 6488] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] unlink("./57/binderfs" [pid 6489] set_robust_list(0x55555eedf6a0, 24 [pid 6488] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... unlink resumed>) = 0 [pid 6489] <... set_robust_list resumed>) = 0 [pid 6488] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] getdents64(3, [pid 6489] chdir("./61" [pid 6488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] close(3 [pid 6488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... close resumed>) = 0 [pid 6488] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6488] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] rmdir("./57" [pid 6488] <... mprotect resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6489] <... chdir resumed>) = 0 [pid 6488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6489] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6489] <... prctl resumed>) = 0 [pid 6489] setpgid(0, 0 [pid 6488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}executing program [pid 5818] mkdir("./58", 0777./strace-static-x86_64: Process 6490 attached [pid 6489] <... setpgid resumed>) = 0 [pid 6486] <... openat resumed>) = 3 [pid 6488] <... clone3 resumed> => {parent_tid=[6490]}, 88) = 6490 [pid 6489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6489] <... openat resumed>) = 3 [pid 6488] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6488] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6489] write(3, "1000", 4 [pid 5818] <... openat resumed>) = 3 [pid 6489] <... write resumed>) = 4 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6489] close(3 [pid 5818] <... ioctl resumed>) = 0 [pid 6489] <... close resumed>) = 0 [pid 5818] close(3 [pid 6489] symlink("/dev/binderfs", "./binderfs" [pid 5818] <... close resumed>) = 0 [pid 6489] <... symlink resumed>) = 0 [pid 6489] write(1, "executing program\n", 18) = 18 [pid 6489] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6489] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6490] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6489] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6486] chdir("./file2" [pid 6485] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6490] <... rseq resumed>) = 0 [pid 6486] <... chdir resumed>) = 0 [pid 6490] set_robust_list(0x7fbb68bde9a0, 24 [pid 6489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6486] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6485] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6490] <... set_robust_list resumed>) = 0 [pid 6489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6486] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6483] <... futex resumed>) = ? ./strace-static-x86_64: Process 6491 attached [pid 6490] rt_sigprocmask(SIG_SETMASK, [], [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6486] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6485] +++ killed by SIGSEGV +++ [pid 6491] set_robust_list(0x55555eedf6a0, 24 [pid 6490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6489] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6486] <... futex resumed>) = 1 [pid 6483] +++ killed by SIGSEGV +++ [pid 6480] <... futex resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6491 [pid 6490] memfd_create("syzkaller", 0 [pid 6489] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6486] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6483, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6490] <... memfd_create resumed>) = 3 [pid 6486] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] <... futex resumed>) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6486] mkdir("./file3", 0777 [pid 6480] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] <... mmap resumed>) = 0x7fbb60600000 [pid 6491] <... set_robust_list resumed>) = 0 [pid 6489] <... mprotect resumed>) = 0 [pid 6491] chdir("./58" [pid 6490] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6489] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... restart_syscall resumed>) = 0 [pid 6491] <... chdir resumed>) = 0 [pid 6489] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6491] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6491] <... prctl resumed>) = 0 ./strace-static-x86_64: Process 6492 attached [pid 6491] setpgid(0, 0 [pid 6492] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6491] <... setpgid resumed>) = 0 [pid 6489] <... clone3 resumed> => {parent_tid=[6492]}, 88) = 6492 [pid 6492] <... rseq resumed>) = 0 [pid 6491] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6489] rt_sigprocmask(SIG_SETMASK, [], [pid 6492] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], [pid 6489] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6491] <... openat resumed>) = 3 [pid 6489] <... futex resumed>) = 0 [pid 6492] memfd_create("syzkaller", 0 [pid 6491] write(3, "1000", 4 [pid 6490] <... write resumed>) = 131072 [pid 6489] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6492] <... memfd_create resumed>) = 3 [ 118.727519][ T6485] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.738430][ T6485] exFAT-fs (loop2): Filesystem has been set read-only [ 118.762964][ T6486] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6491] <... write resumed>) = 4 [pid 6490] munmap(0x7fbb60600000, 138412032 [pid 6492] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6491] close(3 [pid 6492] <... mmap resumed>) = 0x7fbb60600000 [pid 6491] <... close resumed>) = 0 [pid 6492] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6491] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6491] write(1, "executing program\n", 18) = 18 [pid 6491] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6491] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6491] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6490] <... munmap resumed>) = 0 [pid 6492] <... write resumed>) = 131072 [pid 6491] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6490] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6491] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... openat resumed>) = 3 [pid 6491] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6490] <... openat resumed>) = 4 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6492] munmap(0x7fbb60600000, 138412032 [pid 5820] getdents64(3, [pid 6492] <... munmap resumed>) = 0 [pid 6491] <... mprotect resumed>) = 0 [pid 6490] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6491] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6491] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6493 attached [pid 5820] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6492] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6493] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6492] <... openat resumed>) = 4 [pid 6493] <... rseq resumed>) = 0 [pid 6491] <... clone3 resumed> => {parent_tid=[6493]}, 88) = 6493 [pid 6491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6491] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6493] set_robust_list(0x7fbb68bde9a0, 24 [pid 6491] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6493] <... set_robust_list resumed>) = 0 [pid 6492] ioctl(4, LOOP_SET_FD, 3 [pid 6493] rt_sigprocmask(SIG_SETMASK, [], [pid 6486] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6480] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... umount2 resumed>) = 0 [pid 6486] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6490] <... ioctl resumed>) = 0 [pid 6480] ???( [pid 5820] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6493] memfd_create("syzkaller", 0 [pid 6490] close(3 [pid 6480] <... ??? resumed>) = ? [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6493] <... memfd_create resumed>) = 3 [pid 6490] <... close resumed>) = 0 [pid 6486] +++ killed by SIGSEGV +++ [pid 5820] newfstatat(AT_FDCWD, "./59/file2", [pid 6493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6492] <... ioctl resumed>) = 0 [pid 6480] +++ killed by SIGSEGV +++ [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6493] <... mmap resumed>) = 0x7fbb60600000 [pid 6490] close(4 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6480, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6493] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6492] close(3 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6493] <... write resumed>) = 131072 [pid 6490] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6492] <... close resumed>) = 0 [pid 6490] mkdir("./file2", 0777 [pid 5820] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6492] close(4 [pid 6493] munmap(0x7fbb60600000, 138412032 [pid 6492] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 6492] mkdir("./file2", 0777 [pid 6493] <... munmap resumed>) = 0 [pid 6492] <... mkdir resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 6492] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6493] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 118.783184][ T6486] exFAT-fs (loop4): Filesystem has been set read-only [ 118.810538][ T6490] loop3: detected capacity change from 0 to 256 [ 118.811057][ T6492] loop1: detected capacity change from 0 to 256 [pid 6493] <... openat resumed>) = 4 [pid 6490] <... mkdir resumed>) = 0 [pid 5822] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6493] ioctl(4, LOOP_SET_FD, 3 [pid 5822] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6493] <... ioctl resumed>) = 0 [pid 6490] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6493] close(3) = 0 [pid 6493] close(4) = 0 [pid 6493] mkdir("./file2", 0777) = 0 [pid 6493] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... openat resumed>) = 3 [pid 5820] getdents64(4, [pid 5822] newfstatat(3, "", [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] close(4 [pid 5822] getdents64(3, [pid 5820] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 118.870956][ T6493] loop0: detected capacity change from 0 to 256 [ 118.873068][ T6492] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.898621][ T6492] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.903284][ T6493] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5820] rmdir("./59/file2" [pid 5822] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5820] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6492] <... mount resumed>) = 0 [pid 5822] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./59/binderfs", [pid 6493] <... mount resumed>) = 0 [pid 6493] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6493] chdir("./file2") = 0 [pid 6493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6493] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6491] <... futex resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6492] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6493] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... openat resumed>) = 3 [pid 6491] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] newfstatat(AT_FDCWD, "./60/file2", [pid 5820] unlink("./59/binderfs" [pid 6493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6492] chdir("./file2" [pid 6491] <... futex resumed>) = 0 [pid 6493] mkdir("./file3", 0777 [pid 6491] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6492] <... chdir resumed>) = 0 [pid 6490] <... mount resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 6492] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6490] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(3, [pid 6492] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6492] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] <... openat resumed>) = 3 [pid 5822] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] close(3 [pid 6492] <... futex resumed>) = 1 [pid 6490] chdir("./file2" [pid 5822] <... openat resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 6492] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6490] <... chdir resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5820] rmdir("./59" [pid 6490] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6490] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] getdents64(4, [pid 5820] mkdir("./60", 0777 [pid 6490] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... mkdir resumed>) = 0 [pid 6490] <... futex resumed>) = 1 [pid 5822] getdents64(4, [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6490] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5822] close(4 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5822] <... close resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5822] rmdir("./60/file2" [pid 5820] close(3 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5822] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./60/binderfs", [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6494 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./60/binderfs"./strace-static-x86_64: Process 6494 attached [pid 6489] <... futex resumed>) = 0 [pid 6488] <... futex resumed>) = 0 [ 118.923889][ T6490] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 118.930607][ T6493] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.940649][ T6490] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 118.957211][ T6493] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6488] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6494] set_robust_list(0x55555eedf6a0, 24 [pid 6490] <... futex resumed>) = 0 [pid 6488] <... futex resumed>) = 1 [pid 5822] <... unlink resumed>) = 0 [pid 6490] mkdir("./file3", 0777 [pid 5822] getdents64(3, [pid 6488] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6494] <... set_robust_list resumed>) = 0 [pid 6492] <... futex resumed>) = 0 [pid 6489] <... futex resumed>) = 1 [pid 6492] mkdir("./file3", 0777 [pid 6494] chdir("./60" [pid 6489] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6494] <... chdir resumed>) = 0 [pid 5822] close(3 [pid 6491] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6494] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6491] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... close resumed>) = 0 [pid 6492] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6494] <... prctl resumed>) = 0 [pid 6493] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6491] <... futex resumed>) = 0 [pid 6490] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] rmdir("./60" [pid 6494] setpgid(0, 0 [pid 6491] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6492] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6491] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6490] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6494] <... setpgid resumed>) = 0 [pid 6493] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6491] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6489] <... futex resumed>) = ? [pid 6488] <... futex resumed>) = ? [pid 5822] <... rmdir resumed>) = 0 [pid 6494] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6491] <... mprotect resumed>) = ? [pid 6490] +++ killed by SIGSEGV +++ [pid 6488] +++ killed by SIGSEGV +++ [pid 5822] mkdir("./61", 0777 [pid 6494] <... openat resumed>) = 3 [pid 6492] +++ killed by SIGSEGV +++ [pid 6489] +++ killed by SIGSEGV +++ [pid 5822] <... mkdir resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6488, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6494] write(3, "1000", 4 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6489, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6494] <... write resumed>) = 4 [pid 5822] <... openat resumed>) = 3 [pid 6494] close(3 [pid 6493] +++ killed by SIGSEGV +++ [pid 6491] +++ killed by SIGSEGV +++ [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6494] <... close resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6491, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6494] symlink("/dev/binderfs", "./binderfs" [pid 5822] close(3 [pid 5819] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6494] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./58", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6494] write(1, "executing program\n", 18 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = 0 [pid 6494] <... write resumed>) = 18 [ 118.988037][ T6490] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 118.995995][ T6493] exFAT-fs (loop0): Filesystem has been set read-only [ 118.999506][ T6492] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.005537][ T6490] exFAT-fs (loop3): Filesystem has been set read-only [ 119.013988][ T6492] exFAT-fs (loop1): Filesystem has been set read-only [pid 5818] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6495 attached [pid 6494] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... openat resumed>) = 3 [pid 6495] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6495] chdir("./61" [pid 6494] <... futex resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6495 [pid 5821] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 6494] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6494] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6494] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5819] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6494] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] newfstatat(3, "", [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] newfstatat(AT_FDCWD, "./58/file2", [pid 6494] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6494] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6495] <... chdir resumed>) = 0 [pid 6494] <... mprotect resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6495] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6494] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./58/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6495] <... prctl resumed>) = 0 [pid 6494] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] newfstatat(AT_FDCWD, "./61/file2", [pid 6495] setpgid(0, 0 [pid 6494] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6496 attached [pid 6495] <... setpgid resumed>) = 0 [pid 5819] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6496] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6494] <... clone3 resumed> => {parent_tid=[6496]}, 88) = 6496 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./58/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6496] <... rseq resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6496] set_robust_list(0x7fbb68bde9a0, 24 [pid 6495] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 4 [pid 6496] <... set_robust_list resumed>) = 0 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6496] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] getdents64(4, [pid 6496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6495] write(3, "1000", 4 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6496] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] <... write resumed>) = 4 [pid 5819] getdents64(4, [pid 6495] close(3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6495] <... close resumed>) = 0 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] close(4 [pid 5818] <... openat resumed>) = 4 [pid 6495] symlink("/dev/binderfs", "./binderfs" [pid 6494] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... close resumed>) = 0 [pid 6495] <... symlink resumed>) = 0 [pid 6494] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] rmdir("./61/file2" [pid 6496] <... futex resumed>) = 0 [pid 6494] <... futex resumed>) = 1 [pid 5819] <... rmdir resumed>) = 0 [pid 6496] memfd_create("syzkaller", 0 [pid 6494] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 5819] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6496] <... memfd_create resumed>) = 3 [pid 6495] write(1, "executing program\n", 18 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6495] <... write resumed>) = 18 [pid 5819] newfstatat(AT_FDCWD, "./61/binderfs", [pid 6496] <... mmap resumed>) = 0x7fbb60600000 [pid 6495] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./61/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 6496] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] rmdir("./61" [pid 5818] newfstatat(4, "", [pid 6495] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6495] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 5818] getdents64(4, [pid 6495] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] mkdir("./62", 0777 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6496] <... write resumed>) = 131072 [pid 6495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] newfstatat(AT_FDCWD, "./62/file2", [pid 5818] getdents64(4, [pid 6496] munmap(0x7fbb60600000, 138412032 [pid 6495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(4 [pid 6495] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 6495] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] rmdir("./58/file2" [pid 6495] <... mprotect resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5818] <... rmdir resumed>) = 0 [pid 5821] newfstatat(4, "", [pid 5818] umount2("./58/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6496] <... munmap resumed>) = 0 [pid 6495] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6496] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6495] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] getdents64(4, [pid 5818] newfstatat(AT_FDCWD, "./58/binderfs", [pid 6496] <... openat resumed>) = 4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(4, [pid 5818] unlink("./58/binderfs" [pid 6496] ioctl(4, LOOP_SET_FD, 3 [pid 6495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... unlink resumed>) = 0 [pid 5821] close(4) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] getdents64(3, [pid 5821] rmdir("./62/file2" [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5821] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 5821] newfstatat(AT_FDCWD, "./62/binderfs", [pid 5818] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./62/binderfs" [pid 5818] rmdir("./58" [pid 5821] <... unlink resumed>) = 0 [pid 5821] getdents64(3, [pid 5818] <... rmdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 ./strace-static-x86_64: Process 6497 attached [pid 6496] <... ioctl resumed>) = 0 [pid 5821] rmdir("./62" [pid 5819] close(3 [pid 5818] mkdir("./59", 0777 [pid 6497] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6496] close(3 [pid 6495] <... clone3 resumed> => {parent_tid=[6497]}, 88) = 6497 [pid 6497] <... rseq resumed>) = 0 [pid 6496] <... close resumed>) = 0 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6497] set_robust_list(0x7fbb68bde9a0, 24 [pid 6496] close(4 [pid 6495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6496] <... close resumed>) = 0 [pid 6497] <... set_robust_list resumed>) = 0 [pid 6496] mkdir("./file2", 0777 [pid 6495] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] rt_sigprocmask(SIG_SETMASK, [], [pid 6496] <... mkdir resumed>) = 0 [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6497] memfd_create("syzkaller", 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6497] <... memfd_create resumed>) = 3 [pid 6496] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] mkdir("./63", 0777 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6498 attached [pid 6497] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... mkdir resumed>) = 0 [pid 6497] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] <... openat resumed>) = 3 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5821] <... openat resumed>) = 3 [pid 5818] <... ioctl resumed>) = 0 [pid 6498] set_robust_list(0x55555eedf6a0, 24 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5818] close(3 [pid 6498] <... set_robust_list resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6498 [pid 6498] chdir("./62" [pid 5821] <... ioctl resumed>) = 0 [pid 6497] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] close(3 [pid 6498] <... chdir resumed>) = 0 [pid 6497] <... write resumed>) = 131072 [pid 5818] <... close resumed>) = 0 [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... close resumed>) = 0 [pid 6498] <... prctl resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6498] setpgid(0, 0) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6497] munmap(0x7fbb60600000, 138412032 [pid 6498] <... openat resumed>) = 3 [ 119.121792][ T6496] loop2: detected capacity change from 0 to 256 [pid 6498] write(3, "1000", 4./strace-static-x86_64: Process 6499 attached [pid 6497] <... munmap resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6498] <... write resumed>) = 4 [pid 6498] close(3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6499 [pid 6499] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6498] <... close resumed>) = 0 [pid 6497] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6500 [pid 6498] symlink("/dev/binderfs", "./binderfs" [pid 6499] chdir("./59" [pid 6498] <... symlink resumed>) = 0 [pid 6497] <... openat resumed>) = 4 executing program [pid 6498] write(1, "executing program\n", 18) = 18 [pid 6498] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6500 attached [pid 6498] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6498] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6500] set_robust_list(0x55555eedf6a0, 24 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6500] <... set_robust_list resumed>) = 0 [pid 6498] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6500] chdir("./63" [pid 6499] <... chdir resumed>) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6497] ioctl(4, LOOP_SET_FD, 3executing program [pid 6499] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6499] setpgid(0, 0) = 0 [pid 6500] <... chdir resumed>) = 0 [pid 6500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6500] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 6501 attached [pid 6500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6501] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6500] <... openat resumed>) = 3 [pid 6498] <... clone3 resumed> => {parent_tid=[6501]}, 88) = 6501 [pid 6501] <... rseq resumed>) = 0 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], [pid 6501] set_robust_list(0x7fbb68bde9a0, 24 [pid 6500] write(3, "1000", 4 [pid 6498] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6501] <... set_robust_list resumed>) = 0 [pid 6500] <... write resumed>) = 4 [pid 6498] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] rt_sigprocmask(SIG_SETMASK, [], [pid 6498] <... futex resumed>) = 0 [pid 6501] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6498] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6501] memfd_create("syzkaller", 0 [pid 6500] close(3) = 0 [pid 6500] symlink("/dev/binderfs", "./binderfs" [pid 6501] <... memfd_create resumed>) = 3 [pid 6500] <... symlink resumed>) = 0 [pid 6499] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6500] write(1, "executing program\n", 18 [pid 6501] <... mmap resumed>) = 0x7fbb60600000 [pid 6500] <... write resumed>) = 18 [pid 6500] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... openat resumed>) = 3 [pid 6500] <... futex resumed>) = 0 [pid 6497] <... ioctl resumed>) = 0 [pid 6499] write(3, "1000", 4) = 4 [pid 6497] close(3 [pid 6496] <... mount resumed>) = 0 [pid 6499] close(3 [pid 6500] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6499] <... close resumed>) = 0 [pid 6497] <... close resumed>) = 0 [pid 6500] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6499] symlink("/dev/binderfs", "./binderfs" [pid 6497] close(4 [pid 6496] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6501] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6499] <... symlink resumed>) = 0 executing program [pid 6497] <... close resumed>) = 0 [pid 6496] <... openat resumed>) = 3 [pid 6500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] write(1, "executing program\n", 18 [pid 6500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6499] <... write resumed>) = 18 [pid 6497] mkdir("./file2", 0777 [pid 6496] chdir("./file2" [pid 6500] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6499] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6497] <... mkdir resumed>) = 0 [pid 6496] <... chdir resumed>) = 0 [pid 6501] <... write resumed>) = 131072 [pid 6500] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6499] <... futex resumed>) = 0 [pid 6500] <... mprotect resumed>) = 0 [pid 6499] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6500] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6499] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6496] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6501] munmap(0x7fbb60600000, 138412032 [pid 6500] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6499] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6497] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6496] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6501] <... munmap resumed>) = 0 [pid 6500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6499] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6499] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 6502 attached ) = 0 [pid 6502] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6500] <... clone3 resumed> => {parent_tid=[6502]}, 88) = 6502 [pid 6499] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6496] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... rseq resumed>) = 0 [pid 6501] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6500] rt_sigprocmask(SIG_SETMASK, [], [pid 6499] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6496] <... futex resumed>) = 1 [pid 6494] <... futex resumed>) = 0 [pid 6502] set_robust_list(0x7fbb68bde9a0, 24 [pid 6501] <... openat resumed>) = 4 [pid 6500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6499] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6496] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6494] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... set_robust_list resumed>) = 0 [ 119.167931][ T6496] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.183151][ T6496] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 119.194503][ T6497] loop4: detected capacity change from 0 to 256 [pid 6501] ioctl(4, LOOP_SET_FD, 3 [pid 6500] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 6503 attached [pid 6502] rt_sigprocmask(SIG_SETMASK, [], [pid 6500] <... futex resumed>) = 0 [pid 6494] <... futex resumed>) = 0 [pid 6502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6500] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6499] <... clone3 resumed> => {parent_tid=[6503]}, 88) = 6503 [pid 6494] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] memfd_create("syzkaller", 0 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6502] <... memfd_create resumed>) = 3 [pid 6499] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6499] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6502] <... mmap resumed>) = 0x7fbb60600000 [pid 6496] mkdir("./file3", 0777 [pid 6501] <... ioctl resumed>) = 0 [pid 6503] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6502] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6501] close(3 [pid 6503] <... rseq resumed>) = 0 [pid 6501] <... close resumed>) = 0 [pid 6501] close(4) = 0 [pid 6501] mkdir("./file2", 0777 [pid 6503] set_robust_list(0x7fbb68bde9a0, 24 [pid 6501] <... mkdir resumed>) = 0 [pid 6501] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6503] <... set_robust_list resumed>) = 0 [pid 6503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6503] memfd_create("syzkaller", 0 [pid 6502] <... write resumed>) = 131072 [pid 6503] <... memfd_create resumed>) = 3 [pid 6503] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 119.225886][ T6501] loop1: detected capacity change from 0 to 256 [ 119.237317][ T6496] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.253320][ T6496] exFAT-fs (loop2): Filesystem has been set read-only [pid 6496] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6503] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6502] munmap(0x7fbb60600000, 138412032) = 0 [pid 6496] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6502] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6494] <... futex resumed>) = ? [pid 6502] <... openat resumed>) = 4 [pid 6496] +++ killed by SIGSEGV +++ [pid 6494] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6494, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6502] ioctl(4, LOOP_SET_FD, 3 [pid 5820] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5820] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5820] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./60/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6497] <... mount resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6497] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... openat resumed>) = 4 [pid 6497] <... openat resumed>) = 3 [pid 5820] newfstatat(4, "", [pid 6497] chdir("./file2" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6497] <... chdir resumed>) = 0 [pid 5820] getdents64(4, [pid 6497] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6497] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./60/file2") = 0 [pid 6497] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6497] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6503] <... write resumed>) = 131072 [pid 5820] unlink("./60/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./60") = 0 [pid 5820] mkdir("./61", 0777) = 0 [pid 6503] munmap(0x7fbb60600000, 138412032) = 0 [pid 6503] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6495] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6503] <... openat resumed>) = 4 [pid 6495] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 3 [pid 6503] ioctl(4, LOOP_SET_FD, 3 [pid 6497] <... futex resumed>) = 0 [pid 6495] <... futex resumed>) = 1 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6497] mkdir("./file3", 0777 [pid 6495] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... ioctl resumed>) = 0 [ 119.266173][ T6497] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.287100][ T6497] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 119.287524][ T6502] loop3: detected capacity change from 0 to 256 [ 119.302746][ T6501] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.303062][ T6501] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] close(3) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6503] <... ioctl resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6505 [pid 6503] close(3) = 0 [pid 6503] close(4) = 0 [pid 6503] mkdir("./file2", 0777 [pid 6501] <... mount resumed>) = 0 [pid 6503] <... mkdir resumed>) = 0 [pid 6501] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6503] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""./strace-static-x86_64: Process 6505 attached [pid 6502] <... ioctl resumed>) = 0 [pid 6501] <... openat resumed>) = 3 [pid 6497] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6505] set_robust_list(0x55555eedf6a0, 24 [pid 6502] close(3 [pid 6501] chdir("./file2" [pid 6497] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6502] <... close resumed>) = 0 [pid 6505] <... set_robust_list resumed>) = 0 [pid 6502] close(4 [pid 6501] <... chdir resumed>) = 0 [pid 6495] <... futex resumed>) = ? [ 119.342444][ T6503] loop0: detected capacity change from 0 to 256 [ 119.350807][ T6497] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.381501][ T6497] exFAT-fs (loop4): Filesystem has been set read-only [pid 6505] chdir("./61" [pid 6502] <... close resumed>) = 0 [pid 6501] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6497] +++ killed by SIGSEGV +++ [pid 6495] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6495, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6505] <... chdir resumed>) = 0 [pid 6502] mkdir("./file2", 0777 [pid 6501] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6505] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6502] <... mkdir resumed>) = 0 [pid 6501] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... prctl resumed>) = 0 [pid 6501] <... futex resumed>) = 1 [pid 6505] setpgid(0, 0 [pid 6502] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6501] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6505] <... setpgid resumed>) = 0 [pid 6505] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6505] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6498] <... futex resumed>) = 0 [pid 6505] write(3, "1000", 4 [pid 5822] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6505] <... write resumed>) = 4 [pid 6505] close(3 [pid 6498] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6505] <... close resumed>) = 0 [pid 6501] <... futex resumed>) = 0 [pid 6498] <... futex resumed>) = 1 [pid 5822] newfstatat(3, "", [pid 6501] mkdir("./file3", 0777 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 119.399783][ T6503] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6498] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] symlink("/dev/binderfs", "./binderfs" [pid 5822] getdents64(3, [pid 6505] <... symlink resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6503] <... mount resumed>) = 0 [pid 6505] write(1, "executing program\n", 18 [pid 5822] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6503] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6503] chdir("./file2") = 0 [pid 6503] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 6505] <... write resumed>) = 18 [pid 6503] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... umount2 resumed>) = 0 [pid 6503] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] <... futex resumed>) = 0 [pid 6499] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.450118][ T6503] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 119.452241][ T6502] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.471496][ T6501] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.485969][ T6503] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6503] mkdir("./file3", 0777 [pid 6505] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6498] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6505] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./61/file2", [pid 6505] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6498] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6498] <... futex resumed>) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6498] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6506]}, 88) = 6506 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6498] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6505] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6501] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6506 attached [pid 6506] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6506] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6506] rt_sigprocmask(SIG_SETMASK, [], [pid 6505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6501] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6505] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6506] <... rt_sigprocmask resumed> ) = ? [pid 6505] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6498] <... futex resumed>) = ? [pid 5822] <... openat resumed>) = 4 [pid 6506] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(4, "", [pid 6502] <... mount resumed>) = 0 [pid 6501] +++ killed by SIGSEGV +++ [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6502] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6499] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6498] +++ killed by SIGSEGV +++ [pid 6505] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6503] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6502] <... openat resumed>) = 3 [pid 5822] getdents64(4, [pid 6505] <... mprotect resumed>) = 0 [pid 6502] chdir("./file2" [pid 6499] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6505] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6503] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6505] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6502] <... chdir resumed>) = 0 [pid 6499] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] getdents64(4, [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6498, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6505] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6502] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6499] <... mmap resumed>) = ? [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6507 attached [pid 6502] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... restart_syscall resumed>) = 0 [pid 6507] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6502] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6505] <... clone3 resumed> => {parent_tid=[6507]}, 88) = 6507 [pid 6507] <... rseq resumed>) = 0 [pid 6502] <... futex resumed>) = 1 [pid 6500] <... futex resumed>) = 0 [pid 6507] set_robust_list(0x7fbb68bde9a0, 24 [pid 6505] rt_sigprocmask(SIG_SETMASK, [], [pid 6502] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6500] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] close(4 [pid 6507] <... set_robust_list resumed>) = 0 [pid 6505] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6503] +++ killed by SIGSEGV +++ [pid 6502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6500] <... futex resumed>) = 0 [pid 6499] +++ killed by SIGSEGV +++ [pid 5822] <... close resumed>) = 0 [pid 5819] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6507] rt_sigprocmask(SIG_SETMASK, [], [pid 6505] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] mkdir("./file3", 0777 [pid 6500] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 119.495013][ T6501] exFAT-fs (loop1): Filesystem has been set read-only [ 119.511613][ T6502] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 119.522586][ T6503] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] rmdir("./61/file2" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6505] <... futex resumed>) = 0 [pid 6507] memfd_create("syzkaller", 0) = 3 [pid 6507] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6507] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6507] munmap(0x7fbb60600000, 138412032 [pid 6505] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... rmdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6499, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6507] <... munmap resumed>) = 0 [pid 5822] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6502] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... openat resumed>) = 3 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6507] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6502] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] newfstatat(AT_FDCWD, "./61/binderfs", [pid 5819] newfstatat(3, "", [pid 5818] <... restart_syscall resumed>) = 0 [pid 6507] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6500] <... futex resumed>) = ? [pid 6507] ioctl(4, LOOP_SET_FD, 3 [pid 5822] unlink("./61/binderfs" [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... unlink resumed>) = 0 [pid 6507] <... ioctl resumed>) = 0 [pid 6502] +++ killed by SIGSEGV +++ [pid 6500] +++ killed by SIGSEGV +++ [pid 5822] getdents64(3, [pid 5819] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6507] close(3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6500, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6507] <... close resumed>) = 0 [pid 5822] close(3 [pid 5818] umount2("./59", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6507] close(4 [pid 5822] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6507] <... close resumed>) = 0 [pid 5821] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6507] mkdir("./file2", 0777 [pid 5822] rmdir("./61" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6507] <... mkdir resumed>) = 0 [pid 5819] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 3 [pid 6507] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... openat resumed>) = 3 [pid 5819] newfstatat(AT_FDCWD, "./62/file2", [pid 5818] newfstatat(3, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] mkdir("./62", 0777 [pid 5821] newfstatat(3, "", [pid 5819] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(3, [pid 5819] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(3, [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] newfstatat(4, "", [pid 5818] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] getdents64(4, [pid 5822] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 119.548792][ T6502] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.558819][ T6502] exFAT-fs (loop3): Filesystem has been set read-only [ 119.581150][ T6507] loop2: detected capacity change from 0 to 256 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 5821] newfstatat(AT_FDCWD, "./63/file2", [pid 5819] close(4 [pid 5822] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... close resumed>) = 0 [pid 5821] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./63/file2" [pid 5818] <... umount2 resumed>) = 0 [pid 5819] rmdir("./62/file2" [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5821] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5819] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] newfstatat(AT_FDCWD, "./62/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] unlink("./63/binderfs"./strace-static-x86_64: Process 6508 attached [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(AT_FDCWD, "./59/file2", [pid 6508] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6507] <... mount resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5819] unlink("./62/binderfs" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] umount2("./59/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6508] chdir("./62" [pid 5821] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6508] <... chdir resumed>) = 0 [pid 6507] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] getdents64(3, [pid 5818] openat(AT_FDCWD, "./59/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6508] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6507] <... openat resumed>) = 3 [pid 5821] close(3 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6508] <... prctl resumed>) = 0 [pid 6507] chdir("./file2" [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6508 [pid 5821] <... close resumed>) = 0 [pid 5819] close(3 [pid 5818] <... openat resumed>) = 4 [pid 6508] setpgid(0, 0 [pid 6507] <... chdir resumed>) = 0 [pid 5821] rmdir("./63" [pid 6508] <... setpgid resumed>) = 0 [pid 6507] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6508] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] mkdir("./64", 0777 [pid 6508] <... openat resumed>) = 3 [pid 6507] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... mkdir resumed>) = 0 [pid 5819] rmdir("./62" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6508] write(3, "1000", 4 [pid 6507] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6507] <... futex resumed>) = 1 [pid 5821] <... ioctl resumed>) = 0 [pid 6508] <... write resumed>) = 4 [pid 5821] close(3 [pid 5819] <... rmdir resumed>) = 0 [pid 6507] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6508] close(3 [pid 6505] <... futex resumed>) = 0 [pid 5819] mkdir("./63", 0777 [pid 5818] getdents64(4, [pid 6508] <... close resumed>) = 0 [pid 6505] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6508] symlink("/dev/binderfs", "./binderfs" [pid 6507] <... futex resumed>) = 0 [pid 6505] <... futex resumed>) = 1 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6505] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6507] mkdir("./file3", 0777 [ 119.610219][ T6507] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.628450][ T6507] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] getdents64(4, [pid 5819] <... mkdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6508] <... symlink resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6508] write(1, "executing program\n", 18 [pid 5818] close(4executing program [pid 6508] <... write resumed>) = 18 [pid 6507] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 6508] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6507] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] rmdir("./59/file2" [pid 6508] <... futex resumed>) = 0 [pid 6505] <... futex resumed>) = ? [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 6508] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6508] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6507] +++ killed by SIGSEGV +++ [pid 6505] +++ killed by SIGSEGV +++ [pid 5818] umount2("./59/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6508] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6505, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6508] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./59/binderfs", ./strace-static-x86_64: Process 6509 attached [pid 6508] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6508] <... mprotect resumed>) = 0 [pid 5818] unlink("./59/binderfs" [pid 6509] set_robust_list(0x55555eedf6a0, 24 [pid 6508] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6509 [pid 5820] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6510 attached [pid 6509] <... set_robust_list resumed>) = 0 [pid 6508] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... unlink resumed>) = 0 [pid 6508] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(3, ./strace-static-x86_64: Process 6511 attached [pid 6510] set_robust_list(0x55555eedf6a0, 24 [pid 6509] chdir("./64" [pid 5820] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6511] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6510] <... set_robust_list resumed>) = 0 [pid 6509] <... chdir resumed>) = 0 [pid 6508] <... clone3 resumed> => {parent_tid=[6511]}, 88) = 6511 [pid 5820] newfstatat(3, "", [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6510 [pid 5818] close(3 [pid 6511] <... rseq resumed>) = 0 [pid 6510] chdir("./63" [pid 6509] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6508] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6511] set_robust_list(0x7fbb68bde9a0, 24 [pid 6510] <... chdir resumed>) = 0 [pid 6509] <... prctl resumed>) = 0 [pid 6508] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] getdents64(3, [pid 5818] <... close resumed>) = 0 [pid 6511] <... set_robust_list resumed>) = 0 [pid 6510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6509] setpgid(0, 0 [pid 6508] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] rt_sigprocmask(SIG_SETMASK, [], [pid 6510] <... prctl resumed>) = 0 [pid 6509] <... setpgid resumed>) = 0 [pid 6508] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] rmdir("./59" [pid 6511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6510] setpgid(0, 0 [pid 6509] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6508] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6510] <... setpgid resumed>) = 0 [pid 6509] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 6511] memfd_create("syzkaller", 0 [pid 6510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6509] write(3, "1000", 4 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] mkdir("./60", 0777 [pid 6511] <... memfd_create resumed>) = 3 [pid 6510] write(3, "1000", 4 [pid 6509] <... write resumed>) = 4 [pid 5820] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6509] close(3 [pid 5818] <... mkdir resumed>) = 0 [pid 6511] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6510] <... write resumed>) = 4 [pid 6510] close(3 [pid 6509] <... close resumed>) = 0 [pid 6510] <... close resumed>) = 0 [pid 6509] symlink("/dev/binderfs", "./binderfs" [pid 6510] symlink("/dev/binderfs", "./binderfs" [pid 6509] <... symlink resumed>) = 0 [pid 6511] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6510] <... symlink resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./61/file2", [pid 5818] <... openat resumed>) = 3 executing program executing program [pid 6510] write(1, "executing program\n", 18 [pid 6509] write(1, "executing program\n", 18 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6510] <... write resumed>) = 18 [pid 6509] <... write resumed>) = 18 [pid 5820] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6511] <... write resumed>) = 131072 [pid 6510] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... ioctl resumed>) = 0 [pid 6511] munmap(0x7fbb60600000, 138412032 [pid 6510] <... futex resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 6510] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6509] <... futex resumed>) = 0 [pid 6510] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6509] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6509] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6509] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6510] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [pid 6511] <... munmap resumed>) = 0 [pid 6510] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6509] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6511] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6510] <... mprotect resumed>) = 0 [pid 6509] <... mmap resumed>) = 0x7fbb68bbe000 [ 119.662408][ T6507] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.672286][ T6507] exFAT-fs (loop2): Filesystem has been set read-only [pid 5820] <... openat resumed>) = 4 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6511] <... openat resumed>) = 4 [pid 6510] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] newfstatat(4, "", [pid 6509] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6510] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6509] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6512 attached [pid 6511] ioctl(4, LOOP_SET_FD, 3 [pid 6510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6509] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6513 attached [], 8) = 0 [pid 6513] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6510] <... clone3 resumed> => {parent_tid=[6513]}, 88) = 6513 [pid 6509] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6514 attached [pid 6513] <... rseq resumed>) = 0 [pid 6510] rt_sigprocmask(SIG_SETMASK, [], [pid 6514] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6513] set_robust_list(0x7fbb68bde9a0, 24 [pid 6510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6513] <... set_robust_list resumed>) = 0 [pid 6510] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... rseq resumed>) = 0 [pid 6513] rt_sigprocmask(SIG_SETMASK, [], [pid 6510] <... futex resumed>) = 0 [pid 6514] set_robust_list(0x7fbb68bde9a0, 24 [pid 6513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6510] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6509] <... clone3 resumed> => {parent_tid=[6514]}, 88) = 6514 [pid 6514] <... set_robust_list resumed>) = 0 [pid 6513] memfd_create("syzkaller", 0 [pid 6509] rt_sigprocmask(SIG_SETMASK, [], [pid 6514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6514] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] <... memfd_create resumed>) = 3 [pid 6512] set_robust_list(0x55555eedf6a0, 24 [pid 6509] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(4, [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6512 [pid 6514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6512] <... set_robust_list resumed>) = 0 [pid 6509] <... futex resumed>) = 0 [pid 6514] memfd_create("syzkaller", 0 [pid 6513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6512] chdir("./60" [pid 6509] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6513] <... mmap resumed>) = 0x7fbb60600000 [pid 6512] <... chdir resumed>) = 0 [pid 5820] getdents64(4, [pid 6514] <... memfd_create resumed>) = 3 [pid 6512] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6513] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6512] <... prctl resumed>) = 0 [pid 6511] <... ioctl resumed>) = 0 [pid 5820] close(4 [pid 6514] <... mmap resumed>) = 0x7fbb60600000 [pid 6512] setpgid(0, 0 [pid 5820] <... close resumed>) = 0 [pid 6512] <... setpgid resumed>) = 0 [pid 6511] close(3 [pid 5820] rmdir("./61/file2" [pid 6514] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6512] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6511] <... close resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6513] <... write resumed>) = 131072 [pid 6512] <... openat resumed>) = 3 [pid 6511] close(4 [pid 5820] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6512] write(3, "1000", 4 [pid 6511] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6512] <... write resumed>) = 4 [pid 6511] mkdir("./file2", 0777 [pid 5820] newfstatat(AT_FDCWD, "./61/binderfs", [pid 6512] close(3 [pid 6514] <... write resumed>) = 131072 [pid 6513] munmap(0x7fbb60600000, 138412032 [pid 6512] <... close resumed>) = 0 [pid 6511] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6513] <... munmap resumed>) = 0 [pid 6514] munmap(0x7fbb60600000, 138412032 [pid 6512] symlink("/dev/binderfs", "./binderfs" [ 119.726030][ T6511] loop4: detected capacity change from 0 to 256 [pid 6511] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""executing program [pid 5820] unlink("./61/binderfs" [pid 6512] <... symlink resumed>) = 0 [pid 6513] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6513] ioctl(4, LOOP_SET_FD, 3 [pid 6514] <... munmap resumed>) = 0 [pid 6512] write(1, "executing program\n", 18 [pid 5820] <... unlink resumed>) = 0 [pid 6512] <... write resumed>) = 18 [pid 6512] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(3, [pid 6512] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6512] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] close(3 [pid 6512] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 6514] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6514] ioctl(4, LOOP_SET_FD, 3 [pid 6512] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6513] <... ioctl resumed>) = 0 [pid 6512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] rmdir("./61" [pid 6513] close(3) = 0 [pid 6513] close(4 [pid 5820] <... rmdir resumed>) = 0 [pid 6513] <... close resumed>) = 0 [pid 6513] mkdir("./file2", 0777 [pid 5820] mkdir("./62", 0777 [pid 6514] <... ioctl resumed>) = 0 [pid 6513] <... mkdir resumed>) = 0 [pid 6512] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6514] close(3 [pid 6513] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6512] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... openat resumed>) = 3 [ 119.770337][ T6513] loop1: detected capacity change from 0 to 256 [ 119.780845][ T6514] loop3: detected capacity change from 0 to 256 [ 119.788110][ T6511] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6514] <... close resumed>) = 0 [pid 6512] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6514] close(4 [pid 6512] <... mprotect resumed>) = 0 [pid 6514] <... close resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 6514] mkdir("./file2", 0777 [pid 6512] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] close(3 [pid 6514] <... mkdir resumed>) = 0 [pid 6512] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6511] <... mount resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6514] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6512] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6511] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [ 119.812683][ T6511] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6511] <... openat resumed>) = 3 [pid 6512] <... clone3 resumed> => {parent_tid=[6517]}, 88) = 6517 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6516 ./strace-static-x86_64: Process 6517 attached ./strace-static-x86_64: Process 6516 attached [pid 6512] rt_sigprocmask(SIG_SETMASK, [], [pid 6511] chdir("./file2" [pid 6517] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6516] set_robust_list(0x55555eedf6a0, 24 [pid 6512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6511] <... chdir resumed>) = 0 [pid 6517] <... rseq resumed>) = 0 [pid 6516] <... set_robust_list resumed>) = 0 [pid 6512] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6511] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6517] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6516] chdir("./62" [pid 6512] <... futex resumed>) = 0 [pid 6511] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6517] rt_sigprocmask(SIG_SETMASK, [], [pid 6516] <... chdir resumed>) = 0 [pid 6512] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6511] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6511] <... futex resumed>) = 1 [pid 6508] <... futex resumed>) = 0 [pid 6517] memfd_create("syzkaller", 0 [pid 6516] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6511] mkdir("./file3", 0777 [pid 6508] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6517] <... memfd_create resumed>) = 3 [pid 6508] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6516] <... prctl resumed>) = 0 [pid 6517] <... mmap resumed>) = 0x7fbb60600000 [pid 6516] setpgid(0, 0 [pid 6517] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6516] <... setpgid resumed>) = 0 [ 119.855936][ T6513] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.875550][ T6514] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 119.888195][ T6511] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6517] <... write resumed>) = 131072 [pid 6516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6517] munmap(0x7fbb60600000, 138412032 [pid 6516] <... openat resumed>) = 3 [pid 6516] write(3, "1000", 4 [pid 6517] <... munmap resumed>) = 0 [pid 6516] <... write resumed>) = 4 [pid 6517] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6516] close(3 [pid 6511] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6517] <... openat resumed>) = 4 [pid 6516] <... close resumed>) = 0 [pid 6511] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6508] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6508] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] <... mount resumed>) = 0 [pid 6508] <... futex resumed>) = 0 [pid 6508] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6514] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6508] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6517] ioctl(4, LOOP_SET_FD, 3 [pid 6516] symlink("/dev/binderfs", "./binderfs" [pid 6514] <... openat resumed>) = 3 [pid 6514] chdir("./file2" [pid 6513] <... mount resumed>) = 0 [pid 6514] <... chdir resumed>) = 0 [pid 6517] <... ioctl resumed>) = 0 [pid 6516] <... symlink resumed>) = 0 [pid 6513] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6511] +++ killed by SIGSEGV +++ [pid 6508] +++ killed by SIGSEGV +++ [pid 6517] close(3) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6508, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6517] close(4 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6514] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6513] <... openat resumed>) = 3 [pid 6514] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 6516] write(1, "executing program\n", 18 [pid 6514] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6513] chdir("./file2" [pid 6516] <... write resumed>) = 18 [pid 6514] <... futex resumed>) = 1 [pid 6513] <... chdir resumed>) = 0 [pid 6517] <... close resumed>) = 0 [pid 6516] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6514] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6513] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6509] <... futex resumed>) = 0 [pid 6517] mkdir("./file2", 0777 [pid 6516] <... futex resumed>) = 0 [pid 6509] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6516] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6513] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6516] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6517] <... mkdir resumed>) = 0 [pid 6516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6514] <... futex resumed>) = 0 [pid 6509] <... futex resumed>) = 1 [pid 6516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6514] mkdir("./file3", 0777 [ 119.910272][ T6511] exFAT-fs (loop4): Filesystem has been set read-only [ 119.921426][ T6513] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 119.926972][ T6514] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 119.942583][ T6517] loop0: detected capacity change from 0 to 256 [pid 6513] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6509] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6517] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6513] <... futex resumed>) = 1 [pid 6510] <... futex resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 6516] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6513] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6516] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6518]}, 88) = 6518 [pid 6516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6516] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6516] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6518 attached [pid 6510] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6518] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6510] <... futex resumed>) = 1 [pid 6513] <... futex resumed>) = 0 [pid 6513] mkdir("./file3", 0777 [pid 6510] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6518] <... rseq resumed>) = 0 [pid 6518] set_robust_list(0x7fbb68bde9a0, 24 [pid 5822] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6518] <... set_robust_list resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6518] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6518] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6518] memfd_create("syzkaller", 0 [pid 5822] newfstatat(3, "", [pid 6518] <... memfd_create resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6518] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] getdents64(3, [pid 6518] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 119.966847][ T6514] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.983297][ T6513] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 119.987252][ T6517] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.005889][ T6513] exFAT-fs (loop1): Filesystem has been set read-only [pid 6518] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5822] <... umount2 resumed>) = 0 [pid 6518] munmap(0x7fbb60600000, 138412032 [pid 5822] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6518] <... munmap resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6518] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] newfstatat(AT_FDCWD, "./62/file2", [pid 6518] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6513] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6518] ioctl(4, LOOP_SET_FD, 3 [pid 6517] <... mount resumed>) = 0 [pid 6514] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6513] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6510] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6509] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6517] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6514] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6509] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6518] <... ioctl resumed>) = 0 [pid 6517] <... openat resumed>) = 3 [pid 6518] close(3) = 0 [pid 6518] close(4) = 0 [pid 6518] mkdir("./file2", 0777 [pid 6517] chdir("./file2" [pid 6513] +++ killed by SIGSEGV +++ [pid 6510] +++ killed by SIGSEGV +++ [pid 6509] <... futex resumed>) = ? [pid 5822] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6518] <... mkdir resumed>) = 0 [pid 6517] <... chdir resumed>) = 0 [pid 6518] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6517] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... openat resumed>) = 4 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6510, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6517] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... restart_syscall resumed>) = 0 [pid 6517] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6512] <... futex resumed>) = 0 [pid 6517] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6512] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6517] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6512] <... futex resumed>) = 0 [pid 5819] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6517] mkdir("./file3", 0777 [pid 6514] +++ killed by SIGSEGV +++ [pid 6512] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6509] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.006775][ T6514] exFAT-fs (loop3): Filesystem has been set read-only [ 120.025645][ T6517] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.038023][ T6518] loop2: detected capacity change from 0 to 256 [pid 5819] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(4, "", [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6509, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] newfstatat(3, "", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, [pid 5819] getdents64(3, [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./62/file2") = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./63/file2", [pid 5821] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(3, "", [pid 5819] newfstatat(4, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(3, [pid 5819] getdents64(4, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] newfstatat(AT_FDCWD, "./62/binderfs", [pid 5821] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5822] unlink("./62/binderfs" [pid 5819] rmdir("./63/file2" [pid 6517] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6517] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6512] <... futex resumed>) = ? [pid 5821] <... umount2 resumed>) = 0 [pid 6517] +++ killed by SIGSEGV +++ [pid 5819] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./62") = 0 [pid 5822] mkdir("./63", 0777) = 0 [pid 6512] +++ killed by SIGSEGV +++ [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6512, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3 [pid 6518] <... mount resumed>) = 0 [pid 5821] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./63/binderfs", [pid 6518] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6518] <... openat resumed>) = 3 [pid 5821] newfstatat(AT_FDCWD, "./64/file2", [pid 5819] unlink("./63/binderfs" [pid 5818] umount2("./60", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6518] chdir("./file2" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6518] <... chdir resumed>) = 0 [pid 5821] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 5818] openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6518] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6518] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] close(3 [pid 5818] newfstatat(3, "", [pid 6518] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 4 [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6518] <... futex resumed>) = 1 [pid 5821] newfstatat(4, "", [pid 5819] rmdir("./63" [pid 5818] getdents64(3, [pid 6518] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(4, [pid 5819] mkdir("./64", 0777 [pid 5818] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... mkdir resumed>) = 0 [pid 5821] getdents64(4, [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5821] close(4 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5821] <... close resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5821] rmdir("./64/file2" [pid 5819] close(3./strace-static-x86_64: Process 6519 attached [pid 6516] <... futex resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6519] set_robust_list(0x55555eedf6a0, 24 [pid 6516] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6519 [pid 5821] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6520 attached [pid 6519] <... set_robust_list resumed>) = 0 [pid 6518] <... futex resumed>) = 0 [pid 6516] <... futex resumed>) = 1 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 120.062071][ T6517] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.072098][ T6517] exFAT-fs (loop0): Filesystem has been set read-only [ 120.082312][ T6518] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.095703][ T6518] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6520] set_robust_list(0x55555eedf6a0, 24 [pid 6518] mkdir("./file3", 0777 [pid 6516] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6519] chdir("./63" [pid 5821] newfstatat(AT_FDCWD, "./64/binderfs", [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6520 [pid 5818] newfstatat(AT_FDCWD, "./60/file2", [pid 6520] <... set_robust_list resumed>) = 0 [pid 6519] <... chdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6519] setpgid(0, 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6519] <... setpgid resumed>) = 0 [pid 5821] unlink("./64/binderfs" [pid 5818] umount2("./60/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... unlink resumed>) = 0 [pid 5821] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6519] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] openat(AT_FDCWD, "./60/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6519] write(3, "1000", 4 [pid 6520] chdir("./64" [pid 6519] <... write resumed>) = 4 [pid 5821] close(3 [pid 5818] <... openat resumed>) = 4 [pid 6520] <... chdir resumed>) = 0 [pid 6519] close(3 [pid 5821] <... close resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6519] <... close resumed>) = 0 [pid 6520] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6519] symlink("/dev/binderfs", "./binderfs" [pid 5821] rmdir("./64" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6520] <... prctl resumed>) = 0 [pid 6519] <... symlink resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6520] setpgid(0, 0 [pid 5821] mkdir("./65", 0777 [pid 6520] <... setpgid resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 6520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6520] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 6520] write(3, "1000", 4 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5818] getdents64(4, [pid 6520] <... write resumed>) = 4 [pid 6519] write(1, "executing program\n", 18 [pid 5821] <... ioctl resumed>) = 0 executing program [pid 6520] close(3 [pid 5821] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6520] <... close resumed>) = 0 [pid 6519] <... write resumed>) = 18 [pid 5821] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 6520] symlink("/dev/binderfs", "./binderfs" [pid 6519] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6520] <... symlink resumed>) = 0 executing program [pid 6519] <... futex resumed>) = 0 [pid 6520] write(1, "executing program\n", 18 [pid 5818] close(4 [pid 6520] <... write resumed>) = 18 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6520] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6519] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... close resumed>) = 0 ./strace-static-x86_64: Process 6521 attached [pid 6520] <... futex resumed>) = 0 [pid 6521] set_robust_list(0x55555eedf6a0, 24 [pid 6520] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6519] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] rmdir("./60/file2" [pid 6521] <... set_robust_list resumed>) = 0 [pid 6520] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6521] chdir("./65" [pid 6520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6521] <... chdir resumed>) = 0 [pid 6520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6521] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6521] <... prctl resumed>) = 0 [pid 6520] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6521] setpgid(0, 0 [pid 6520] <... mprotect resumed>) = 0 [pid 6519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] <... rmdir resumed>) = 0 [pid 6521] <... setpgid resumed>) = 0 [pid 6520] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6521] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6520] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6521] <... openat resumed>) = 3 [pid 6520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6522 attached [pid 6521] write(3, "1000", 4 [pid 6519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6521] <... write resumed>) = 4 [pid 6520] <... clone3 resumed> => {parent_tid=[6522]}, 88) = 6522 [pid 6521] close(3 [pid 6520] rt_sigprocmask(SIG_SETMASK, [], [pid 6519] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6521 [pid 6522] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6521] <... close resumed>) = 0 [pid 6520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6519] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6518] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] umount2("./60/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6522] <... rseq resumed>) = 0 [pid 6521] symlink("/dev/binderfs", "./binderfs" [pid 6520] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] set_robust_list(0x7fbb68bde9a0, 24 [pid 6521] <... symlink resumed>) = 0 [pid 6520] <... futex resumed>) = 0 [pid 6519] <... mprotect resumed>) = 0 [pid 6518] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6516] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) executing program [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6522] <... set_robust_list resumed>) = 0 [pid 6520] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6522] rt_sigprocmask(SIG_SETMASK, [], [pid 6521] write(1, "executing program\n", 18 [pid 6519] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] newfstatat(AT_FDCWD, "./60/binderfs", [pid 6522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6521] <... write resumed>) = 18 [pid 6521] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6522] memfd_create("syzkaller", 0 [pid 6521] <... futex resumed>) = 0 [pid 5818] unlink("./60/binderfs" [pid 6522] <... memfd_create resumed>) = 3 [pid 6521] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6521] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6521] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6521] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6522] <... mmap resumed>) = 0x7fbb60600000 [pid 6521] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6519] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] getdents64(3, [pid 6521] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6521] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6522] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6518] +++ killed by SIGSEGV +++ [pid 6516] +++ killed by SIGSEGV +++ [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6523 attached [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6516, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6519] <... clone3 resumed> => {parent_tid=[6523]}, 88) = 6523 [ 120.132517][ T6518] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.158836][ T6518] exFAT-fs (loop2): Filesystem has been set read-only [pid 5820] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3 [pid 6523] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6522] <... write resumed>) = 131072 [pid 6521] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6519] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6523] <... rseq resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [pid 6523] set_robust_list(0x7fbb68bde9a0, 24 [pid 5820] <... openat resumed>) = 3 [pid 5818] rmdir("./60"./strace-static-x86_64: Process 6524 attached [pid 6523] <... set_robust_list resumed>) = 0 [pid 6519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(3, "", [pid 6524] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6522] munmap(0x7fbb60600000, 138412032 [pid 6521] <... clone3 resumed> => {parent_tid=[6524]}, 88) = 6524 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6524] <... rseq resumed>) = 0 [pid 6523] rt_sigprocmask(SIG_SETMASK, [], [pid 6522] <... munmap resumed>) = 0 [pid 6521] rt_sigprocmask(SIG_SETMASK, [], [pid 6519] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(3, [pid 6524] set_robust_list(0x7fbb68bde9a0, 24 [pid 6523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6521] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6524] <... set_robust_list resumed>) = 0 [pid 6521] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6524] rt_sigprocmask(SIG_SETMASK, [], [pid 6522] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6521] <... futex resumed>) = 0 [pid 6519] <... futex resumed>) = 0 [pid 6524] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6523] memfd_create("syzkaller", 0 [pid 6522] <... openat resumed>) = 4 [pid 6521] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6524] memfd_create("syzkaller", 0 [pid 6522] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... umount2 resumed>) = 0 [pid 6523] <... memfd_create resumed>) = 3 [pid 6519] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6524] <... memfd_create resumed>) = 3 [pid 6523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6524] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6523] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] mkdir("./61", 0777 [pid 6524] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6523] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] newfstatat(AT_FDCWD, "./62/file2", [pid 6524] <... write resumed>) = 131072 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6523] <... write resumed>) = 131072 [pid 6524] munmap(0x7fbb60600000, 138412032) = 0 [pid 6523] munmap(0x7fbb60600000, 138412032 [pid 5820] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6524] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6524] <... openat resumed>) = 4 [pid 5818] <... openat resumed>) = 3 [pid 6524] ioctl(4, LOOP_SET_FD, 3 [pid 6523] <... munmap resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6523] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6522] <... ioctl resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5818] <... ioctl resumed>) = 0 [pid 6523] <... openat resumed>) = 4 [pid 6522] close(3 [pid 5820] newfstatat(4, "", [pid 5818] close(3 [pid 6524] <... ioctl resumed>) = 0 [pid 6523] ioctl(4, LOOP_SET_FD, 3 [pid 6522] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6524] close(3) = 0 [pid 5820] getdents64(4, [pid 5818] <... close resumed>) = 0 [pid 6524] close(4 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6524] <... close resumed>) = 0 [pid 6524] mkdir("./file2", 0777 [pid 6522] close(4 [pid 5820] getdents64(4, [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6524] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6525 attached [pid 6523] <... ioctl resumed>) = 0 [pid 6522] <... close resumed>) = 0 [pid 5820] close(4 [pid 6525] set_robust_list(0x55555eedf6a0, 24 [pid 6523] close(3 [pid 6522] mkdir("./file2", 0777 [pid 5820] <... close resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6525 [pid 6525] <... set_robust_list resumed>) = 0 [pid 6523] <... close resumed>) = 0 [pid 5820] rmdir("./62/file2" [ 120.227030][ T6522] loop1: detected capacity change from 0 to 256 [ 120.243341][ T6524] loop3: detected capacity change from 0 to 256 [ 120.260013][ T6523] loop4: detected capacity change from 0 to 256 [pid 6524] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6525] chdir("./61" [pid 6523] close(4 [pid 6522] <... mkdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6525] <... chdir resumed>) = 0 [pid 6523] <... close resumed>) = 0 [pid 6522] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6525] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6523] mkdir("./file2", 0777 [pid 6525] <... prctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6525] setpgid(0, 0 [pid 6523] <... mkdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./62/binderfs", [pid 6525] <... setpgid resumed>) = 0 [pid 6523] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] unlink("./62/binderfs" [pid 6525] <... openat resumed>) = 3 [pid 5820] <... unlink resumed>) = 0 [pid 6525] write(3, "1000", 4 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6525] <... write resumed>) = 4 [pid 6525] close(3 [pid 5820] close(3 [pid 6525] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6525] symlink("/dev/binderfs", "./binderfs" [pid 5820] rmdir("./62") = 0 [pid 5820] mkdir("./63", 0777executing program [pid 6525] <... symlink resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 6525] write(1, "executing program\n", 18 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6525] <... write resumed>) = 18 [pid 6525] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 3 [pid 6525] <... futex resumed>) = 0 [pid 6525] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6525] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... ioctl resumed>) = 0 [pid 6525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] close(3 [pid 6525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6525] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6525] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... close resumed>) = 0 [pid 6525] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6526 attached => {parent_tid=[6526]}, 88) = 6526 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6527 attached [pid 6525] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6525] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6526] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6527 [pid 6526] <... rseq resumed>) = 0 [pid 6526] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6526] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6527] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6526] memfd_create("syzkaller", 0 [pid 6527] chdir("./63") = 0 [ 120.305569][ T6524] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.344001][ T6524] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6527] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6527] setpgid(0, 0) = 0 [pid 6527] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6527] write(3, "1000", 4executing program ) = 4 [pid 6527] close(3) = 0 [pid 6527] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6527] write(1, "executing program\n", 18) = 18 [pid 6527] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6527] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6527] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6527] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6527] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6527] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6527] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6528 attached [pid 6528] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6527] <... clone3 resumed> => {parent_tid=[6528]}, 88) = 6528 [pid 6528] set_robust_list(0x7fbb68bde9a0, 24 [pid 6527] rt_sigprocmask(SIG_SETMASK, [], [pid 6528] <... set_robust_list resumed>) = 0 [pid 6527] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6528] rt_sigprocmask(SIG_SETMASK, [], [pid 6527] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6527] <... futex resumed>) = 0 [pid 6528] memfd_create("syzkaller", 0 [pid 6527] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6524] <... mount resumed>) = 0 [pid 6524] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6528] <... memfd_create resumed>) = 3 [pid 6526] <... memfd_create resumed>) = 3 [pid 6524] <... openat resumed>) = 3 [pid 6528] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6524] chdir("./file2" [pid 6526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6528] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6526] <... mmap resumed>) = 0x7fbb60600000 [pid 6524] <... chdir resumed>) = 0 [pid 6524] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6524] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6526] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6524] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6521] <... futex resumed>) = 0 [ 120.364750][ T6522] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.393808][ T6523] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.394826][ T6524] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6528] <... write resumed>) = 131072 [pid 6526] <... write resumed>) = 131072 [pid 6521] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6524] <... futex resumed>) = 0 [pid 6521] <... futex resumed>) = 1 [pid 6526] munmap(0x7fbb60600000, 138412032 [pid 6524] mkdir("./file3", 0777 [pid 6521] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... munmap resumed>) = 0 [pid 6528] munmap(0x7fbb60600000, 138412032) = 0 [pid 6528] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6528] ioctl(4, LOOP_SET_FD, 3 [pid 6526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6528] <... ioctl resumed>) = 0 [pid 6528] close(3) = 0 [pid 6528] close(4) = 0 [pid 6526] ioctl(4, LOOP_SET_FD, 3 [pid 6528] mkdir("./file2", 0777) = 0 [pid 6528] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6526] <... ioctl resumed>) = 0 [pid 6524] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6523] <... mount resumed>) = 0 [pid 6526] close(3 [pid 6523] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6522] <... mount resumed>) = 0 [pid 6526] <... close resumed>) = 0 [pid 6524] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6523] <... openat resumed>) = 3 [ 120.408557][ T6522] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.423436][ T6528] loop2: detected capacity change from 0 to 256 [ 120.433478][ T6523] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.435118][ T6524] exFAT-fs (loop3): Filesystem has been set read-only [ 120.457844][ T6526] loop0: detected capacity change from 0 to 256 [pid 6522] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6526] close(4 [pid 6523] chdir("./file2" [pid 6522] <... openat resumed>) = 3 [pid 6521] <... futex resumed>) = ? [pid 6523] <... chdir resumed>) = 0 [pid 6522] chdir("./file2" [pid 6523] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6522] <... chdir resumed>) = 0 [pid 6523] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6522] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6523] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6523] <... futex resumed>) = 1 [pid 6522] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6523] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6522] <... futex resumed>) = 1 [pid 6520] <... futex resumed>) = 0 [pid 6522] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6520] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6520] <... futex resumed>) = 0 [pid 6522] mkdir("./file3", 0777 [pid 6520] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... close resumed>) = 0 [pid 6519] <... futex resumed>) = 0 [pid 6526] mkdir("./file2", 0777 [pid 6519] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... mkdir resumed>) = 0 [pid 6524] +++ killed by SIGSEGV +++ [pid 6523] <... futex resumed>) = 0 [pid 6521] +++ killed by SIGSEGV +++ [pid 6519] <... futex resumed>) = 1 [pid 6523] mkdir("./file3", 0777 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6521, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5821] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6526] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6519] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 120.473986][ T6528] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.480991][ T6522] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.497163][ T6522] exFAT-fs (loop1): Filesystem has been set read-only [ 120.507514][ T6528] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] newfstatat(AT_FDCWD, "./65/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6522] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6522] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6520] <... futex resumed>) = ? [pid 6523] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6523] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6522] +++ killed by SIGSEGV +++ [pid 6520] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6520, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6528] <... mount resumed>) = 0 [pid 6519] <... futex resumed>) = ? [pid 5819] <... restart_syscall resumed>) = 0 [pid 6523] +++ killed by SIGSEGV +++ [pid 6528] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6526] <... mount resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5819] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6528] <... openat resumed>) = 3 [pid 6526] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6519] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(4, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6528] chdir("./file2" [pid 6526] <... openat resumed>) = 3 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6519, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6528] <... chdir resumed>) = 0 [pid 6526] chdir("./file2" [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] getdents64(4, [pid 6528] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6526] <... chdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6528] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6526] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] getdents64(4, [pid 5819] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6528] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] close(4 [pid 5819] newfstatat(3, "", [pid 6528] <... futex resumed>) = 1 [pid 6527] <... futex resumed>) = 0 [pid 6528] mkdir("./file3", 0777 [pid 6527] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6526] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6527] <... futex resumed>) = 0 [pid 5821] rmdir("./65/file2" [pid 6527] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6525] <... futex resumed>) = 0 [pid 6525] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.523441][ T6523] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.527564][ T6526] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.544862][ T6523] exFAT-fs (loop4): Filesystem has been set read-only [ 120.554054][ T6526] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6525] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6526] <... futex resumed>) = 1 [pid 6528] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] getdents64(3, [pid 6526] mkdir("./file3", 0777 [pid 6528] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./65/binderfs", [pid 6528] +++ killed by SIGSEGV +++ [pid 6527] <... futex resumed>) = ? [pid 5822] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6526] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... openat resumed>) = 3 [pid 6526] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6525] <... futex resumed>) = ? [pid 6527] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(3, "", [pid 5821] unlink("./65/binderfs" [pid 5819] <... umount2 resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6526] +++ killed by SIGSEGV +++ [pid 6525] +++ killed by SIGSEGV +++ [pid 5822] getdents64(3, [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6527, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] close(3) = 0 [pid 5819] newfstatat(AT_FDCWD, "./64/file2", [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6525, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] rmdir("./65" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./61", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = 0 [pid 5822] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5819] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./63/file2", [pid 5821] mkdir("./66", 0777 [pid 5819] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5822] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(4, "", [pid 5818] <... openat resumed>) = 3 [pid 5821] <... mkdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(3, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 5822] <... openat resumed>) = 4 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(3, [pid 5822] newfstatat(4, "", [pid 5821] <... ioctl resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] close(3 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, [pid 5818] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [ 120.572798][ T6528] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.581964][ T6528] exFAT-fs (loop2): Filesystem has been set read-only [ 120.591323][ T6526] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.600436][ T6526] exFAT-fs (loop0): Filesystem has been set read-only [pid 5819] rmdir("./64/file2") = 0 [pid 5819] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(4, [pid 5821] <... close resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5818] <... umount2 resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] newfstatat(AT_FDCWD, "./64/binderfs", [pid 5822] getdents64(4, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./64/binderfs"./strace-static-x86_64: Process 6529 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./61/file2", [pid 5822] close(4 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6529 [pid 5820] getdents64(3, [pid 6529] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6529] <... set_robust_list resumed>) = 0 [pid 5822] rmdir("./63/file2" [pid 5820] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./61/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./64" [pid 5822] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./61/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6529] chdir("./66" [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 6529] <... chdir resumed>) = 0 [pid 5822] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = 0 [pid 5819] mkdir("./65", 0777 [pid 5818] newfstatat(4, "", [pid 6529] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6529] <... prctl resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./63/binderfs", [pid 6529] setpgid(0, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6529] <... setpgid resumed>) = 0 [pid 5822] unlink("./63/binderfs" [pid 5818] getdents64(4, [pid 6529] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... unlink resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./63/file2", [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6529] <... openat resumed>) = 3 [pid 5822] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] getdents64(4, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6529] write(3, "1000", 4 [pid 5822] close(3 [pid 5820] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6529] <... write resumed>) = 4 [pid 5822] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(4 [pid 6529] close(3 [pid 5822] rmdir("./63" [pid 5820] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6529] <... close resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... close resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 5818] rmdir("./61/file2" [pid 6529] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5818] <... rmdir resumed>) = 0 [pid 6529] <... symlink resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5822] mkdir("./64", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 5822] <... mkdir resumed>) = 0 [pid 6529] write(1, "executing program\n", 18 [pid 5820] getdents64(4, [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./61/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6529] <... write resumed>) = 18 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6529] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] getdents64(4, [pid 5818] newfstatat(AT_FDCWD, "./61/binderfs", [pid 6529] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6529] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] close(4 [pid 5818] unlink("./61/binderfs"./strace-static-x86_64: Process 6530 attached [pid 6529] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] <... close resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6530] set_robust_list(0x55555eedf6a0, 24 [pid 6529] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... ioctl resumed>) = 0 [pid 5820] rmdir("./63/file2" [pid 5818] getdents64(3, [pid 6530] <... set_robust_list resumed>) = 0 [pid 6529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6530] chdir("./65" [pid 6529] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6530 [pid 6530] <... chdir resumed>) = 0 [pid 6529] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] close(3 [pid 6530] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6529] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... close resumed>) = 0 [pid 5820] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 6529] <... mprotect resumed>) = 0 [pid 5818] rmdir("./61" [pid 6530] <... prctl resumed>) = 0 [pid 6529] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... rmdir resumed>) = 0 [pid 6530] setpgid(0, 0 [pid 5820] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5818] mkdir("./62", 0777 [pid 6530] <... setpgid resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6530] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... mkdir resumed>) = 0 [pid 6530] <... openat resumed>) = 3 [pid 6529] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] unlink("./63/binderfs" [pid 6530] write(3, "1000", 4 [pid 6529] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6531 attached [pid 6530] <... write resumed>) = 4 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR./strace-static-x86_64: Process 6532 attached [pid 5820] getdents64(3, [pid 5818] <... openat resumed>) = 3 [pid 6532] set_robust_list(0x55555eedf6a0, 24 [pid 6529] <... clone3 resumed> => {parent_tid=[6531]}, 88) = 6531 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6529] rt_sigprocmask(SIG_SETMASK, [], [pid 6532] <... set_robust_list resumed>) = 0 [pid 6529] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] close(3 [pid 5818] <... ioctl resumed>) = 0 [pid 6532] chdir("./64" [pid 6529] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... close resumed>) = 0 [pid 5818] close(3 [pid 6532] <... chdir resumed>) = 0 [pid 6529] <... futex resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6532 [pid 5820] rmdir("./63" [pid 5818] <... close resumed>) = 0 [pid 6532] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6529] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... rmdir resumed>) = 0 [pid 6532] <... prctl resumed>) = 0 [pid 6530] close(3 [pid 6532] setpgid(0, 0 [pid 6530] <... close resumed>) = 0 [pid 5820] mkdir("./64", 0777 [pid 6532] <... setpgid resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 6532] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6531] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6530] symlink("/dev/binderfs", "./binderfs" [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6531] <... rseq resumed>) = 0 [pid 6530] <... symlink resumed>) = 0 [pid 6532] write(3, "1000", 4 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6532] <... write resumed>) = 4 [pid 5820] <... ioctl resumed>) = 0 [pid 6532] close(3 [pid 5820] close(3 [pid 6532] <... close resumed>) = 0 executing program [pid 6531] set_robust_list(0x7fbb68bde9a0, 24 [pid 5820] <... close resumed>) = 0 [pid 6532] symlink("/dev/binderfs", "./binderfs" [pid 6531] <... set_robust_list resumed>) = 0 [pid 6530] write(1, "executing program\n", 18./strace-static-x86_64: Process 6534 attached [pid 6532] <... symlink resumed>) = 0 [pid 6531] rt_sigprocmask(SIG_SETMASK, [], [pid 6530] <... write resumed>) = 18 [pid 6531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6530] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] memfd_create("syzkaller", 0executing program [pid 6530] <... futex resumed>) = 0 [pid 6534] set_robust_list(0x55555eedf6a0, 24 [pid 6532] write(1, "executing program\n", 18 [pid 6531] <... memfd_create resumed>) = 3 [pid 6530] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6534 [pid 6534] <... set_robust_list resumed>) = 0 [pid 6532] <... write resumed>) = 18 [pid 6531] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6530] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6535 attached [pid 6534] chdir("./62" [pid 6532] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6530] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6535] set_robust_list(0x55555eedf6a0, 24 [pid 6532] <... futex resumed>) = 0 [pid 6535] <... set_robust_list resumed>) = 0 [pid 6534] <... chdir resumed>) = 0 [pid 6532] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6535] chdir("./64" [pid 6534] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6532] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6534] <... prctl resumed>) = 0 [pid 6532] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6535] <... chdir resumed>) = 0 [pid 6534] setpgid(0, 0 [pid 6532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6534] <... setpgid resumed>) = 0 [pid 6532] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6535] <... prctl resumed>) = 0 [pid 6534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6532] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6535] setpgid(0, 0) = 0 [pid 6532] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6535 [pid 6535] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6534] <... openat resumed>) = 3 [pid 6532] <... mprotect resumed>) = 0 [pid 6530] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6532] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6530] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6535] <... openat resumed>) = 3 [pid 6534] write(3, "1000", 4 [pid 6531] <... mmap resumed>) = 0x7fbb60600000 [pid 6534] <... write resumed>) = 4 [pid 6532] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6535] write(3, "1000", 4 [pid 6534] close(3 [pid 6532] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6535] <... write resumed>) = 4 [pid 6534] <... close resumed>) = 0 [pid 6531] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6530] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6535] close(3 [pid 6534] symlink("/dev/binderfs", "./binderfs" [pid 6532] <... clone3 resumed> => {parent_tid=[6536]}, 88) = 6536 ./strace-static-x86_64: Process 6536 attached [pid 6535] <... close resumed>) = 0 [pid 6534] <... symlink resumed>) = 0 [pid 6531] <... write resumed>) = 131072 [pid 6530] <... mprotect resumed>) = 0 [pid 6535] symlink("/dev/binderfs", "./binderfs" [pid 6532] rt_sigprocmask(SIG_SETMASK, [], [pid 6530] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6536] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6535] <... symlink resumed>) = 0 [pid 6534] write(1, "executing program\n", 18 [pid 6532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6530] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6531] munmap(0x7fbb60600000, 138412032 [pid 6536] <... rseq resumed>) = 0 [pid 6530] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}executing program ./strace-static-x86_64: Process 6537 attached [pid 6536] set_robust_list(0x7fbb68bde9a0, 24 [pid 6535] write(1, "executing program\n", 18 [pid 6534] <... write resumed>) = 18 executing program [pid 6532] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6531] <... munmap resumed>) = 0 [pid 6537] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6536] <... set_robust_list resumed>) = 0 [pid 6535] <... write resumed>) = 18 [pid 6534] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6532] <... futex resumed>) = 0 [pid 6530] <... clone3 resumed> => {parent_tid=[6537]}, 88) = 6537 [pid 6537] <... rseq resumed>) = 0 [pid 6536] rt_sigprocmask(SIG_SETMASK, [], [pid 6535] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 6532] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6531] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6530] rt_sigprocmask(SIG_SETMASK, [], [pid 6537] set_robust_list(0x7fbb68bde9a0, 24 [pid 6536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] <... futex resumed>) = 0 [pid 6534] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6530] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6537] <... set_robust_list resumed>) = 0 [pid 6535] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6534] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6531] <... openat resumed>) = 4 [pid 6536] memfd_create("syzkaller", 0 [pid 6530] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6537] rt_sigprocmask(SIG_SETMASK, [], [pid 6535] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6535] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6530] <... futex resumed>) = 0 [pid 6535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6530] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6534] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6531] ioctl(4, LOOP_SET_FD, 3 [pid 6537] memfd_create("syzkaller", 0 [pid 6536] <... memfd_create resumed>) = 3 [pid 6535] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6534] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6535] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6534] <... mprotect resumed>) = 0 [pid 6535] <... mprotect resumed>) = 0 [pid 6534] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6534] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6538 attached [pid 6535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6539 attached [pid 6538] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6539] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6538] set_robust_list(0x7fbb68bde9a0, 24 [pid 6539] <... rseq resumed>) = 0 [pid 6538] <... set_robust_list resumed>) = 0 [pid 6539] set_robust_list(0x7fbb68bde9a0, 24 [pid 6538] rt_sigprocmask(SIG_SETMASK, [], [pid 6535] <... clone3 resumed> => {parent_tid=[6539]}, 88) = 6539 [pid 6534] <... clone3 resumed> => {parent_tid=[6538]}, 88) = 6538 [pid 6539] <... set_robust_list resumed>) = 0 [pid 6538] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6537] <... memfd_create resumed>) = 3 [pid 6536] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6535] rt_sigprocmask(SIG_SETMASK, [], [pid 6534] rt_sigprocmask(SIG_SETMASK, [], [pid 6539] rt_sigprocmask(SIG_SETMASK, [], [pid 6538] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6535] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6534] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6531] <... ioctl resumed>) = 0 [pid 6539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6535] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6539] memfd_create("syzkaller", 0 [pid 6538] <... futex resumed>) = 0 [pid 6535] <... futex resumed>) = 0 [pid 6534] <... futex resumed>) = 1 [pid 6538] memfd_create("syzkaller", 0 [pid 6535] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6534] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6539] <... memfd_create resumed>) = 3 [pid 6539] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6538] <... memfd_create resumed>) = 3 [pid 6539] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6538] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6536] <... mmap resumed>) = 0x7fbb60600000 [pid 6531] close(3 [pid 6538] <... mmap resumed>) = 0x7fbb60600000 [pid 6537] <... mmap resumed>) = 0x7fbb60600000 [pid 6536] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6531] <... close resumed>) = 0 [pid 6539] <... write resumed>) = 131072 [pid 6538] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6537] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6536] <... write resumed>) = 131072 [pid 6531] close(4) = 0 [pid 6531] mkdir("./file2", 0777) = 0 [pid 6531] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6536] munmap(0x7fbb60600000, 138412032) = 0 [pid 6537] <... write resumed>) = 131072 [pid 6536] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6539] munmap(0x7fbb60600000, 138412032 [pid 6538] <... write resumed>) = 131072 [pid 6539] <... munmap resumed>) = 0 [pid 6538] munmap(0x7fbb60600000, 138412032 [pid 6536] <... openat resumed>) = 4 [ 120.790222][ T6531] loop3: detected capacity change from 0 to 256 [pid 6539] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6538] <... munmap resumed>) = 0 [pid 6539] <... openat resumed>) = 4 [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6539] ioctl(4, LOOP_SET_FD, 3 [pid 6538] <... openat resumed>) = 4 [ 120.837591][ T6531] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.838025][ T6539] loop2: detected capacity change from 0 to 256 [ 120.850877][ T6536] loop4: detected capacity change from 0 to 256 [ 120.868370][ T6537] loop1: detected capacity change from 0 to 256 [ 120.870214][ T6538] loop0: detected capacity change from 0 to 256 [pid 6536] ioctl(4, LOOP_SET_FD, 3 [pid 6537] munmap(0x7fbb60600000, 138412032 [pid 6538] ioctl(4, LOOP_SET_FD, 3 [pid 6537] <... munmap resumed>) = 0 [pid 6537] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6537] close(3 [pid 6536] <... ioctl resumed>) = 0 [pid 6537] <... close resumed>) = 0 [pid 6537] close(4) = 0 [pid 6537] mkdir("./file2", 0777) = 0 [pid 6536] close(3 [pid 6537] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6536] <... close resumed>) = 0 [pid 6539] <... ioctl resumed>) = 0 [pid 6536] close(4) = 0 [pid 6536] mkdir("./file2", 0777 [pid 6539] close(3) = 0 [pid 6536] <... mkdir resumed>) = 0 [pid 6536] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6539] close(4) = 0 [pid 6538] <... ioctl resumed>) = 0 [pid 6539] mkdir("./file2", 0777) = 0 [ 120.875863][ T6531] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6539] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6538] close(3) = 0 [pid 6538] close(4 [pid 6531] <... mount resumed>) = 0 [pid 6531] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6538] <... close resumed>) = 0 [pid 6538] mkdir("./file2", 0777 [pid 6531] <... openat resumed>) = 3 [pid 6531] chdir("./file2") = 0 [pid 6531] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6531] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] <... mkdir resumed>) = 0 [pid 6538] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6531] <... futex resumed>) = 1 [ 120.912629][ T6537] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.917210][ T6538] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 120.937311][ T6537] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.946302][ T6539] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6531] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6529] <... futex resumed>) = 0 [pid 6529] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6531] <... futex resumed>) = 0 [pid 6531] mkdir("./file3", 0777 [pid 6529] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6539] <... mount resumed>) = 0 [pid 6539] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 120.946635][ T6539] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.971582][ T6538] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 120.984438][ T6531] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 120.997415][ T6536] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6539] chdir("./file2" [pid 6538] <... mount resumed>) = 0 [pid 6537] <... mount resumed>) = 0 [pid 6531] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6539] <... chdir resumed>) = 0 [pid 6538] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6537] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6539] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6538] <... openat resumed>) = 3 [pid 6537] <... openat resumed>) = 3 [pid 6531] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6539] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6539] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6538] chdir("./file2" [pid 6537] chdir("./file2" [pid 6529] <... futex resumed>) = ? [pid 6539] <... futex resumed>) = 1 [pid 6538] <... chdir resumed>) = 0 [pid 6537] <... chdir resumed>) = 0 [pid 6535] <... futex resumed>) = 0 [pid 6531] +++ killed by SIGSEGV +++ [pid 6529] +++ killed by SIGSEGV +++ [pid 6539] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6538] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6537] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6535] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6539] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6535] <... futex resumed>) = 0 [pid 6539] mkdir("./file3", 0777 [pid 6538] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6537] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6535] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6538] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6529, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6537] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6534] <... futex resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6538] <... futex resumed>) = 1 [pid 6534] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... restart_syscall resumed>) = 0 [pid 6538] mkdir("./file3", 0777 [pid 6537] <... futex resumed>) = 1 [pid 6530] <... futex resumed>) = 0 [pid 6537] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6534] <... futex resumed>) = 0 [pid 6530] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 120.998701][ T6531] exFAT-fs (loop3): Filesystem has been set read-only [ 121.028495][ T6536] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 121.041452][ T6539] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6534] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6530] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6537] mkdir("./file3", 0777 [pid 6536] <... mount resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6536] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] newfstatat(3, "", [pid 6536] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6536] chdir("./file2" [pid 5821] getdents64(3, [pid 6536] <... chdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6536] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6535] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6535] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6535] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6536] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6535] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5821] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6535] <... mprotect resumed>) = 0 [ 121.061752][ T6538] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.084805][ T6537] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.100700][ T6538] exFAT-fs (loop0): Filesystem has been set read-only [pid 6536] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6535] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6536] <... futex resumed>) = 1 [pid 6536] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6539] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6538] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6537] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6535] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6532] <... futex resumed>) = 0 [pid 6530] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... umount2 resumed>) = 0 [pid 6539] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6538] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6537] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6535] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6534] <... futex resumed>) = ? [pid 6532] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6530] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6540 attached [pid 6536] <... futex resumed>) = 0 [pid 6535] <... clone3 resumed> ) = ? [pid 6532] <... futex resumed>) = 1 [pid 6530] <... futex resumed>) = ? [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6540] +++ killed by SIGSEGV +++ [pid 6539] +++ killed by SIGSEGV +++ [pid 6538] +++ killed by SIGSEGV +++ [pid 6537] +++ killed by SIGSEGV +++ [pid 6536] mkdir("./file3", 0777 [pid 6534] +++ killed by SIGSEGV +++ [pid 6532] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6530] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(AT_FDCWD, "./66/file2", [pid 6535] +++ killed by SIGSEGV +++ [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6535, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6530, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6534, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./66/file2") = 0 [pid 5821] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./66/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./66") = 0 [pid 5818] umount2("./62", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] mkdir("./67", 0777) = 0 [pid 5819] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5818] openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] close(3 [pid 6536] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 6536] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", [pid 6532] <... futex resumed>) = ? [pid 5819] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6541 attached [pid 5819] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = 0 [pid 6541] set_robust_list(0x55555eedf6a0, 24 [pid 5820] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 5818] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6541] <... set_robust_list resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6541 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6541] chdir("./67" [pid 5820] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./62/file2", [pid 6541] <... chdir resumed>) = 0 [pid 6536] +++ killed by SIGSEGV +++ [pid 6532] +++ killed by SIGSEGV +++ [pid 5820] <... openat resumed>) = 3 [pid 5819] newfstatat(AT_FDCWD, "./65/file2", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(3, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./62/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6541] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6532, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6541] <... prctl resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./62/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 4 [pid 6541] setpgid(0, 0 [pid 5820] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 6541] <... setpgid resumed>) = 0 [ 121.106803][ T6539] exFAT-fs (loop2): Filesystem has been set read-only [ 121.107745][ T6537] exFAT-fs (loop1): Filesystem has been set read-only [ 121.139285][ T6536] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.155978][ T6536] exFAT-fs (loop4): Filesystem has been set read-only [pid 6541] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] newfstatat(4, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6541] <... openat resumed>) = 3 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 6541] write(3, "1000", 4 [pid 5820] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] newfstatat(AT_FDCWD, "./64/file2", [pid 5819] getdents64(4, [pid 6541] <... write resumed>) = 4 [pid 5822] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(4, [pid 6541] close(3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(4 [pid 5822] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6541] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./65/file2" [pid 5818] close(4 [pid 6541] symlink("/dev/binderfs", "./binderfs"executing program [pid 5822] newfstatat(3, "", [pid 6541] <... symlink resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5822] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] rmdir("./62/file2" [pid 6541] write(1, "executing program\n", 18 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6541] <... write resumed>) = 18 [pid 6541] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... rmdir resumed>) = 0 [pid 5822] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 4 [pid 5822] newfstatat(AT_FDCWD, "./64/file2", [pid 6541] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] newfstatat(4, "", [pid 5819] newfstatat(AT_FDCWD, "./65/binderfs", [pid 5818] umount2("./62/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6541] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6541] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 5819] unlink("./65/binderfs" [pid 5818] newfstatat(AT_FDCWD, "./62/binderfs", [pid 6541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6541] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6541] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] getdents64(4, [pid 5818] unlink("./62/binderfs" [pid 6541] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... openat resumed>) = 4 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5820] close(4 [pid 5818] <... unlink resumed>) = 0 [pid 6541] <... mprotect resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 6541] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] rmdir("./64/file2" [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(3, [pid 5819] close(3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] close(3 [pid 5819] rmdir("./65" [pid 5818] <... close resumed>) = 0 [pid 5822] getdents64(4, [pid 5819] <... rmdir resumed>) = 0 [pid 5818] rmdir("./62") = 0 [pid 6541] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] mkdir("./66", 0777) = 0 [pid 5818] mkdir("./63", 0777 [pid 6541] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] getdents64(4, [pid 5820] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6542 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... mkdir resumed>) = 0 [pid 5822] close(4 [pid 5820] newfstatat(AT_FDCWD, "./64/binderfs", [pid 6542] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6541] <... clone3 resumed> => {parent_tid=[6542]}, 88) = 6542 [pid 5822] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6542] <... rseq resumed>) = 0 [pid 6541] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] rmdir("./64/file2" [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6542] set_robust_list(0x7fbb68bde9a0, 24 [pid 6541] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] unlink("./64/binderfs" [pid 5819] <... openat resumed>) = 3 [pid 5822] <... rmdir resumed>) = 0 [pid 6541] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... openat resumed>) = 3 [pid 5819] <... ioctl resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] close(3 [pid 6542] <... set_robust_list resumed>) = 0 [pid 6541] <... futex resumed>) = 0 [pid 5822] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(3, [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6542] rt_sigprocmask(SIG_SETMASK, [], [pid 6541] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6542] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] newfstatat(AT_FDCWD, "./64/binderfs", [pid 5820] close(3 [pid 6542] memfd_create("syzkaller", 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6542] <... memfd_create resumed>) = 3 [pid 5820] <... close resumed>) = 0 [pid 5822] unlink("./64/binderfs" [pid 5820] rmdir("./64" [pid 6542] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... unlink resumed>) = 0 [pid 6542] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 6542] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] rmdir("./64" [pid 5820] mkdir("./65", 0777 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] close(3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6542] <... write resumed>) = 131072 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 5822] mkdir("./65", 0777 [pid 5820] <... openat resumed>) = 3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6543 attached [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6543 [pid 5822] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6544 attached [pid 6543] set_robust_list(0x55555eedf6a0, 24 [pid 6542] munmap(0x7fbb60600000, 138412032 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6542] <... munmap resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6544 [pid 6543] <... set_robust_list resumed>) = 0 [pid 6544] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6543] chdir("./66" [pid 5820] close(3 [pid 6544] chdir("./63" [pid 6543] <... chdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6544] <... chdir resumed>) = 0 [pid 6543] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6544] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6543] <... prctl resumed>) = 0 [pid 6544] <... prctl resumed>) = 0 [pid 6543] setpgid(0, 0 [pid 6542] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] <... openat resumed>) = 3 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6544] setpgid(0, 0 [pid 6543] <... setpgid resumed>) = 0 [pid 6542] <... openat resumed>) = 4 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6544] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 6545 attached [pid 6543] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6542] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... ioctl resumed>) = 0 [pid 6545] set_robust_list(0x55555eedf6a0, 24 [pid 6544] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6543] <... openat resumed>) = 3 [pid 5822] close(3 [pid 6543] write(3, "1000", 4 [pid 6545] <... set_robust_list resumed>) = 0 [pid 6544] <... openat resumed>) = 3 [pid 6543] <... write resumed>) = 4 [pid 6545] chdir("./65" [pid 6544] write(3, "1000", 4 [pid 6543] close(3 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6545 [pid 6543] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6544] <... write resumed>) = 4 [pid 6543] symlink("/dev/binderfs", "./binderfs" [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6544] close(3./strace-static-x86_64: Process 6546 attached [pid 6546] set_robust_list(0x55555eedf6a0, 24 [pid 6544] <... close resumed>) = 0 [pid 6543] <... symlink resumed>) = 0 [pid 6546] <... set_robust_list resumed>) = 0 [pid 6544] symlink("/dev/binderfs", "./binderfs"executing program [pid 6543] write(1, "executing program\n", 18 [pid 6546] chdir("./65" [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6546 [pid 6546] <... chdir resumed>) = 0 [pid 6545] <... chdir resumed>) = 0 [pid 6544] <... symlink resumed>) = 0 [pid 6543] <... write resumed>) = 18 [pid 6546] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6545] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6543] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... ioctl resumed>) = 0 [pid 6546] <... prctl resumed>) = 0 executing program [pid 6545] <... prctl resumed>) = 0 [pid 6544] write(1, "executing program\n", 18 [pid 6543] <... futex resumed>) = 0 [pid 6546] setpgid(0, 0 [pid 6545] setpgid(0, 0 [pid 6544] <... write resumed>) = 18 [pid 6543] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6542] close(3 [pid 6546] <... setpgid resumed>) = 0 [pid 6545] <... setpgid resumed>) = 0 [pid 6544] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6542] <... close resumed>) = 0 [pid 6546] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6543] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6542] close(4 [pid 6544] <... futex resumed>) = 0 [pid 6543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6545] <... openat resumed>) = 3 [pid 6544] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6542] <... close resumed>) = 0 [pid 6546] <... openat resumed>) = 3 [pid 6542] mkdir("./file2", 0777) = 0 [pid 6546] write(3, "1000", 4 [pid 6545] write(3, "1000", 4 [pid 6544] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6543] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6544] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6542] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6546] <... write resumed>) = 4 [pid 6546] close(3) = 0 [pid 6546] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6546] write(1, "executing program\n", 18) = 18 [pid 6546] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6546] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6543] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6546] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6543] <... mprotect resumed>) = 0 [pid 6546] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6544] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6546] <... mprotect resumed>) = 0 [pid 6545] <... write resumed>) = 4 [pid 6545] close(3 [pid 6546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6545] <... close resumed>) = 0 [pid 6544] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6543] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6545] symlink("/dev/binderfs", "./binderfs" [pid 6544] <... mprotect resumed>) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6545] <... symlink resumed>) = 0 executing program ./strace-static-x86_64: Process 6548 attached ./strace-static-x86_64: Process 6547 attached [pid 6545] write(1, "executing program\n", 18 [pid 6544] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6548] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6547] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6546] <... clone3 resumed> => {parent_tid=[6548]}, 88) = 6548 [pid 6545] <... write resumed>) = 18 [pid 6544] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6543] <... clone3 resumed> => {parent_tid=[6547]}, 88) = 6547 [pid 6548] <... rseq resumed>) = 0 [pid 6547] <... rseq resumed>) = 0 [pid 6546] rt_sigprocmask(SIG_SETMASK, [], [pid 6545] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6543] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6549 attached [pid 6548] set_robust_list(0x7fbb68bde9a0, 24 [pid 6547] set_robust_list(0x7fbb68bde9a0, 24 [pid 6546] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6545] <... futex resumed>) = 0 [pid 6543] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6548] <... set_robust_list resumed>) = 0 [pid 6547] <... set_robust_list resumed>) = 0 [ 121.315604][ T6542] loop3: detected capacity change from 0 to 256 [pid 6546] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6545] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6544] <... clone3 resumed> => {parent_tid=[6549]}, 88) = 6549 [pid 6543] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] rt_sigprocmask(SIG_SETMASK, [], [pid 6547] rt_sigprocmask(SIG_SETMASK, [], [pid 6546] <... futex resumed>) = 0 [pid 6545] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6543] <... futex resumed>) = 0 [pid 6548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6546] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6544] rt_sigprocmask(SIG_SETMASK, [], [pid 6549] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6543] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6548] memfd_create("syzkaller", 0 [pid 6547] memfd_create("syzkaller", 0 [pid 6549] <... rseq resumed>) = 0 [pid 6548] <... memfd_create resumed>) = 3 [pid 6547] <... memfd_create resumed>) = 3 [pid 6545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6549] set_robust_list(0x7fbb68bde9a0, 24 [pid 6548] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6547] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6544] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6549] <... set_robust_list resumed>) = 0 [pid 6545] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6544] <... futex resumed>) = 0 [pid 6548] <... mmap resumed>) = 0x7fbb60600000 [pid 6547] <... mmap resumed>) = 0x7fbb60600000 [pid 6549] rt_sigprocmask(SIG_SETMASK, [], [pid 6548] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6547] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6545] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6544] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6549] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6549] memfd_create("syzkaller", 0 [pid 6545] <... mprotect resumed>) = 0 [pid 6548] <... write resumed>) = 131072 [pid 6547] <... write resumed>) = 131072 [pid 6545] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6548] munmap(0x7fbb60600000, 138412032 [pid 6545] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6549] <... memfd_create resumed>) = 3 [pid 6545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6550 attached ) = 0x7fbb60600000 [pid 6548] <... munmap resumed>) = 0 [pid 6550] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6548] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6547] munmap(0x7fbb60600000, 138412032 [pid 6550] <... rseq resumed>) = 0 [pid 6549] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6547] <... munmap resumed>) = 0 [pid 6545] <... clone3 resumed> => {parent_tid=[6550]}, 88) = 6550 [pid 6550] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6548] <... openat resumed>) = 4 [pid 6547] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6545] rt_sigprocmask(SIG_SETMASK, [], [pid 6550] rt_sigprocmask(SIG_SETMASK, [], [pid 6545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6545] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6548] ioctl(4, LOOP_SET_FD, 3 [pid 6547] <... openat resumed>) = 4 [pid 6550] memfd_create("syzkaller", 0 [pid 6545] <... futex resumed>) = 0 [pid 6550] <... memfd_create resumed>) = 3 [pid 6547] ioctl(4, LOOP_SET_FD, 3 [pid 6545] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6550] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6549] <... write resumed>) = 131072 [pid 6550] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6549] munmap(0x7fbb60600000, 138412032) = 0 [pid 6548] <... ioctl resumed>) = 0 [pid 6548] close(3) = 0 [pid 6548] close(4 [pid 6549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6548] <... close resumed>) = 0 [pid 6548] mkdir("./file2", 0777 [pid 6549] ioctl(4, LOOP_SET_FD, 3 [pid 6548] <... mkdir resumed>) = 0 [pid 6548] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6550] <... write resumed>) = 131072 [ 121.383784][ T6542] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 121.414066][ T6547] loop1: detected capacity change from 0 to 256 [ 121.420751][ T6548] loop4: detected capacity change from 0 to 256 [pid 6549] <... ioctl resumed>) = 0 [pid 6550] munmap(0x7fbb60600000, 138412032 [pid 6549] close(3) = 0 [pid 6549] close(4) = 0 [pid 6547] <... ioctl resumed>) = 0 [pid 6547] close(3) = 0 [pid 6547] close(4) = 0 [pid 6547] mkdir("./file2", 0777) = 0 [pid 6547] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6549] mkdir("./file2", 0777 [pid 6550] <... munmap resumed>) = 0 [pid 6549] <... mkdir resumed>) = 0 [pid 6550] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6549] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6550] <... openat resumed>) = 4 [ 121.442337][ T6549] loop0: detected capacity change from 0 to 256 [ 121.450798][ T6548] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 121.463492][ T6542] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6550] ioctl(4, LOOP_SET_FD, 3 [pid 6542] <... mount resumed>) = 0 [pid 6542] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6542] chdir("./file2") = 0 [pid 6542] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6542] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6542] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6541] <... futex resumed>) = 0 [pid 6541] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... futex resumed>) = 0 [pid 6541] <... futex resumed>) = 1 [pid 6542] mkdir("./file3", 0777 [pid 6550] <... ioctl resumed>) = 0 [pid 6550] close(3 [pid 6541] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6550] <... close resumed>) = 0 [pid 6550] close(4 [pid 6548] <... mount resumed>) = 0 [pid 6548] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6550] <... close resumed>) = 0 [pid 6548] <... openat resumed>) = 3 [pid 6548] chdir("./file2") = 0 [pid 6548] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6548] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 121.487974][ T6550] loop2: detected capacity change from 0 to 256 [ 121.492126][ T6547] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 121.507133][ T6548] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 121.520956][ T6549] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 121.522635][ T6542] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6548] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6550] mkdir("./file2", 0777) = 0 [pid 6550] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6547] <... mount resumed>) = 0 [pid 6546] <... futex resumed>) = 0 [pid 6547] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6546] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6542] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6547] chdir("./file2") = 0 [ 121.550666][ T6547] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 121.556111][ T6549] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 121.560148][ T6542] exFAT-fs (loop3): Filesystem has been set read-only [ 121.580248][ T6550] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6547] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6548] <... futex resumed>) = 0 [pid 6547] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6546] <... futex resumed>) = 1 [pid 6542] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6541] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6548] mkdir("./file3", 0777 [pid 6547] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6547] <... futex resumed>) = 1 [pid 6547] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6549] <... mount resumed>) = 0 [pid 6549] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6549] chdir("./file2" [pid 6547] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6549] <... chdir resumed>) = 0 [pid 6549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6549] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6549] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6544] <... futex resumed>) = 0 [pid 6544] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6549] <... futex resumed>) = 0 [pid 6549] mkdir("./file3", 0777 [pid 6547] mkdir("./file3", 0777 [pid 6542] +++ killed by SIGSEGV +++ [pid 6541] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6541, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6544] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 121.599272][ T6548] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.601802][ T6549] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.620070][ T6547] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.620277][ T6550] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 121.628992][ T6547] exFAT-fs (loop1): Filesystem has been set read-only [pid 5821] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6543] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6543] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6543] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6546] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6546] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6543] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6546] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6543] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6546] <... mprotect resumed>) = 0 [pid 6543] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6552]}, 88) = 6552 [pid 6543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6543] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6546] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6546] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6553]}, 88) = 6553 [pid 5821] <... openat resumed>) = 3 [pid 6546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6546] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6552 attached [pid 6552] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6552] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6552] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6552] openat(AT_FDCWD, ".", O_RDONLY./strace-static-x86_64: Process 6553 attached ) = 4 [pid 6552] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6543] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6543] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6553] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6553] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6552] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 5821] newfstatat(3, "", [pid 6552] <... ioctl resumed>) = 0 [pid 6553] <... set_robust_list resumed>) = 0 [pid 6552] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6553] rt_sigprocmask(SIG_SETMASK, [], [pid 6552] <... futex resumed>) = 1 [pid 6543] <... futex resumed>) = 0 [pid 6553] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6553] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6553] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6546] <... futex resumed>) = 0 [pid 6546] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6546] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6552] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6553] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 6553] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6546] <... futex resumed>) = 0 [pid 6553] <... futex resumed>) = 1 [pid 6553] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6549] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6550] <... mount resumed>) = 0 [pid 6548] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6547] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6544] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6550] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6544] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6550] <... openat resumed>) = 3 [ 121.640068][ T6549] exFAT-fs (loop0): Filesystem has been set read-only [ 121.651993][ T6548] exFAT-fs (loop4): Filesystem has been set read-only [pid 6544] <... futex resumed>) = 0 [pid 5821] getdents64(3, [pid 6550] chdir("./file2" [pid 6549] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6548] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6547] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6544] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6543] ???( [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6550] <... chdir resumed>) = 0 [pid 6544] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5821] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6550] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6544] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6550] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6544] <... mprotect resumed>) = 0 [pid 6552] <... futex resumed>) = ? [pid 6550] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6544] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6552] +++ killed by SIGSEGV +++ [pid 6550] <... futex resumed>) = 1 [pid 6545] <... futex resumed>) = 0 [pid 6544] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6553] <... futex resumed>) = ? [pid 6550] mkdir("./file3", 0777 [pid 6547] +++ killed by SIGSEGV +++ [pid 6545] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6543] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = 0 [pid 6553] +++ killed by SIGSEGV +++ [pid 6545] <... futex resumed>) = 0 [pid 5821] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6543, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6545] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6549] +++ killed by SIGSEGV +++ [pid 6544] +++ killed by SIGSEGV +++ [pid 5821] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6544, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6548] +++ killed by SIGSEGV +++ [pid 6546] +++ killed by SIGSEGV +++ [pid 5821] <... openat resumed>) = 4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./63", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(4, "", [pid 5819] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(4, [pid 5819] newfstatat(3, "", [pid 5818] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(3, "", [pid 5821] getdents64(4, [pid 5819] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] getdents64(3, [pid 5821] close(4 [pid 5819] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6546, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] <... close resumed>) = 0 [pid 5818] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] rmdir("./67/file2") = 0 [pid 5821] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./67/binderfs", [pid 5822] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] unlink("./67/binderfs" [pid 5819] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(3, [pid 5819] newfstatat(AT_FDCWD, "./66/file2", [pid 5818] newfstatat(AT_FDCWD, "./63/file2", [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] close(3 [pid 5819] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./63/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] rmdir("./67" [pid 5819] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./63/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... openat resumed>) = 3 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 5822] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./63/file2") = 0 [pid 5822] getdents64(3, [pid 5818] umount2("./63/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] mkdir("./68", 0777 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./63/binderfs", [pid 5822] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] newfstatat(4, "", [pid 5818] unlink("./63/binderfs" [pid 5822] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(3, [pid 5822] newfstatat(AT_FDCWD, "./65/file2", [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] close(3 [pid 5822] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] close(3 [pid 5818] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] rmdir("./63" [pid 5822] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... rmdir resumed>) = 0 [pid 5818] mkdir("./64", 0777) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] newfstatat(4, "", [pid 5818] <... openat resumed>) = 3 [pid 6550] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6550] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... ioctl resumed>) = 0 [pid 6545] <... futex resumed>) = ? [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 6550] +++ killed by SIGSEGV +++ [pid 6545] +++ killed by SIGSEGV +++ [pid 5822] close(4 [pid 5818] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6545, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5822] rmdir("./65/file2" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./66/file2" [pid 5822] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... rmdir resumed>) = 0 [pid 5819] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6554 attached [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./65/binderfs", [pid 5819] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./65/binderfs" [pid 5819] unlink("./66/binderfs" [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6555 attached [pid 6554] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 6554] <... set_robust_list resumed>) = 0 [pid 5822] getdents64(3, [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6554 [pid 5819] getdents64(3, [pid 5820] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6554] chdir("./68" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] close(3 [pid 6554] <... chdir resumed>) = 0 [pid 5822] close(3 [pid 5820] newfstatat(3, "", [pid 5819] <... close resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6555 [pid 6554] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] rmdir("./66" [pid 6554] <... prctl resumed>) = 0 [pid 5822] rmdir("./65" [pid 5820] getdents64(3, [pid 5819] <... rmdir resumed>) = 0 [pid 6554] setpgid(0, 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6554] <... setpgid resumed>) = 0 [pid 6554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6555] set_robust_list(0x55555eedf6a0, 24 [pid 5822] mkdir("./66", 0777 [pid 5820] <... umount2 resumed>) = 0 [ 121.698533][ T6550] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 121.718812][ T6550] exFAT-fs (loop2): Filesystem has been set read-only [pid 5819] mkdir("./67", 0777 [pid 6555] <... set_robust_list resumed>) = 0 [pid 5820] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6554] <... openat resumed>) = 3 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./65/file2", [pid 6555] chdir("./64" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6554] write(3, "1000", 4 [pid 5820] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6554] <... write resumed>) = 4 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6555] <... chdir resumed>) = 0 [pid 6554] close(3 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6555] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5820] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6555] setpgid(0, 0 [pid 5820] <... openat resumed>) = 4 [pid 6555] <... setpgid resumed>) = 0 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6554] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 6555] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6554] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6555] <... openat resumed>) = 3 [pid 6554] <... symlink resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5820] getdents64(4, [pid 5819] <... openat resumed>) = 3 executing program [pid 6555] write(3, "1000", 4 [pid 6554] write(1, "executing program\n", 18 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6555] <... write resumed>) = 4 [pid 6554] <... write resumed>) = 18 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] close(4 [pid 5819] <... ioctl resumed>) = 0 [pid 6555] close(3 [pid 6554] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] close(3 [pid 5820] <... close resumed>) = 0 [pid 5819] close(3 [pid 6555] <... close resumed>) = 0 [pid 6554] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] rmdir("./65/file2" [pid 6555] symlink("/dev/binderfs", "./binderfs" [pid 6554] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... rmdir resumed>) = 0 [pid 6554] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 6555] <... symlink resumed>) = 0 [pid 6555] write(1, "executing program\n", 18 [pid 6554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6555] <... write resumed>) = 18 [pid 6555] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6555] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6556 attached [pid 6555] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] newfstatat(AT_FDCWD, "./65/binderfs", [pid 6555] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6556 [pid 6555] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6555] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6554] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6556] set_robust_list(0x55555eedf6a0, 24 [pid 6555] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] unlink("./65/binderfs" [pid 6555] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6555] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6556] <... set_robust_list resumed>) = 0 [pid 6554] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... unlink resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6555] <... clone3 resumed> => {parent_tid=[6557]}, 88) = 6557 [pid 6554] <... mprotect resumed>) = 0 [pid 6556] chdir("./66" [pid 6555] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6557 attached NULL, 8) = 0 [pid 6555] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6557] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6557] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6557] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6557] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6558 attached ) = 3 [pid 6554] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6556] <... chdir resumed>) = 0 [pid 6557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6556] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6557] <... mmap resumed>) = 0x7fbb60600000 [pid 6556] <... prctl resumed>) = 0 [pid 6554] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] getdents64(3, [pid 6558] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6557] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6556] setpgid(0, 0 [pid 6554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6558] chdir("./67" [pid 6556] <... setpgid resumed>) = 0 [pid 5820] close(3 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6558 [pid 6558] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6559 attached [pid 6558] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6557] <... write resumed>) = 131072 [pid 6556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6554] <... clone3 resumed> => {parent_tid=[6559]}, 88) = 6559 [pid 5820] <... close resumed>) = 0 [pid 6558] <... prctl resumed>) = 0 [pid 5820] rmdir("./65" [pid 6559] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6558] setpgid(0, 0 [pid 6554] rt_sigprocmask(SIG_SETMASK, [], [pid 6559] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6559] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6557] munmap(0x7fbb60600000, 138412032) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6558] <... setpgid resumed>) = 0 [pid 6557] <... openat resumed>) = 4 [pid 6556] <... openat resumed>) = 3 [pid 6554] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6558] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6556] write(3, "1000", 4 [pid 6554] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] mkdir("./66", 0777 [pid 6556] <... write resumed>) = 4 [pid 6554] <... futex resumed>) = 1 [pid 6556] close(3 [pid 6557] ioctl(4, LOOP_SET_FD, 3 [pid 6558] <... openat resumed>) = 3 [pid 6556] <... close resumed>) = 0 [pid 6554] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... mkdir resumed>) = 0 [pid 6559] <... futex resumed>) = 0 [pid 6558] write(3, "1000", 4 [pid 6556] symlink("/dev/binderfs", "./binderfs" [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6559] memfd_create("syzkaller", 0 [pid 6556] <... symlink resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6559] <... memfd_create resumed>) = 3 [pid 5820] <... ioctl resumed>) = 0 [pid 6559] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] close(3 [pid 6559] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... close resumed>) = 0 [pid 6559] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6559] munmap(0x7fbb60600000, 138412032) = 0 [pid 6558] <... write resumed>) = 4 [pid 6559] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program ) = 4 [pid 6558] close(3 [pid 6556] write(1, "executing program\n", 18 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6558] <... close resumed>) = 0 [pid 6559] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6560 attached [pid 6558] symlink("/dev/binderfs", "./binderfs" [pid 6557] <... ioctl resumed>) = 0 [pid 6556] <... write resumed>) = 18 [pid 6560] set_robust_list(0x55555eedf6a0, 24 [pid 6557] close(3 [pid 6560] <... set_robust_list resumed>) = 0 [pid 6558] <... symlink resumed>) = 0 [pid 6557] <... close resumed>) = 0 [pid 6556] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6560 [pid 6560] chdir("./66" [pid 6557] close(4 [pid 6556] <... futex resumed>) = 0 [pid 6556] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6557] <... close resumed>) = 0 [pid 6557] mkdir("./file2", 0777 [pid 6560] <... chdir resumed>) = 0 executing program [pid 6559] <... ioctl resumed>) = 0 [pid 6558] write(1, "executing program\n", 18 [pid 6557] <... mkdir resumed>) = 0 [pid 6556] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6560] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6558] <... write resumed>) = 18 [pid 6556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6558] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6560] <... prctl resumed>) = 0 [pid 6559] close(3 [pid 6558] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6556] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6558] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6560] setpgid(0, 0 [pid 6558] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6560] <... setpgid resumed>) = 0 [pid 6559] <... close resumed>) = 0 [pid 6558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6556] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6559] close(4 [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6560] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6559] <... close resumed>) = 0 [pid 6558] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6557] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6556] <... mprotect resumed>) = 0 [pid 6559] mkdir("./file2", 0777 [pid 6558] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6556] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6558] <... mprotect resumed>) = 0 [pid 6556] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6558] <... rt_sigprocmask resumed>[], 8) = 0 [ 121.841324][ T6557] loop0: detected capacity change from 0 to 256 [ 121.871951][ T6559] loop3: detected capacity change from 0 to 256 ./strace-static-x86_64: Process 6561 attached [pid 6560] <... openat resumed>) = 3 [pid 6559] <... mkdir resumed>) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6561] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6561] set_robust_list(0x7fbb68bde9a0, 24) = 0 ./strace-static-x86_64: Process 6562 attached [pid 6561] rt_sigprocmask(SIG_SETMASK, [], [pid 6560] write(3, "1000", 4 [pid 6559] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6556] <... clone3 resumed> => {parent_tid=[6561]}, 88) = 6561 [pid 6562] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6561] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6560] <... write resumed>) = 4 [pid 6558] <... clone3 resumed> => {parent_tid=[6562]}, 88) = 6562 [pid 6556] rt_sigprocmask(SIG_SETMASK, [], [pid 6562] <... rseq resumed>) = 0 [pid 6561] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6560] close(3 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], [pid 6556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6562] set_robust_list(0x7fbb68bde9a0, 24 [pid 6560] <... close resumed>) = 0 [pid 6558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6556] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... set_robust_list resumed>) = 0 [pid 6560] symlink("/dev/binderfs", "./binderfs" [pid 6558] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6562] rt_sigprocmask(SIG_SETMASK, [], [pid 6560] <... symlink resumed>) = 0 [pid 6558] <... futex resumed>) = 0 [pid 6556] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 6562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6560] write(1, "executing program\n", 18 [pid 6558] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6562] memfd_create("syzkaller", 0 [pid 6560] <... write resumed>) = 18 [pid 6560] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6562] <... memfd_create resumed>) = 3 [pid 6560] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6562] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6560] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6562] <... mmap resumed>) = 0x7fbb60600000 [pid 6560] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6562] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6561] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6560] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6561] memfd_create("syzkaller", 0) = 3 [pid 6561] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6560] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6560] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6562] <... write resumed>) = 131072 [pid 6560] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6562] munmap(0x7fbb60600000, 138412032 [pid 6560] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6562] <... munmap resumed>) = 0 [pid 6560] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6562] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6560] <... clone3 resumed> => {parent_tid=[6563]}, 88) = 6563 [pid 6562] ioctl(4, LOOP_SET_FD, 3 [pid 6560] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6563 attached [pid 6561] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6560] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6557] <... mount resumed>) = 0 [pid 6560] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 121.944389][ T6557] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 121.960089][ T6559] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 121.960370][ T6557] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 121.981841][ T6562] loop1: detected capacity change from 0 to 256 [pid 6560] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6562] <... ioctl resumed>) = 0 [pid 6563] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6562] close(3 [pid 6561] <... write resumed>) = 131072 [pid 6559] <... mount resumed>) = 0 [pid 6557] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6563] <... rseq resumed>) = 0 [pid 6562] <... close resumed>) = 0 [pid 6561] munmap(0x7fbb60600000, 138412032 [pid 6559] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6557] <... openat resumed>) = 3 [pid 6563] set_robust_list(0x7fbb68bde9a0, 24 [pid 6562] close(4 [pid 6561] <... munmap resumed>) = 0 [pid 6559] <... openat resumed>) = 3 [pid 6563] <... set_robust_list resumed>) = 0 [pid 6562] <... close resumed>) = 0 [pid 6561] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6559] chdir("./file2" [pid 6557] chdir("./file2" [pid 6563] rt_sigprocmask(SIG_SETMASK, [], [pid 6562] mkdir("./file2", 0777 [pid 6561] <... openat resumed>) = 4 [pid 6559] <... chdir resumed>) = 0 [pid 6563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6562] <... mkdir resumed>) = 0 [pid 6561] ioctl(4, LOOP_SET_FD, 3 [ 121.985867][ T6559] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6559] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6557] <... chdir resumed>) = 0 [pid 6563] memfd_create("syzkaller", 0 [pid 6562] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6559] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6563] <... memfd_create resumed>) = 3 [pid 6559] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6554] <... futex resumed>) = 0 [pid 6554] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6563] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6559] mkdir("./file3", 0777 [pid 6561] <... ioctl resumed>) = 0 [pid 6557] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6561] close(3) = 0 [pid 6557] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6561] close(4) = 0 [ 122.016900][ T6561] loop4: detected capacity change from 0 to 256 [ 122.035706][ T6562] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6561] mkdir("./file2", 0777) = 0 [pid 6557] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6563] <... write resumed>) = 131072 [pid 6557] <... futex resumed>) = 1 [pid 6555] <... futex resumed>) = 0 [pid 6555] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6555] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] mkdir("./file3", 0777 [pid 6563] munmap(0x7fbb60600000, 138412032 [pid 6554] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6557] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6554] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6557] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6554] <... futex resumed>) = 0 [pid 6554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6554] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 122.062260][ T6562] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.073258][ T6559] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.078221][ T6561] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 122.083337][ T6557] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.100623][ T6561] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6564]}, 88) = 6564 [pid 6554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6554] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6554] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6563] <... munmap resumed>) = 0 [pid 6563] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 6564 attached ) = 4 [pid 6562] <... mount resumed>) = 0 [pid 6561] <... mount resumed>) = 0 [pid 6559] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6555] <... futex resumed>) = ? [pid 6564] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6562] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6561] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6559] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6563] ioctl(4, LOOP_SET_FD, 3 [pid 6562] <... openat resumed>) = 3 [pid 6561] <... openat resumed>) = 3 [pid 6562] chdir("./file2" [pid 6561] chdir("./file2" [pid 6562] <... chdir resumed>) = 0 [pid 6561] <... chdir resumed>) = 0 [pid 6562] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6561] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6562] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6561] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6562] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6561] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6562] <... futex resumed>) = 1 [pid 6558] <... futex resumed>) = 0 [pid 6561] <... futex resumed>) = 1 [pid 6562] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6561] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] <... futex resumed>) = 0 [pid 6562] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6558] <... futex resumed>) = 0 [pid 6556] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6563] <... ioctl resumed>) = 0 [pid 6562] mkdir("./file3", 0777 [pid 6561] <... futex resumed>) = 0 [pid 6558] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6557] +++ killed by SIGSEGV +++ [pid 6556] <... futex resumed>) = 1 [pid 6555] +++ killed by SIGSEGV +++ [pid 6563] close(3 [pid 6561] mkdir("./file3", 0777 [pid 6556] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6555, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6563] <... close resumed>) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6563] close(4 [pid 5818] <... restart_syscall resumed>) = 0 [pid 6563] <... close resumed>) = 0 [pid 6563] mkdir("./file2", 0777 [pid 5818] umount2("./64", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6563] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6554] <... futex resumed>) = ? [pid 5818] <... openat resumed>) = 3 [ 122.112650][ T6557] exFAT-fs (loop0): Filesystem has been set read-only [ 122.121472][ T6559] exFAT-fs (loop3): Filesystem has been set read-only [ 122.138864][ T6563] loop2: detected capacity change from 0 to 256 [ 122.152192][ T6561] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6559] +++ killed by SIGSEGV +++ [pid 5818] newfstatat(3, "", [pid 6564] <... rseq resumed>) = ? [pid 6563] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5818] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./64/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./64/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./64/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./64/file2") = 0 [pid 5818] umount2("./64/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./64/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./64") = 0 [pid 5818] mkdir("./65", 0777 [pid 6564] +++ killed by SIGSEGV +++ [pid 6554] +++ killed by SIGSEGV +++ [pid 5818] <... mkdir resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6554, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6561] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6561] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6565 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6565 attached [pid 6558] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6556] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6558] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6556] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 6558] <... futex resumed>) = 0 [pid 6556] <... futex resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 6558] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6558] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5821] getdents64(3, [pid 6558] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6558] <... mprotect resumed>) = 0 [pid 5821] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6558] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6558] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6556] <... mmap resumed>) = ? [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6566 attached [pid 6558] <... clone3 resumed> => {parent_tid=[6566]}, 88) = 6566 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6566] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6558] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] newfstatat(AT_FDCWD, "./68/file2", [pid 6566] <... rseq resumed>) = 0 [pid 6565] set_robust_list(0x55555eedf6a0, 24 [pid 6558] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6566] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6565] <... set_robust_list resumed>) = 0 [pid 6558] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6566] <... set_robust_list resumed>) = 0 [pid 6565] chdir("./65" [pid 6558] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6566] rt_sigprocmask(SIG_SETMASK, [], [pid 6558] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6565] <... chdir resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 6566] openat(AT_FDCWD, ".", O_RDONLY [pid 6565] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] newfstatat(4, "", [pid 6566] <... openat resumed>) = 4 [pid 6565] <... prctl resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 6565] setpgid(0, 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6566] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] <... setpgid resumed>) = 0 [pid 5821] getdents64(4, [pid 6566] <... futex resumed>) = 1 [pid 6565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6558] <... futex resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6566] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6558] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] close(4 [pid 6566] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6565] <... openat resumed>) = 3 [pid 6558] <... futex resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 6566] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6561] +++ killed by SIGSEGV +++ [pid 6558] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6556] +++ killed by SIGSEGV +++ [pid 6565] write(3, "1000", 4 [pid 5821] rmdir("./68/file2" [pid 6566] <... ioctl resumed>) = 0 [pid 6565] <... write resumed>) = 4 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6556, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5821] <... rmdir resumed>) = 0 [pid 6566] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6565] close(3 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6566] <... futex resumed>) = 1 [pid 6565] <... close resumed>) = 0 [pid 6558] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6566] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] symlink("/dev/binderfs", "./binderfs" [pid 5821] newfstatat(AT_FDCWD, "./68/binderfs", [pid 6565] <... symlink resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./68/binderfs") = 0 [ 122.162593][ T6562] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.163251][ T6561] exFAT-fs (loop4): Filesystem has been set read-only [ 122.194809][ T6563] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 122.195896][ T6562] exFAT-fs (loop1): Filesystem has been set read-only [pid 5821] getdents64(3, [pid 6565] write(1, "executing program\n", 18 [pid 6562] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... restart_syscall resumed>) = 0 [pid 6562] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", executing program {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6565] <... write resumed>) = 18 [pid 6565] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6565] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] close(3 [pid 6565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6565] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6567]}, 88) = 6567 ./strace-static-x86_64: Process 6567 attached [pid 5821] <... close resumed>) = 0 [pid 6565] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] rmdir("./68" [pid 6565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6565] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6565] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6567] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6566] <... futex resumed>) = ? [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6567] <... rseq resumed>) = 0 [pid 6566] +++ killed by SIGSEGV +++ [pid 5822] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6567] set_robust_list(0x7fbb68bde9a0, 24 [pid 6563] <... mount resumed>) = 0 [pid 6562] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] mkdir("./69", 0777 [pid 6567] <... set_robust_list resumed>) = 0 [pid 6563] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] newfstatat(AT_FDCWD, "./66/file2", [pid 6563] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6567] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6567] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... mkdir resumed>) = 0 [pid 6567] memfd_create("syzkaller", 0 [pid 6558] +++ killed by SIGSEGV +++ [pid 6563] chdir("./file2" [pid 5822] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6567] <... memfd_create resumed>) = 3 [pid 6563] <... chdir resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6558, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6563] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] newfstatat(4, "", [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6567] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6563] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6567] <... mmap resumed>) = 0x7fbb60600000 [pid 6563] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6563] <... futex resumed>) = 1 [pid 6560] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6563] mkdir("./file3", 0777 [pid 6560] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] close(4 [pid 6560] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6560] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6567] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... ioctl resumed>) = 0 [pid 6567] <... write resumed>) = 131072 [pid 5822] rmdir("./66/file2" [pid 5821] close(3 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 6567] munmap(0x7fbb60600000, 138412032 [pid 6563] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... rmdir resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6567] <... munmap resumed>) = 0 [pid 6563] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6568 attached [pid 6567] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6560] <... futex resumed>) = ? [pid 5822] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6568] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6568 [pid 5819] <... openat resumed>) = 3 [pid 6568] <... set_robust_list resumed>) = 0 [pid 6568] chdir("./69" [pid 5819] newfstatat(3, "", [pid 5822] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6567] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6567] ioctl(4, LOOP_SET_FD, 3 [pid 5819] getdents64(3, [pid 5822] unlink("./66/binderfs" [pid 6568] <... chdir resumed>) = 0 [ 122.236000][ T6563] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.267803][ T6563] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.276958][ T6563] exFAT-fs (loop2): Filesystem has been set read-only [pid 6568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6568] setpgid(0, 0) = 0 [pid 6568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6568] write(3, "1000", 4 [pid 6567] <... ioctl resumed>) = 0 [pid 6563] +++ killed by SIGSEGV +++ [pid 6560] +++ killed by SIGSEGV +++ [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6560, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6568] <... write resumed>) = 4 [pid 6568] close(3) = 0 [pid 6568] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6568] write(1, "executing program\n", 18) = 18 [pid 5822] getdents64(3, [pid 5819] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6567] close(3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6567] <... close resumed>) = 0 [pid 5822] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6567] close(4 [pid 5822] <... close resumed>) = 0 [pid 6567] <... close resumed>) = 0 [pid 5822] rmdir("./66" [pid 5820] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6567] mkdir("./file2", 0777 [pid 6568] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... rmdir resumed>) = 0 [pid 6568] <... futex resumed>) = 0 [pid 6567] <... mkdir resumed>) = 0 [pid 5822] mkdir("./67", 0777 [pid 5820] <... openat resumed>) = 3 [pid 6568] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6568] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6567] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] newfstatat(3, "", [pid 5819] <... umount2 resumed>) = 0 [pid 6568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6569 attached [pid 6568] <... clone3 resumed> => {parent_tid=[6569]}, 88) = 6569 [pid 5820] getdents64(3, [pid 5819] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6569] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6568] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... mkdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5820] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./67/file2", [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6568] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6568] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] close(3 [pid 6568] <... futex resumed>) = 0 [pid 5819] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6568] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6569] <... rseq resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6569] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6570 attached [pid 6569] memfd_create("syzkaller", 0 [pid 5819] newfstatat(4, "", [pid 6570] set_robust_list(0x55555eedf6a0, 24 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6569] <... memfd_create resumed>) = 3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6570 [pid 5820] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6570] <... set_robust_list resumed>) = 0 [pid 5819] getdents64(4, [ 122.304694][ T6567] loop0: detected capacity change from 0 to 256 [pid 6569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6570] chdir("./67" [pid 6569] <... mmap resumed>) = 0x7fbb60600000 [pid 6570] <... chdir resumed>) = 0 [pid 6569] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6570] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6570] <... prctl resumed>) = 0 [pid 6570] setpgid(0, 0) = 0 [pid 6570] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6569] <... write resumed>) = 131072 [pid 6567] <... mount resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./66/file2", [pid 5819] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(4 [pid 6570] write(3, "1000", 4 [pid 6569] munmap(0x7fbb60600000, 138412032 [pid 6567] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6570] <... write resumed>) = 4 [pid 6569] <... munmap resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... close resumed>) = 0 [pid 6570] close(3 [pid 6569] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6567] <... openat resumed>) = 3 [pid 5820] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] rmdir("./67/file2" [pid 6570] <... close resumed>) = 0 [pid 6569] <... openat resumed>) = 4 [pid 6567] chdir("./file2" [ 122.355863][ T6567] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 122.368807][ T6567] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6570] symlink("/dev/binderfs", "./binderfs" [pid 6569] ioctl(4, LOOP_SET_FD, 3 [pid 6567] <... chdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6570] <... symlink resumed>) = 0 [pid 6567] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... openat resumed>) = 4 [pid 5819] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6567] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] newfstatat(4, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6567] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(AT_FDCWD, "./67/binderfs", [pid 6567] <... futex resumed>) = 1 [pid 6565] <... futex resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6567] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6565] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] unlink("./67/binderfs" [pid 6567] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6565] <... futex resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... unlink resumed>) = 0 [pid 6567] mkdir("./file3", 0777 [pid 6565] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] getdents64(3, [pid 5820] close(4 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] close(3 [pid 5820] rmdir("./66/file2" [pid 5819] <... close resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] rmdir("./67") = 0 [pid 5820] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6570] write(1, "executing program\n", 18 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./66/binderfs", [pid 5819] mkdir("./68", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6570] <... write resumed>) = 18 [pid 5820] unlink("./66/binderfs" [pid 5819] <... mkdir resumed>) = 0 [pid 6570] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 6570] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] getdents64(3, [pid 6570] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6569] <... ioctl resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6570] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6569] close(3 [pid 5819] <... openat resumed>) = 3 [pid 6570] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6570] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6569] <... close resumed>) = 0 [pid 6570] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6569] close(4 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6570] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6569] <... close resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6570] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6569] mkdir("./file2", 0777 [pid 5819] close(3 [pid 6570] <... clone3 resumed> => {parent_tid=[6571]}, 88) = 6571 [pid 6569] <... mkdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6571 attached [pid 6570] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 6570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 6570] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6570] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6569] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6572 attached [pid 6571] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5820] rmdir("./66" [pid 6572] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6572] chdir("./68" [pid 6571] <... rseq resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6571] set_robust_list(0x7fbb68bde9a0, 24 [pid 5820] mkdir("./67", 0777 [pid 6571] <... set_robust_list resumed>) = 0 [pid 6571] rt_sigprocmask(SIG_SETMASK, [], [pid 6572] <... chdir resumed>) = 0 [pid 6571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 6572] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6572 [pid 6572] <... prctl resumed>) = 0 [pid 6571] memfd_create("syzkaller", 0 [pid 6572] setpgid(0, 0) = 0 [pid 6572] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 122.401740][ T6569] loop3: detected capacity change from 0 to 256 [ 122.411373][ T6567] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.439243][ T6567] exFAT-fs (loop0): Filesystem has been set read-only executing program [pid 6572] write(3, "1000", 4 [pid 6571] <... memfd_create resumed>) = 3 [pid 6567] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6565] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6571] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6565] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6572] <... write resumed>) = 4 [pid 6571] <... mmap resumed>) = 0x7fbb60600000 [pid 6565] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6572] close(3) = 0 [pid 6572] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6572] write(1, "executing program\n", 18) = 18 [pid 6572] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6571] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6572] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6565] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6567] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6565] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6572] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6572] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6565] <... mprotect resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5820] close(3 [pid 6572] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6572] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6572] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6572] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6572] <... clone3 resumed> => {parent_tid=[6573]}, 88) = 6573 [pid 6572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6572] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6572] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6567] +++ killed by SIGSEGV +++ [pid 6565] +++ killed by SIGSEGV +++ [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6565, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...>./strace-static-x86_64: Process 6574 attached ./strace-static-x86_64: Process 6573 attached ) = 0 [pid 6574] set_robust_list(0x55555eedf6a0, 24 [pid 6573] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6574 [pid 6574] <... set_robust_list resumed>) = 0 [pid 6573] <... rseq resumed>) = 0 [pid 6574] chdir("./67" [pid 6573] set_robust_list(0x7fbb68bde9a0, 24 [pid 5818] umount2("./65", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6574] <... chdir resumed>) = 0 [pid 6573] <... set_robust_list resumed>) = 0 [pid 6574] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6573] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6574] <... prctl resumed>) = 0 [pid 6573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6574] setpgid(0, 0) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6573] memfd_create("syzkaller", 0 [pid 6574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] newfstatat(3, "", [pid 6573] <... memfd_create resumed>) = 3 [pid 6574] <... openat resumed>) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6574] write(3, "1000", 4 [pid 6573] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6571] <... write resumed>) = 131072 [pid 5818] getdents64(3, [pid 6574] <... write resumed>) = 4 [pid 6574] close(3 [pid 6573] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6571] munmap(0x7fbb60600000, 138412032 [pid 6574] <... close resumed>) = 0 [pid 5818] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6571] <... munmap resumed>) = 0 [pid 6574] symlink("/dev/binderfs", "./binderfs" [pid 6573] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6571] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6571] <... openat resumed>) = 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6574] <... symlink resumed>) = 0 [pid 6571] ioctl(4, LOOP_SET_FD, 3 [pid 5818] newfstatat(AT_FDCWD, "./65/file2", [pid 6574] write(1, "executing program\n", 18executing program ) = 18 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6574] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] umount2("./65/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6574] <... futex resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6574] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] openat(AT_FDCWD, "./65/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6574] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] <... openat resumed>) = 4 [pid 6574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] newfstatat(4, "", [pid 6574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6574] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] getdents64(4, [pid 6574] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6574] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] getdents64(4, [pid 6574] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6573] <... write resumed>) = 131072 [pid 6574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6575 attached [pid 5818] close(4 [pid 6574] <... clone3 resumed> => {parent_tid=[6575]}, 88) = 6575 [pid 5818] <... close resumed>) = 0 [ 122.444521][ T6569] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 122.479361][ T6569] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6569] <... mount resumed>) = 0 [pid 6575] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6574] rt_sigprocmask(SIG_SETMASK, [], [pid 6573] munmap(0x7fbb60600000, 138412032 [pid 6571] <... ioctl resumed>) = 0 [pid 5818] rmdir("./65/file2" [pid 6575] <... rseq resumed>) = 0 [pid 6574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6573] <... munmap resumed>) = 0 [pid 6571] close(3 [pid 6569] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6575] set_robust_list(0x7fbb68bde9a0, 24 [pid 6574] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6571] <... close resumed>) = 0 [pid 6569] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 6575] <... set_robust_list resumed>) = 0 [pid 6574] <... futex resumed>) = 0 [pid 6573] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6571] close(4 [pid 6569] chdir("./file2" [pid 5818] umount2("./65/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6575] rt_sigprocmask(SIG_SETMASK, [], [pid 6574] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6573] <... openat resumed>) = 4 [pid 6571] <... close resumed>) = 0 [pid 6569] <... chdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6575] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6571] mkdir("./file2", 0777 [pid 5818] newfstatat(AT_FDCWD, "./65/binderfs", [pid 6575] memfd_create("syzkaller", 0 [pid 6573] ioctl(4, LOOP_SET_FD, 3 [pid 6571] <... mkdir resumed>) = 0 [pid 6569] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6575] <... memfd_create resumed>) = 3 [pid 6575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6571] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] unlink("./65/binderfs" [pid 6575] <... mmap resumed>) = 0x7fbb60600000 [pid 6573] <... ioctl resumed>) = 0 [pid 6569] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... unlink resumed>) = 0 [pid 6573] close(3 [pid 6569] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6573] <... close resumed>) = 0 [pid 6569] <... futex resumed>) = 1 [pid 6573] close(4 [pid 6569] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6573] <... close resumed>) = 0 [pid 6573] mkdir("./file2", 0777) = 0 [pid 6573] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6575] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6568] <... futex resumed>) = 0 [ 122.501165][ T6571] loop4: detected capacity change from 0 to 256 [ 122.522085][ T6573] loop1: detected capacity change from 0 to 256 [pid 5818] getdents64(3, [pid 6568] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6569] <... futex resumed>) = 0 [pid 6568] <... futex resumed>) = 1 [pid 5818] close(3 [pid 6575] <... write resumed>) = 131072 [pid 6569] mkdir("./file3", 0777 [pid 6568] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... close resumed>) = 0 [pid 6575] munmap(0x7fbb60600000, 138412032) = 0 [pid 5818] rmdir("./65" [pid 6575] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5818] <... rmdir resumed>) = 0 [pid 6575] ioctl(4, LOOP_SET_FD, 3 [ 122.561400][ T6569] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.581504][ T6575] loop2: detected capacity change from 0 to 256 [ 122.583357][ T6573] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5818] mkdir("./66", 0777 [pid 6575] <... ioctl resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6575] close(3 [pid 5818] <... openat resumed>) = 3 [pid 6575] <... close resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 6575] close(4 [pid 6568] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5818] close(3 [pid 6568] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6568] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6576]}, 88) = 6576 [pid 6568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5818] <... close resumed>) = 0 [pid 6568] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6568] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6576 attached [pid 6576] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6576] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 122.602874][ T6571] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 122.605957][ T6569] exFAT-fs (loop3): Filesystem has been set read-only [ 122.647939][ T6573] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6576] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6575] <... close resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6576] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6575] mkdir("./file2", 0777./strace-static-x86_64: Process 6577 attached [pid 6576] <... futex resumed>) = 1 [pid 6575] <... mkdir resumed>) = 0 [pid 6569] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6568] <... futex resumed>) = 0 [pid 6577] set_robust_list(0x55555eedf6a0, 24 [pid 6576] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6575] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6568] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6577 [pid 6577] <... set_robust_list resumed>) = 0 [pid 6576] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6573] <... mount resumed>) = 0 [pid 6569] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6576] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6568] <... futex resumed>) = 0 [pid 6576] <... ioctl resumed>) = ? [pid 6568] ???( [pid 6577] chdir("./66" [pid 6573] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6571] <... mount resumed>) = 0 [pid 6568] <... ??? resumed>) = ? [pid 6573] <... openat resumed>) = 3 [pid 6569] +++ killed by SIGSEGV +++ [pid 6577] <... chdir resumed>) = 0 [pid 6573] chdir("./file2" [pid 6577] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6573] <... chdir resumed>) = 0 [pid 6577] <... prctl resumed>) = 0 [pid 6573] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6577] setpgid(0, 0 [pid 6573] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6571] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6577] <... setpgid resumed>) = 0 [pid 6573] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6573] <... futex resumed>) = 1 [pid 6572] <... futex resumed>) = 0 [pid 6571] <... openat resumed>) = 3 [pid 6577] <... openat resumed>) = 3 [pid 6572] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6571] chdir("./file2" [pid 6577] write(3, "1000", 4 [pid 6573] mkdir("./file3", 0777 [pid 6572] <... futex resumed>) = 0 [pid 6576] +++ killed by SIGSEGV +++ [pid 6571] <... chdir resumed>) = 0 [pid 6568] +++ killed by SIGSEGV +++ [pid 6571] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6571] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 122.660280][ T6571] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.665441][ T6575] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 122.687194][ T6575] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.702938][ T6573] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6571] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6577] <... write resumed>) = 4 [pid 6575] <... mount resumed>) = 0 [pid 6573] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6572] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6570] <... futex resumed>) = 0 [pid 6577] close(3 [pid 6575] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6573] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6577] <... close resumed>) = 0 [pid 6570] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6568, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6577] symlink("/dev/binderfs", "./binderfs" [pid 6575] <... openat resumed>) = 3 [pid 6571] <... futex resumed>) = 0 [pid 6570] <... futex resumed>) = 1 [pid 6575] chdir("./file2" [pid 6572] <... futex resumed>) = ? [pid 6571] mkdir("./file3", 0777 [pid 6570] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] <... symlink resumed>) = 0 [pid 6575] <... chdir resumed>) = 0 [pid 6575] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6575] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6575] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6574] <... futex resumed>) = 0 executing program [pid 6577] write(1, "executing program\n", 18 [ 122.713413][ T6573] exFAT-fs (loop1): Filesystem has been set read-only [ 122.745481][ T6571] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6575] mkdir("./file3", 0777 [pid 6574] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6573] +++ killed by SIGSEGV +++ [pid 6572] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6577] <... write resumed>) = 18 [pid 6574] <... futex resumed>) = 0 [pid 6574] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6577] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6571] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6572, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6577] <... futex resumed>) = 0 [pid 6571] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... openat resumed>) = 3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6577] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6570] <... futex resumed>) = ? [pid 5821] newfstatat(3, "", [pid 5819] <... restart_syscall resumed>) = 0 [pid 6577] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6575] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6571] +++ killed by SIGSEGV +++ [pid 6570] +++ killed by SIGSEGV +++ [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] getdents64(3, [pid 6575] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6574] <... futex resumed>) = ? [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6575] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6570, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6577] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6577] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6577] <... mprotect resumed>) = 0 [pid 6574] +++ killed by SIGSEGV +++ [pid 5821] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6577] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] newfstatat(AT_FDCWD, "./69/file2", [pid 6577] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6574, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 6579 attached [pid 6577] <... clone3 resumed> => {parent_tid=[6579]}, 88) = 6579 [pid 5821] newfstatat(4, "", [pid 5819] getdents64(3, [pid 6579] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6577] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6579] <... rseq resumed>) = 0 [pid 6577] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] getdents64(4, [pid 6579] set_robust_list(0x7fbb68bde9a0, 24 [pid 6577] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6579] <... set_robust_list resumed>) = 0 [pid 5821] getdents64(4, [pid 6577] <... futex resumed>) = 0 [pid 6579] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6577] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] close(4) = 0 [pid 5821] rmdir("./69/file2" [pid 6579] memfd_create("syzkaller", 0) = 3 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6579] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6579] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./68/file2", [pid 5821] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] unlink("./69/binderfs" [pid 5820] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6579] <... write resumed>) = 131072 [pid 5822] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 5820] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6579] munmap(0x7fbb60600000, 138412032 [pid 5822] newfstatat(3, "", [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5821] close(3 [pid 5820] newfstatat(3, "", [pid 5819] newfstatat(4, "", [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 122.758468][ T6571] exFAT-fs (loop4): Filesystem has been set read-only [ 122.759986][ T6575] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 122.774614][ T6575] exFAT-fs (loop2): Filesystem has been set read-only [pid 5821] rmdir("./69" [pid 5820] getdents64(3, [pid 5819] getdents64(4, [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... munmap resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] mkdir("./70", 0777 [pid 6579] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5819] getdents64(4, [pid 6579] <... openat resumed>) = 4 [pid 5822] getdents64(3, [pid 6579] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5819] close(4 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... close resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] rmdir("./68/file2" [pid 5821] close(3 [pid 5819] <... rmdir resumed>) = 0 [pid 6579] <... ioctl resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... close resumed>) = 0 [pid 5820] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] close(3 [pid 5822] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6579] <... close resumed>) = 0 [pid 6579] close(4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6579] <... close resumed>) = 0 [pid 5819] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./67/file2", [pid 6579] mkdir("./file2", 0777 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6579] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] unlink("./68/binderfs") = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5822] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./67/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6579] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] getdents64(3, [pid 5822] newfstatat(4, "", [pid 5820] <... openat resumed>) = 4 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] newfstatat(4, "", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] close(3 [pid 5822] getdents64(4, [pid 5820] getdents64(4, [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6580 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] rmdir("./68" [pid 5822] getdents64(4, [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6580 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] mkdir("./69", 0777 [pid 6580] set_robust_list(0x55555eedf6a0, 24 [pid 5822] close(4 [pid 5819] <... mkdir resumed>) = 0 [pid 6580] <... set_robust_list resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6580] chdir("./70" [pid 5822] rmdir("./67/file2" [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6580] <... chdir resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5820] getdents64(4, [pid 6580] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6580] <... prctl resumed>) = 0 [pid 5820] close(4 [pid 5819] <... ioctl resumed>) = 0 [pid 6580] setpgid(0, 0 [pid 5822] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5819] close(3 [pid 6580] <... setpgid resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] rmdir("./67/file2" [pid 5819] <... close resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./67/binderfs", [pid 6580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./67/binderfs" [pid 6580] <... openat resumed>) = 3 [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6580] write(3, "1000", 4 [pid 5822] close(3 [pid 6580] <... write resumed>) = 4 [pid 5822] <... close resumed>) = 0 [pid 6580] close(3) = 0 [pid 5822] rmdir("./67" [pid 6580] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... rmdir resumed>) = 0 [pid 6580] <... symlink resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6580] write(1, "executing program\n", 18 [pid 5822] mkdir("./68", 0777 [pid 5820] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [ 122.838541][ T6579] loop0: detected capacity change from 0 to 256 [ 122.874541][ T6579] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) ./strace-static-x86_64: Process 6581 attached [pid 6580] <... write resumed>) = 18 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6580] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6580] <... futex resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./67/binderfs", [pid 6581] set_robust_list(0x55555eedf6a0, 24 [pid 6580] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... openat resumed>) = 3 [pid 6580] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] close(3 [pid 6581] <... set_robust_list resumed>) = 0 [pid 6580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... close resumed>) = 0 [pid 5820] unlink("./67/binderfs" [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6581 [pid 6580] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6580] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6581] chdir("./69" [pid 6580] <... mprotect resumed>) = 0 [pid 6581] <... chdir resumed>) = 0 [pid 6580] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... unlink resumed>) = 0 [pid 6581] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6580] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6581] <... prctl resumed>) = 0 [pid 6580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] getdents64(3, ./strace-static-x86_64: Process 6582 attached [pid 6581] setpgid(0, 0 [pid 6582] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6581] <... setpgid resumed>) = 0 [pid 6580] <... clone3 resumed> => {parent_tid=[6582]}, 88) = 6582 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6583 attached [pid 6582] <... rseq resumed>) = 0 [pid 6581] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6580] rt_sigprocmask(SIG_SETMASK, [], [pid 6579] <... mount resumed>) = 0 [pid 5820] close(3 [pid 6582] set_robust_list(0x7fbb68bde9a0, 24 [pid 6580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6580] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] <... openat resumed>) = 3 [pid 6580] <... futex resumed>) = 0 [pid 6582] <... set_robust_list resumed>) = 0 [pid 6581] write(3, "1000", 4 [pid 6580] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... close resumed>) = 0 [pid 6582] rt_sigprocmask(SIG_SETMASK, [], [pid 6581] <... write resumed>) = 4 [pid 5820] rmdir("./67" [pid 6582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6579] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6583 [pid 6579] chdir("./file2") = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6582] memfd_create("syzkaller", 0 [pid 6581] close(3 [pid 6579] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] mkdir("./68", 0777executing program [pid 6582] <... memfd_create resumed>) = 3 [pid 6581] <... close resumed>) = 0 [pid 6579] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6582] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6581] symlink("/dev/binderfs", "./binderfs" [pid 6579] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... mmap resumed>) = 0x7fbb60600000 [pid 6579] <... futex resumed>) = 1 [pid 6577] <... futex resumed>) = 0 [pid 6579] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6577] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6583] set_robust_list(0x55555eedf6a0, 24 [pid 6581] <... symlink resumed>) = 0 [pid 6579] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6577] <... futex resumed>) = 0 [pid 6581] write(1, "executing program\n", 18 [pid 6579] mkdir("./file3", 0777 [pid 6577] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6583] <... set_robust_list resumed>) = 0 [pid 6581] <... write resumed>) = 18 [pid 5820] <... mkdir resumed>) = 0 [pid 6583] chdir("./68" [pid 6582] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6581] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6583] <... chdir resumed>) = 0 [pid 6582] <... write resumed>) = 131072 [pid 6581] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6581] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6583] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... ioctl resumed>) = 0 [pid 6583] <... prctl resumed>) = 0 [pid 6581] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] close(3) = 0 [pid 6583] setpgid(0, 0 [ 122.896854][ T6579] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.923597][ T6579] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6581] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6583] <... setpgid resumed>) = 0 [pid 6582] munmap(0x7fbb60600000, 138412032 [pid 6583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 6584 attached [pid 6584] set_robust_list(0x55555eedf6a0, 24 [pid 6583] <... openat resumed>) = 3 [pid 6581] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6584] <... set_robust_list resumed>) = 0 [pid 6583] write(3, "1000", 4 [pid 6581] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6584] chdir("./68" [pid 6583] <... write resumed>) = 4 [pid 6581] <... mprotect resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6584 [pid 6584] <... chdir resumed>) = 0 [pid 6584] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6581] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6583] close(3 [pid 6581] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6583] <... close resumed>) = 0 [pid 6581] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6583] symlink("/dev/binderfs", "./binderfs" [pid 6584] setpgid(0, 0) = 0 ./strace-static-x86_64: Process 6585 attached [pid 6584] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6583] <... symlink resumed>) = 0 [pid 6581] <... clone3 resumed> => {parent_tid=[6585]}, 88) = 6585 [pid 6584] <... openat resumed>) = 3 [pid 6581] rt_sigprocmask(SIG_SETMASK, [], [pid 6584] write(3, "1000", 4 [pid 6581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6585] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6583] write(1, "executing program\n", 18executing program [pid 6585] <... rseq resumed>) = 0 [pid 6581] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6585] set_robust_list(0x7fbb68bde9a0, 24 [pid 6584] <... write resumed>) = 4 [pid 6581] <... futex resumed>) = 0 [pid 6585] <... set_robust_list resumed>) = 0 [pid 6583] <... write resumed>) = 18 [pid 6585] rt_sigprocmask(SIG_SETMASK, [], [pid 6581] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6585] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6583] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] close(3) = 0 [pid 6584] symlink("/dev/binderfs", "./binderfs" [pid 6585] memfd_create("syzkaller", 0 [pid 6583] <... futex resumed>) = 0 [pid 6582] <... munmap resumed>) = 0 executing program [pid 6585] <... memfd_create resumed>) = 3 [pid 6584] <... symlink resumed>) = 0 [pid 6583] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6582] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6585] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6583] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6584] write(1, "executing program\n", 18 [pid 6583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6585] <... mmap resumed>) = 0x7fbb60600000 [pid 6584] <... write resumed>) = 18 [pid 6584] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6584] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6582] <... openat resumed>) = 4 [pid 6584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6584] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6584] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6584] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6586 attached [pid 6585] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6586] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6584] <... clone3 resumed> => {parent_tid=[6586]}, 88) = 6586 [pid 6586] <... rseq resumed>) = 0 [pid 6584] rt_sigprocmask(SIG_SETMASK, [], [pid 6586] set_robust_list(0x7fbb68bde9a0, 24 [pid 6584] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6579] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6586] <... set_robust_list resumed>) = 0 [pid 6584] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6579] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6586] rt_sigprocmask(SIG_SETMASK, [], [pid 6584] <... futex resumed>) = 0 [pid 6586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6584] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6577] <... futex resumed>) = ? [pid 6586] memfd_create("syzkaller", 0) = 3 [pid 6586] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 122.943053][ T6579] exFAT-fs (loop0): Filesystem has been set read-only [pid 6586] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6583] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6582] ioctl(4, LOOP_SET_FD, 3 [pid 6579] +++ killed by SIGSEGV +++ [pid 6577] +++ killed by SIGSEGV +++ [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6577, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6585] <... write resumed>) = 131072 [pid 6583] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6586] <... write resumed>) = 131072 [pid 6585] munmap(0x7fbb60600000, 138412032 [pid 6583] <... mprotect resumed>) = 0 [pid 6586] munmap(0x7fbb60600000, 138412032 [pid 6582] <... ioctl resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 6585] <... munmap resumed>) = 0 [pid 6583] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6582] close(3 [pid 6585] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6583] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6582] <... close resumed>) = 0 [pid 6585] <... openat resumed>) = 4 [pid 6583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6582] close(4./strace-static-x86_64: Process 6587 attached [pid 6586] <... munmap resumed>) = 0 [pid 6585] ioctl(4, LOOP_SET_FD, 3 [pid 6587] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6586] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6582] <... close resumed>) = 0 [pid 5818] umount2("./66", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6587] <... rseq resumed>) = 0 [pid 6583] <... clone3 resumed> => {parent_tid=[6587]}, 88) = 6587 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6587] set_robust_list(0x7fbb68bde9a0, 24 [pid 6586] <... openat resumed>) = 4 [pid 6583] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6586] ioctl(4, LOOP_SET_FD, 3 [pid 6587] <... set_robust_list resumed>) = 0 [pid 6583] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6582] mkdir("./file2", 0777 [pid 5818] <... openat resumed>) = 3 [pid 6587] rt_sigprocmask(SIG_SETMASK, [], [pid 6583] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... mkdir resumed>) = 0 [pid 6587] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6583] <... futex resumed>) = 0 [pid 6582] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6587] memfd_create("syzkaller", 0 [pid 6583] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6587] <... memfd_create resumed>) = 3 [pid 6587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6587] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] newfstatat(3, "", [pid 6587] <... write resumed>) = 131072 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6585] <... ioctl resumed>) = 0 [pid 6587] munmap(0x7fbb60600000, 138412032 [pid 6585] close(3 [pid 6587] <... munmap resumed>) = 0 [pid 5818] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6585] <... close resumed>) = 0 [pid 6585] close(4) = 0 [pid 6585] mkdir("./file2", 0777) = 0 [ 122.975603][ T6582] loop3: detected capacity change from 0 to 256 [ 122.998699][ T6585] loop1: detected capacity change from 0 to 256 [ 123.009069][ T6586] loop2: detected capacity change from 0 to 256 [pid 6587] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6587] ioctl(4, LOOP_SET_FD, 3 [pid 6586] <... ioctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6585] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] newfstatat(AT_FDCWD, "./66/file2", [pid 6586] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6586] <... close resumed>) = 0 [pid 5818] umount2("./66/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6586] close(4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6586] <... close resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./66/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6586] mkdir("./file2", 0777 [pid 6587] <... ioctl resumed>) = 0 [pid 6586] <... mkdir resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 6587] close(3) = 0 [ 123.028033][ T6587] loop4: detected capacity change from 0 to 256 [ 123.044186][ T6582] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.058891][ T6582] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6587] close(4) = 0 [pid 6586] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6582] <... mount resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6587] mkdir("./file2", 0777) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6587] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 6582] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6582] <... openat resumed>) = 3 [pid 5818] close(4 [pid 6582] chdir("./file2" [pid 5818] <... close resumed>) = 0 [pid 6582] <... chdir resumed>) = 0 [pid 5818] rmdir("./66/file2" [pid 6582] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... rmdir resumed>) = 0 [pid 6582] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] umount2("./66/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6582] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6582] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 123.071367][ T6585] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5818] newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6580] <... futex resumed>) = 0 [pid 5818] unlink("./66/binderfs" [pid 6580] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6582] <... futex resumed>) = 0 [pid 6580] <... futex resumed>) = 1 [pid 5818] <... unlink resumed>) = 0 [pid 6582] mkdir("./file3", 0777 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./66" [pid 6580] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... rmdir resumed>) = 0 [ 123.109059][ T6586] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.111574][ T6585] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 123.134963][ T6586] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] mkdir("./67", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6585] <... mount resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6585] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6585] <... openat resumed>) = 3 [pid 5818] <... ioctl resumed>) = 0 [pid 6585] chdir("./file2" [pid 5818] close(3 [pid 6585] <... chdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6585] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6588 attached [pid 6586] <... mount resumed>) = 0 [pid 6585] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6582] <... mkdir resumed>) = -1 EIO (Input/output error) [ 123.154191][ T6582] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.164424][ T6582] exFAT-fs (loop3): Filesystem has been set read-only [pid 6586] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6586] chdir("./file2" [pid 6585] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6588 [pid 6586] <... chdir resumed>) = 0 [pid 6586] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6582] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6586] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6580] <... futex resumed>) = ? [pid 6586] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6585] <... futex resumed>) = 1 [pid 6581] <... futex resumed>) = 0 [pid 6586] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6588] set_robust_list(0x55555eedf6a0, 24 [pid 6584] <... futex resumed>) = 0 [pid 6588] <... set_robust_list resumed>) = 0 [pid 6584] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6588] chdir("./67" [pid 6586] <... futex resumed>) = 0 [pid 6584] <... futex resumed>) = 1 [pid 6586] mkdir("./file3", 0777 [pid 6584] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] <... chdir resumed>) = 0 [pid 6585] mkdir("./file3", 0777 [pid 6581] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6581] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6588] setpgid(0, 0) = 0 [pid 6588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6588] write(3, "1000", 4) = 4 [pid 6588] close(3) = 0 [pid 6588] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6588] write(1, "executing program\n", 18) = 18 [pid 6588] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6588] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6588] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6589 attached => {parent_tid=[6589]}, 88) = 6589 [pid 6588] rt_sigprocmask(SIG_SETMASK, [], [pid 6589] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6582] +++ killed by SIGSEGV +++ [pid 6580] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6580, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6589] <... rseq resumed>) = 0 [pid 6588] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6589] set_robust_list(0x7fbb68bde9a0, 24 [pid 6588] <... futex resumed>) = 0 [pid 6589] <... set_robust_list resumed>) = 0 [pid 6588] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6589] memfd_create("syzkaller", 0) = 3 [pid 6589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 123.199942][ T6587] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.216056][ T6586] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.228697][ T6585] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.239992][ T6586] exFAT-fs (loop2): Filesystem has been set read-only [pid 6589] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6589] <... write resumed>) = 131072 [pid 6589] munmap(0x7fbb60600000, 138412032) = 0 [pid 6589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6589] ioctl(4, LOOP_SET_FD, 3 [pid 6584] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6581] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6584] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6581] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6584] <... futex resumed>) = 0 [pid 6581] <... futex resumed>) = 0 [pid 6586] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6584] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6581] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6586] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6584] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6585] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6581] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6587] <... mount resumed>) = 0 [pid 6585] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6581] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6587] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6581] <... mprotect resumed>) = ? [pid 6589] <... ioctl resumed>) = 0 [pid 6587] <... openat resumed>) = 3 [pid 6587] chdir("./file2") = 0 [pid 6587] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6587] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6583] <... futex resumed>) = 0 [pid 6587] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6586] +++ killed by SIGSEGV +++ [pid 6584] +++ killed by SIGSEGV +++ [pid 6589] close(3 [pid 6583] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6584, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6589] <... close resumed>) = 0 [pid 6587] <... futex resumed>) = 0 [pid 6583] <... futex resumed>) = 1 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6589] close(4 [pid 6587] mkdir("./file3", 0777 [pid 6583] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6589] <... close resumed>) = 0 [pid 6585] +++ killed by SIGSEGV +++ [pid 6581] +++ killed by SIGSEGV +++ [pid 5821] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6589] mkdir("./file2", 0777 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6581, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6589] <... mkdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./70/file2", [pid 6589] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... openat resumed>) = 3 [pid 5821] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(4, "", [pid 5820] <... openat resumed>) = 3 [pid 5819] getdents64(3, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(3, "", [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(3, [pid 5819] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 123.258048][ T6587] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 123.264733][ T6589] loop0: detected capacity change from 0 to 256 [ 123.273882][ T6585] exFAT-fs (loop1): Filesystem has been set read-only [ 123.297797][ T6587] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5821] getdents64(4, [pid 5820] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./70/file2") = 0 [pid 5821] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6587] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6587] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6583] <... futex resumed>) = ? [pid 5821] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] unlink("./70/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./70") = 0 [pid 5821] mkdir("./71", 0777) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 6590 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./69/file2", [pid 5820] newfstatat(AT_FDCWD, "./68/file2", ./strace-static-x86_64: Process 6590 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6590] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5820] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6590] chdir("./71" [pid 6587] +++ killed by SIGSEGV +++ [pid 6583] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6590] <... chdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6590] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6590] <... prctl resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5819] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6590] setpgid(0, 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6583, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] newfstatat(4, "", [pid 6590] <... setpgid resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 4 [pid 6590] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] getdents64(4, [pid 5819] newfstatat(4, "", [pid 6589] <... mount resumed>) = 0 [pid 6589] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6590] <... openat resumed>) = 3 [pid 6589] <... openat resumed>) = 3 [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6590] write(3, "1000", 4 [pid 6589] chdir("./file2" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6590] <... write resumed>) = 4 [pid 6589] <... chdir resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] close(4 [pid 5819] getdents64(4, [pid 6589] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... close resumed>) = 0 [pid 6589] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] rmdir("./68/file2" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6590] close(3 [pid 6589] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] getdents64(4, [pid 6589] <... futex resumed>) = 1 [pid 6588] <... futex resumed>) = 0 [pid 5820] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6588] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6588] <... futex resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./68/binderfs", [pid 6588] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6589] mkdir("./file3", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(4 [pid 5822] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] unlink("./68/binderfs" [pid 5819] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5819] rmdir("./69/file2" [ 123.319276][ T6587] exFAT-fs (loop4): Filesystem has been set read-only [ 123.334461][ T6589] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.347013][ T6589] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6590] <... close resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 5820] <... unlink resumed>) = 0 [pid 6590] symlink("/dev/binderfs", "./binderfs" [pid 6589] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, [pid 5819] <... rmdir resumed>) = 0 [pid 6589] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6590] <... symlink resumed>) = 0 [pid 6589] +++ killed by SIGSEGV +++ [pid 6588] <... futex resumed>) = ? executing program [pid 5822] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6590] write(1, "executing program\n", 18 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] close(3 [pid 5822] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6590] <... write resumed>) = 18 [pid 6590] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5820] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 6590] <... futex resumed>) = 0 [pid 6590] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./68" [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6590] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6590] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] newfstatat(AT_FDCWD, "./68/file2", [pid 5820] <... rmdir resumed>) = 0 [pid 5819] unlink("./69/binderfs" [pid 6590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6590] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] mkdir("./69", 0777 [pid 5819] <... unlink resumed>) = 0 [pid 6590] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... mkdir resumed>) = 0 [pid 6590] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6590] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... openat resumed>) = 4 [pid 6588] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(4, "", [pid 5819] getdents64(3, [pid 6590] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6590] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] getdents64(4, [pid 5820] <... openat resumed>) = 3 [pid 5819] close(3 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6588, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- ./strace-static-x86_64: Process 6591 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... close resumed>) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6591] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 5822] getdents64(4, [pid 6591] set_robust_list(0x7fbb68bde9a0, 24 [pid 6590] <... clone3 resumed> => {parent_tid=[6591]}, 88) = 6591 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] rmdir("./69" [pid 6591] <... set_robust_list resumed>) = 0 [pid 6590] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] close(4 [pid 5820] close(3 [pid 6591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6591] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6590] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5818] umount2("./67", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6590] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rmdir("./68/file2" [pid 5820] <... close resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6591] <... futex resumed>) = 0 [pid 6590] <... futex resumed>) = 1 [pid 5822] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6590] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6591] memfd_create("syzkaller", 0 [pid 5822] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] mkdir("./70", 0777 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... mkdir resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./68/binderfs", [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6592 attached [pid 6591] <... memfd_create resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(3, "", [pid 6592] set_robust_list(0x55555eedf6a0, 24 [pid 6591] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6592] <... set_robust_list resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6591] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] getdents64(3, [pid 6592] chdir("./69" [pid 5819] <... openat resumed>) = 3 [pid 5822] unlink("./68/binderfs") = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6591] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] <... ioctl resumed>) = 0 [pid 6592] <... chdir resumed>) = 0 [pid 5822] getdents64(3, [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6592 [ 123.398171][ T6589] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.407848][ T6589] exFAT-fs (loop0): Filesystem has been set read-only [pid 5819] close(3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6592] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6591] <... write resumed>) = 131072 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6592] <... prctl resumed>) = 0 [pid 6592] setpgid(0, 0 [pid 5822] close(3 [pid 6592] <... setpgid resumed>) = 0 [pid 6592] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6592] <... openat resumed>) = 3 [pid 6591] munmap(0x7fbb60600000, 138412032 [pid 5822] rmdir("./68" [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6592] write(3, "1000", 4 [pid 6591] <... munmap resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6592] <... write resumed>) = 4 [pid 6591] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6592] close(3 [pid 5818] newfstatat(AT_FDCWD, "./67/file2", [pid 6592] <... close resumed>) = 0 [pid 6591] <... openat resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6592] symlink("/dev/binderfs", "./binderfs" [pid 6591] ioctl(4, LOOP_SET_FD, 3 [pid 5818] umount2("./67/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6592] <... symlink resumed>) = 0 [pid 5822] mkdir("./69", 0777 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./67/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6591] <... ioctl resumed>) = 0 [pid 6592] write(1, "executing program\n", 18./strace-static-x86_64: Process 6593 attached [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 6593] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6593] <... set_robust_list resumed>) = 0 [pid 6593] chdir("./70" [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 6593] <... chdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6593] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5818] rmdir("./67/file2" [pid 6593] <... prctl resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6593] setpgid(0, 0 [pid 5818] umount2("./67/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6593] <... setpgid resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6593] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... openat resumed>) = 3 [pid 5818] newfstatat(AT_FDCWD, "./67/binderfs", [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6593] <... openat resumed>) = 3 [pid 5822] <... ioctl resumed>) = 0 [pid 5818] unlink("./67/binderfs" [pid 5822] close(3 [pid 5818] <... unlink resumed>) = 0 [pid 6592] <... write resumed>) = 18 [pid 6593] write(3, "1000", 4 [pid 6592] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] getdents64(3, [pid 6593] <... write resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6592] <... futex resumed>) = 0 [pid 6593] close(3 [pid 5818] close(3 [pid 6593] <... close resumed>) = 0 [pid 6593] symlink("/dev/binderfs", "./binderfs" [pid 5818] <... close resumed>) = 0 [pid 6593] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5818] rmdir("./67"executing program ) = 0 [pid 6593] write(1, "executing program\n", 18) = 18 [pid 6593] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6593] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] mkdir("./68", 0777 [pid 6593] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... mkdir resumed>) = 0 [pid 6593] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6593 [pid 6593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6592] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6593] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6593] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6593] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6592] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6591] close(3./strace-static-x86_64: Process 6594 attached [pid 6593] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6592] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6591] <... close resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6594] set_robust_list(0x55555eedf6a0, 24 [pid 6593] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6591] close(4./strace-static-x86_64: Process 6595 attached [pid 6594] <... set_robust_list resumed>) = 0 [pid 6592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6591] <... close resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6594 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6594] chdir("./69" [pid 6592] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6591] mkdir("./file2", 0777 [pid 5818] <... ioctl resumed>) = 0 [pid 6594] <... chdir resumed>) = 0 [pid 6593] <... clone3 resumed> => {parent_tid=[6595]}, 88) = 6595 [pid 6595] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6594] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6593] rt_sigprocmask(SIG_SETMASK, [], [pid 6592] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6591] <... mkdir resumed>) = 0 [pid 5818] close(3 [pid 6595] <... rseq resumed>) = 0 [pid 6593] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6592] <... mprotect resumed>) = 0 [pid 6591] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6595] set_robust_list(0x7fbb68bde9a0, 24 [pid 6594] <... prctl resumed>) = 0 [pid 6593] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... close resumed>) = 0 [pid 6594] setpgid(0, 0 [pid 6593] <... futex resumed>) = 0 [pid 6594] <... setpgid resumed>) = 0 [pid 6593] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6594] write(3, "1000", 4) = 4 [ 123.469831][ T6591] loop3: detected capacity change from 0 to 256 [pid 6594] close(3) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6595] <... set_robust_list resumed>) = 0 [pid 6595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6594] symlink("/dev/binderfs", "./binderfs" [pid 6592] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6594] <... symlink resumed>) = 0 [pid 6592] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6595] memfd_create("syzkaller", 0 [pid 6594] write(1, "executing program\n", 18executing program ./strace-static-x86_64: Process 6596 attached [pid 6595] <... memfd_create resumed>) = 3 [pid 6594] <... write resumed>) = 18 [pid 6592] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6596] set_robust_list(0x55555eedf6a0, 24 [pid 6595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6594] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6596] <... set_robust_list resumed>) = 0 [pid 6594] <... futex resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6596 [pid 6596] chdir("./68" [pid 6594] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6596] <... chdir resumed>) = 0 [pid 6594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6596] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6596] <... prctl resumed>) = 0 [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6596] setpgid(0, 0 [pid 6594] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6596] <... setpgid resumed>) = 0 [pid 6594] <... mprotect resumed>) = 0 [pid 6596] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6595] <... mmap resumed>) = 0x7fbb60600000 [pid 6594] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6597 attached [], 8) = 0 [pid 6594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6598 attached [pid 6598] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6594] <... clone3 resumed> => {parent_tid=[6598]}, 88) = 6598 [pid 6598] <... rseq resumed>) = 0 [pid 6597] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6596] <... openat resumed>) = 3 [pid 6595] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], [pid 6592] <... clone3 resumed> => {parent_tid=[6597]}, 88) = 6597 [pid 6598] set_robust_list(0x7fbb68bde9a0, 24 [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6598] <... set_robust_list resumed>) = 0 [pid 6596] write(3, "1000", 4 [pid 6594] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] rt_sigprocmask(SIG_SETMASK, [], [pid 6597] <... rseq resumed>) = 0 [pid 6596] <... write resumed>) = 4 [pid 6595] <... write resumed>) = 131072 [pid 6594] <... futex resumed>) = 0 [pid 6592] rt_sigprocmask(SIG_SETMASK, [], [pid 6598] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6597] set_robust_list(0x7fbb68bde9a0, 24 [pid 6596] close(3 [pid 6594] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6592] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6598] memfd_create("syzkaller", 0 [pid 6597] <... set_robust_list resumed>) = 0 [pid 6596] <... close resumed>) = 0 [pid 6595] munmap(0x7fbb60600000, 138412032 [pid 6592] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6598] <... memfd_create resumed>) = 3 [pid 6597] rt_sigprocmask(SIG_SETMASK, [], [pid 6596] symlink("/dev/binderfs", "./binderfs" [pid 6592] <... futex resumed>) = 0 [pid 6598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6597] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6596] <... symlink resumed>) = 0 [pid 6592] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6598] <... mmap resumed>) = 0x7fbb60600000 [pid 6595] <... munmap resumed>) = 0 [pid 6598] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072executing program [pid 6597] memfd_create("syzkaller", 0 [pid 6595] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6596] write(1, "executing program\n", 18) = 18 [pid 6595] <... openat resumed>) = 4 [pid 6596] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] ioctl(4, LOOP_SET_FD, 3 [pid 6596] <... futex resumed>) = 0 [pid 6596] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6596] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6596] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [ 123.515510][ T6591] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.554860][ T6595] loop1: detected capacity change from 0 to 256 [pid 6596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6598] <... write resumed>) = 131072 [pid 6597] <... memfd_create resumed>) = 3 [pid 6598] munmap(0x7fbb60600000, 138412032 [pid 6596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6597] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6598] <... munmap resumed>) = 0 [pid 6597] <... mmap resumed>) = 0x7fbb60600000 [pid 6595] <... ioctl resumed>) = 0 [pid 6598] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6596] <... clone3 resumed> => {parent_tid=[6599]}, 88) = 6599 [pid 6598] <... openat resumed>) = 4 [pid 6596] rt_sigprocmask(SIG_SETMASK, [], [pid 6598] ioctl(4, LOOP_SET_FD, 3 [pid 6596] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6599 attached [pid 6597] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6596] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] close(3 [pid 6596] <... futex resumed>) = 0 [pid 6597] <... write resumed>) = 131072 [pid 6599] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6596] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6595] <... close resumed>) = 0 [pid 6599] <... rseq resumed>) = 0 [pid 6597] munmap(0x7fbb60600000, 138412032 [pid 6595] close(4 [pid 6599] set_robust_list(0x7fbb68bde9a0, 24 [pid 6595] <... close resumed>) = 0 [pid 6599] <... set_robust_list resumed>) = 0 [pid 6595] mkdir("./file2", 0777 [pid 6598] <... ioctl resumed>) = 0 [pid 6599] rt_sigprocmask(SIG_SETMASK, [], [pid 6597] <... munmap resumed>) = 0 [pid 6595] <... mkdir resumed>) = 0 [pid 6591] <... mount resumed>) = 0 [pid 6598] close(3) = 0 [pid 6598] close(4) = 0 [pid 6598] mkdir("./file2", 0777 [pid 6599] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6598] <... mkdir resumed>) = 0 [pid 6597] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6595] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6591] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6598] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6591] <... openat resumed>) = 3 [pid 6597] <... openat resumed>) = 4 [pid 6591] chdir("./file2") = 0 [pid 6591] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6591] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] ioctl(4, LOOP_SET_FD, 3 [pid 6591] <... futex resumed>) = 1 [pid 6590] <... futex resumed>) = 0 [pid 6591] mkdir("./file3", 0777 [pid 6590] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.560135][ T6591] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 123.575641][ T6598] loop4: detected capacity change from 0 to 256 [pid 6590] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6599] memfd_create("syzkaller", 0) = 3 [pid 6599] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6599] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6597] <... ioctl resumed>) = 0 [pid 6599] <... write resumed>) = 131072 [pid 6597] close(3 [pid 6591] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6597] <... close resumed>) = 0 [pid 6599] munmap(0x7fbb60600000, 138412032) = 0 [pid 6597] close(4 [pid 6591] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6599] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6597] <... close resumed>) = 0 [pid 6599] <... openat resumed>) = 4 [pid 6597] mkdir("./file2", 0777 [ 123.606952][ T6597] loop2: detected capacity change from 0 to 256 [ 123.616443][ T6591] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.622740][ T6598] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.635015][ T6591] exFAT-fs (loop3): Filesystem has been set read-only [ 123.646918][ T6598] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6599] ioctl(4, LOOP_SET_FD, 3 [pid 6597] <... mkdir resumed>) = 0 [pid 6591] +++ killed by SIGSEGV +++ [pid 6590] <... futex resumed>) = ? [pid 6599] <... ioctl resumed>) = 0 [pid 6598] <... mount resumed>) = 0 [pid 6597] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6598] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6599] close(3 [pid 6598] <... openat resumed>) = 3 [pid 6599] <... close resumed>) = 0 [pid 6598] chdir("./file2" [pid 6599] close(4 [pid 6598] <... chdir resumed>) = 0 [pid 6599] <... close resumed>) = 0 [pid 6598] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6599] mkdir("./file2", 0777 [pid 6598] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6599] <... mkdir resumed>) = 0 [pid 6599] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6598] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6598] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6595] <... mount resumed>) = 0 [pid 6595] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6595] chdir("./file2") = 0 [pid 6594] <... futex resumed>) = 0 [pid 6595] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6594] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6590] +++ killed by SIGSEGV +++ [pid 6598] <... futex resumed>) = 0 [pid 6595] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6594] <... futex resumed>) = 1 [pid 6594] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6590, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6598] mkdir("./file3", 0777 [pid 6595] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6595] <... futex resumed>) = 1 [pid 6593] <... futex resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 6595] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6593] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6593] <... futex resumed>) = 0 [pid 6595] mkdir("./file3", 0777 [pid 6593] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 123.662601][ T6599] loop0: detected capacity change from 0 to 256 [ 123.669355][ T6595] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.683191][ T6595] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5821] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./71/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./71/file2") = 0 [pid 5821] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./71/binderfs", [pid 6594] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 123.718096][ T6598] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.727655][ T6595] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.738830][ T6595] exFAT-fs (loop1): Filesystem has been set read-only [ 123.747136][ T6597] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6594] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5821] unlink("./71/binderfs" [pid 6594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6593] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... unlink resumed>) = 0 [pid 6595] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6594] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6593] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6595] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6594] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5821] getdents64(3, [pid 6594] <... mprotect resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6594] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] close(3 [pid 6594] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... close resumed>) = 0 [pid 6594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5821] rmdir("./71" [pid 6593] <... futex resumed>) = ? [pid 5821] <... rmdir resumed>) = 0 [pid 6594] <... clone3 resumed> => {parent_tid=[6600]}, 88) = 6600 [pid 5821] mkdir("./72", 0777 [pid 6594] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... mkdir resumed>) = 0 [pid 6594] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6594] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 6595] +++ killed by SIGSEGV +++ [pid 6594] <... futex resumed>) = 0 [pid 6593] +++ killed by SIGSEGV +++ [pid 5821] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6600 attached [pid 6598] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6594] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... ioctl resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6593, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] close(3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] <... close resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6601 attached [pid 6600] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6598] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6601] set_robust_list(0x55555eedf6a0, 24 [pid 6600] <... rseq resumed>) = ? [pid 6594] <... futex resumed>) = ? [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6601 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6601] <... set_robust_list resumed>) = 0 [pid 6600] +++ killed by SIGSEGV +++ [pid 5819] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6601] chdir("./72") = 0 [pid 6598] +++ killed by SIGSEGV +++ [pid 6594] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6594, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5819] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./70/file2", [pid 5822] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 123.762811][ T6598] exFAT-fs (loop4): Filesystem has been set read-only [ 123.772976][ T6599] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 123.787511][ T6597] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6601] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6601] <... prctl resumed>) = 0 [pid 6599] <... mount resumed>) = 0 [pid 6597] <... mount resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6601] setpgid(0, 0 [pid 6597] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6601] <... setpgid resumed>) = 0 [pid 6599] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6597] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 5819] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6601] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6597] chdir("./file2" [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6599] <... openat resumed>) = 3 [pid 5822] getdents64(3, [pid 6601] <... openat resumed>) = 3 [pid 6599] chdir("./file2" [pid 6597] <... chdir resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6599] <... chdir resumed>) = 0 [pid 6597] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 4 [pid 6599] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5819] newfstatat(4, "", [pid 6601] write(3, "1000", 4 [pid 6597] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6599] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6599] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = 0 [pid 5819] getdents64(4, [pid 6601] <... write resumed>) = 4 [pid 6599] <... futex resumed>) = 1 [pid 6597] <... futex resumed>) = 1 [pid 6596] <... futex resumed>) = 0 [pid 6592] <... futex resumed>) = 0 [pid 6596] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6599] mkdir("./file3", 0777 [pid 6597] mkdir("./file3", 0777 [pid 6596] <... futex resumed>) = 0 [pid 6592] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6596] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(4, [pid 5822] newfstatat(AT_FDCWD, "./69/file2", [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] close(4 [pid 6592] <... futex resumed>) = 0 [pid 5822] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 123.810911][ T6599] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] rmdir("./70/file2" [pid 6592] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... rmdir resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5819] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(AT_FDCWD, "./70/binderfs", [pid 5822] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5819] unlink("./70/binderfs" [pid 6601] close(3 [pid 5819] <... unlink resumed>) = 0 [pid 6601] <... close resumed>) = 0 [pid 5822] rmdir("./69/file2" [pid 6601] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... rmdir resumed>) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3executing program [pid 6601] <... symlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6601] write(1, "executing program\n", 18) = 18 [pid 5822] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./70" [pid 6601] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... rmdir resumed>) = 0 [pid 6601] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5822] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5819] mkdir("./71", 0777 [pid 6601] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6601] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5822] unlink("./69/binderfs" [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6601] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [pid 5822] getdents64(3, [pid 5819] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6602 attached [pid 6601] <... mprotect resumed>) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./69") = 0 [pid 5822] mkdir("./70", 0777 [pid 6602] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... mkdir resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6602 [pid 6602] <... set_robust_list resumed>) = 0 [pid 6602] chdir("./71") = 0 [pid 6602] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6602] setpgid(0, 0) = 0 [pid 6602] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6601] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6596] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6596] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6596] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6596] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6596] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6596] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6603 attached => {parent_tid=[6603]}, 88) = 6603 [pid 6596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6596] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6596] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 123.844211][ T6599] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.853597][ T6597] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 123.873746][ T6597] exFAT-fs (loop2): Filesystem has been set read-only [pid 6603] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6602] <... openat resumed>) = 3 [pid 6603] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6602] write(3, "1000", 4 [pid 6603] openat(AT_FDCWD, ".", O_RDONLY [pid 6602] <... write resumed>) = 4 [pid 6601] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6592] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 6604 attached [pid 6603] <... openat resumed>) = 4 [pid 6602] close(3 [pid 6592] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6604] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6602] <... close resumed>) = 0 [pid 6601] <... clone3 resumed> => {parent_tid=[6604]}, 88) = 6604 [pid 6592] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6604] <... rseq resumed>) = 0 [pid 6603] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6602] symlink("/dev/binderfs", "./binderfs" [pid 6601] rt_sigprocmask(SIG_SETMASK, [], [pid 6597] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6592] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... ioctl resumed>) = 0 executing program [pid 6603] <... futex resumed>) = 1 [pid 6602] <... symlink resumed>) = 0 [pid 6601] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6596] <... futex resumed>) = 0 [pid 6592] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] close(3 [pid 6604] set_robust_list(0x7fbb68bde9a0, 24 [pid 6602] write(1, "executing program\n", 18 [pid 6601] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6597] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6596] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6592] ???( [pid 5822] <... close resumed>) = 0 [pid 6604] <... set_robust_list resumed>) = 0 [pid 6602] <... write resumed>) = 18 [pid 6601] <... futex resumed>) = 0 [pid 6599] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6596] <... futex resumed>) = 0 [pid 6592] <... ??? resumed>) = ? [pid 6603] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6602] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6601] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6599] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6597] +++ killed by SIGSEGV +++ [pid 6596] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6603] <... ioctl resumed>) = 0 [pid 6602] <... futex resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6603] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6602] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, ./strace-static-x86_64: Process 6605 attached [pid 6604] rt_sigprocmask(SIG_SETMASK, [], [pid 6602] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6592] +++ killed by SIGSEGV +++ [pid 6603] <... futex resumed>) = ? [pid 6602] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6604] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6596] <... futex resumed>) = ? [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6592, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6605] set_robust_list(0x55555eedf6a0, 24 [pid 6603] +++ killed by SIGSEGV +++ [pid 6602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6605] <... set_robust_list resumed>) = 0 [pid 6602] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6605] chdir("./70" [pid 6602] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6605 [pid 6605] <... chdir resumed>) = 0 [pid 6604] memfd_create("syzkaller", 0 [pid 6602] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6599] +++ killed by SIGSEGV +++ [pid 6596] +++ killed by SIGSEGV +++ [pid 5820] <... restart_syscall resumed>) = 0 [pid 6605] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6602] <... mprotect resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6596, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6605] <... prctl resumed>) = 0 [pid 6602] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6605] setpgid(0, 0 [pid 6602] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6605] <... setpgid resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./68", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6604] <... memfd_create resumed>) = 3 [pid 5820] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 3 [ 123.890703][ T6599] exFAT-fs (loop0): Filesystem has been set read-only [pid 5818] openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(3, "", [pid 5818] <... openat resumed>) = 3 [pid 6605] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(3, "", [pid 6604] <... mmap resumed>) = 0x7fbb60600000 [pid 6602] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6606 attached [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] getdents64(3, [pid 6606] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6605] <... openat resumed>) = 3 [pid 6602] <... clone3 resumed> => {parent_tid=[6606]}, 88) = 6606 [pid 5820] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6606] <... rseq resumed>) = 0 [pid 6605] write(3, "1000", 4 [pid 6602] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6606] set_robust_list(0x7fbb68bde9a0, 24 [pid 6605] <... write resumed>) = 4 [pid 6602] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6606] <... set_robust_list resumed>) = 0 [pid 6605] close(3 [pid 6602] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6606] rt_sigprocmask(SIG_SETMASK, [], [pid 6605] <... close resumed>) = 0 [pid 6604] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6602] <... futex resumed>) = 0 [pid 6606] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6605] symlink("/dev/binderfs", "./binderfs" [pid 6602] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6606] memfd_create("syzkaller", 0 [pid 6605] <... symlink resumed>) = 0 [pid 6604] <... write resumed>) = 131072 [pid 6606] <... memfd_create resumed>) = 3 [pid 6606] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6605] write(1, "executing program\n", 18executing program ) = 18 [pid 6604] munmap(0x7fbb60600000, 138412032 [pid 6605] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... munmap resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6606] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6605] <... futex resumed>) = 0 [pid 6604] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = 0 [pid 6606] <... write resumed>) = 131072 [pid 6605] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6605] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6604] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6606] munmap(0x7fbb60600000, 138412032 [pid 6605] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] newfstatat(AT_FDCWD, "./69/file2", [pid 5818] newfstatat(AT_FDCWD, "./68/file2", [pid 6604] ioctl(4, LOOP_SET_FD, 3 [pid 6606] <... munmap resumed>) = 0 [pid 6605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6605] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] umount2("./68/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6605] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6605] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./68/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6606] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6605] <... mprotect resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 4 [pid 6606] <... openat resumed>) = 4 [pid 6605] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 6606] ioctl(4, LOOP_SET_FD, 3 [pid 6605] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] newfstatat(4, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] close(4 [pid 6605] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] getdents64(4, [pid 5818] <... close resumed>) = 0 [pid 6604] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] rmdir("./68/file2" [pid 6605] <... clone3 resumed> => {parent_tid=[6607]}, 88) = 6607 [pid 5818] <... rmdir resumed>) = 0 [pid 6605] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6605] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(4, [pid 6605] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./68/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6605] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] close(4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6607 attached [pid 5820] <... close resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./68/binderfs", [pid 5820] rmdir("./69/file2" [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] unlink("./68/binderfs") = 0 [pid 6604] close(3 [pid 5818] getdents64(3, [pid 6604] <... close resumed>) = 0 [pid 6607] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6604] close(4 [pid 6607] <... rseq resumed>) = 0 [pid 5820] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3 [pid 6607] set_robust_list(0x7fbb68bde9a0, 24 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 6607] <... set_robust_list resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./69/binderfs", [pid 5818] rmdir("./68" [pid 6607] rt_sigprocmask(SIG_SETMASK, [], [pid 6604] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6607] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6604] mkdir("./file2", 0777 [pid 5820] unlink("./69/binderfs" [pid 6607] memfd_create("syzkaller", 0 [pid 6604] <... mkdir resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5818] mkdir("./69", 0777 [pid 6607] <... memfd_create resumed>) = 3 [pid 6604] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] getdents64(3, [pid 5818] <... mkdir resumed>) = 0 [pid 6607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6607] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] close(3) = 0 [pid 5820] rmdir("./69" [pid 6606] <... ioctl resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5820] mkdir("./70", 0777 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [ 123.971283][ T6604] loop3: detected capacity change from 0 to 256 [ 123.976690][ T6606] loop1: detected capacity change from 0 to 256 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3) = 0 [pid 6607] <... write resumed>) = 131072 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3) = 0 [pid 6607] munmap(0x7fbb60600000, 138412032) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6608 attached [pid 6607] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6606] close(3 [pid 6607] <... openat resumed>) = 4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6607] ioctl(4, LOOP_SET_FD, 3 [pid 6608] set_robust_list(0x55555eedf6a0, 24 [pid 6606] <... close resumed>) = 0 [pid 6606] close(4./strace-static-x86_64: Process 6609 attached ) = 0 [pid 6608] <... set_robust_list resumed>) = 0 [pid 6608] chdir("./69" [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6608 [pid 6609] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6608] <... chdir resumed>) = 0 [pid 6606] mkdir("./file2", 0777 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6609 [pid 6608] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6609] chdir("./70" [pid 6608] <... prctl resumed>) = 0 [pid 6609] <... chdir resumed>) = 0 [pid 6608] setpgid(0, 0) = 0 [pid 6609] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6609] <... prctl resumed>) = 0 [pid 6608] <... openat resumed>) = 3 [pid 6606] <... mkdir resumed>) = 0 [pid 6609] setpgid(0, 0) = 0 [pid 6608] write(3, "1000", 4 [pid 6609] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6608] <... write resumed>) = 4 [pid 6608] close(3 [pid 6606] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6609] <... openat resumed>) = 3 [pid 6608] <... close resumed>) = 0 [pid 6609] write(3, "1000", 4 [pid 6608] symlink("/dev/binderfs", "./binderfs" [pid 6609] <... write resumed>) = 4 [pid 6608] <... symlink resumed>) = 0 executing program [pid 6609] close(3 [pid 6608] write(1, "executing program\n", 18executing program [pid 6609] <... close resumed>) = 0 [pid 6608] <... write resumed>) = 18 [pid 6609] symlink("/dev/binderfs", "./binderfs" [pid 6608] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6609] <... symlink resumed>) = 0 [pid 6608] <... futex resumed>) = 0 [pid 6609] write(1, "executing program\n", 18 [pid 6608] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6609] <... write resumed>) = 18 [pid 6608] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6609] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6609] <... futex resumed>) = 0 [pid 6608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6609] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6607] <... ioctl resumed>) = 0 [pid 6609] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6608] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6609] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6608] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6608] <... mprotect resumed>) = 0 [pid 6609] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6608] rt_sigprocmask(SIG_BLOCK, ~[], [ 124.018513][ T6604] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.034221][ T6607] loop4: detected capacity change from 0 to 256 [pid 6607] close(3 [pid 6609] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6608] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6607] <... close resumed>) = 0 [pid 6609] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6607] close(4 [pid 6609] <... mprotect resumed>) = 0 [pid 6607] <... close resumed>) = 0 [pid 6609] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6607] mkdir("./file2", 0777 [pid 6608] <... clone3 resumed> => {parent_tid=[6610]}, 88) = 6610 [pid 6609] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6608] rt_sigprocmask(SIG_SETMASK, [], [pid 6609] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6608] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6611 attached [pid 6608] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... mkdir resumed>) = 0 [pid 6611] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6609] <... clone3 resumed> => {parent_tid=[6611]}, 88) = 6611 [pid 6608] <... futex resumed>) = 0 [pid 6611] <... rseq resumed>) = 0 [pid 6609] rt_sigprocmask(SIG_SETMASK, [], [pid 6608] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6607] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6611] set_robust_list(0x7fbb68bde9a0, 24 [pid 6609] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6611] <... set_robust_list resumed>) = 0 [pid 6609] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] rt_sigprocmask(SIG_SETMASK, [], [pid 6609] <... futex resumed>) = 0 [pid 6611] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6609] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6611] memfd_create("syzkaller", 0) = 3 [pid 6611] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 ./strace-static-x86_64: Process 6610 attached [pid 6611] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6610] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6604] <... mount resumed>) = 0 [pid 6610] <... rseq resumed>) = 0 [pid 6610] set_robust_list(0x7fbb68bde9a0, 24 [pid 6604] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6610] <... set_robust_list resumed>) = 0 [pid 6610] rt_sigprocmask(SIG_SETMASK, [], [pid 6604] <... openat resumed>) = 3 [pid 6610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6604] chdir("./file2" [pid 6611] munmap(0x7fbb60600000, 138412032 [pid 6610] memfd_create("syzkaller", 0 [pid 6604] <... chdir resumed>) = 0 [pid 6611] <... munmap resumed>) = 0 [pid 6610] <... memfd_create resumed>) = 3 [pid 6604] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6611] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6604] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6611] <... openat resumed>) = 4 [ 124.060886][ T6606] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.076249][ T6604] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.093631][ T6606] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6604] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6611] ioctl(4, LOOP_SET_FD, 3 [pid 6604] <... futex resumed>) = 1 [pid 6610] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6604] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6601] <... futex resumed>) = 0 [pid 6610] <... mmap resumed>) = 0x7fbb60600000 [pid 6601] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6604] mkdir("./file3", 0777 [pid 6601] <... futex resumed>) = 0 [pid 6601] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6610] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6611] <... ioctl resumed>) = 0 [pid 6610] <... write resumed>) = 131072 [pid 6606] <... mount resumed>) = 0 [pid 6604] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6606] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6606] chdir("./file2") = 0 [pid 6606] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6606] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] munmap(0x7fbb60600000, 138412032 [pid 6606] <... futex resumed>) = 1 [pid 6606] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6611] close(3) = 0 [pid 6611] close(4) = 0 [pid 6611] mkdir("./file2", 0777) = 0 [pid 6610] <... munmap resumed>) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6611] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6604] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6610] <... openat resumed>) = 4 [pid 6602] <... futex resumed>) = 0 [pid 6601] <... futex resumed>) = ? [ 124.107579][ T6607] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.110090][ T6611] loop2: detected capacity change from 0 to 256 [ 124.130672][ T6604] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.142496][ T6604] exFAT-fs (loop3): Filesystem has been set read-only [ 124.150169][ T6607] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6602] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] ioctl(4, LOOP_SET_FD, 3 [pid 6606] <... futex resumed>) = 0 [pid 6602] <... futex resumed>) = 1 [pid 6606] mkdir("./file3", 0777 [pid 6602] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6604] +++ killed by SIGSEGV +++ [pid 6601] +++ killed by SIGSEGV +++ [pid 6610] <... ioctl resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6601, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6610] close(3) = 0 [pid 6610] close(4 [pid 5821] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6606] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6610] <... close resumed>) = 0 [pid 6607] <... mount resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6610] mkdir("./file2", 0777 [pid 5821] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6607] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6610] <... mkdir resumed>) = 0 [pid 6607] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 6607] chdir("./file2" [pid 6606] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] newfstatat(3, "", [pid 6607] <... chdir resumed>) = 0 [pid 6602] <... futex resumed>) = ? [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6607] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6606] +++ killed by SIGSEGV +++ [pid 6602] +++ killed by SIGSEGV +++ [ 124.170560][ T6610] loop0: detected capacity change from 0 to 256 [ 124.172913][ T6606] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.188190][ T6606] exFAT-fs (loop1): Filesystem has been set read-only [ 124.200557][ T6611] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6610] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6607] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... umount2 resumed>) = 0 [pid 6607] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6602, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6607] <... futex resumed>) = 1 [pid 6605] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6607] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6605] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6607] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6605] <... futex resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./72/file2", [pid 6607] mkdir("./file3", 0777 [pid 6605] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 4 [pid 5819] newfstatat(3, "", [pid 5821] newfstatat(4, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 5821] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6611] <... mount resumed>) = 0 [pid 6611] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6611] <... openat resumed>) = 3 [pid 5821] getdents64(4, [pid 5819] <... umount2 resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6611] chdir("./file2" [pid 5821] close(4 [pid 6611] <... chdir resumed>) = 0 [pid 6607] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6611] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6607] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] rmdir("./72/file2" [pid 5819] newfstatat(AT_FDCWD, "./71/file2", [pid 6611] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6605] <... futex resumed>) = ? [ 124.221475][ T6611] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.236020][ T6607] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.255029][ T6607] exFAT-fs (loop4): Filesystem has been set read-only [pid 6611] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6611] <... futex resumed>) = 1 [pid 6609] <... futex resumed>) = 0 [pid 5821] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6611] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6609] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6611] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6609] <... futex resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6611] mkdir("./file3", 0777 [pid 6609] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5819] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5821] unlink("./72/binderfs" [pid 5819] newfstatat(4, "", [pid 5821] <... unlink resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 6607] +++ killed by SIGSEGV +++ [pid 6605] +++ killed by SIGSEGV +++ [pid 5821] getdents64(3, [pid 5819] <... close resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] rmdir("./71/file2" [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6605, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5822] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./70/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4 [pid 5821] close(3 [pid 5819] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5822] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] rmdir("./70/file2") = 0 [ 124.291289][ T6610] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.315702][ T6610] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.328155][ T6611] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5822] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./70/binderfs" [pid 6611] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... unlink resumed>) = 0 [pid 5821] rmdir("./72" [pid 5819] unlink("./71/binderfs" [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5822] rmdir("./70" [pid 5819] getdents64(3, [pid 6611] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6610] <... mount resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6610] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6609] <... futex resumed>) = ? [pid 5822] <... rmdir resumed>) = 0 [pid 5821] mkdir("./73", 0777 [pid 5819] close(3 [pid 5822] mkdir("./71", 0777) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6611] +++ killed by SIGSEGV +++ [pid 6610] <... openat resumed>) = 3 [pid 6609] +++ killed by SIGSEGV +++ [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... openat resumed>) = 3 [pid 5819] <... close resumed>) = 0 [pid 6610] chdir("./file2" [pid 5819] rmdir("./71" [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6609, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3 [pid 6610] <... chdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6610] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] close(3 [pid 6610] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6610] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 124.339265][ T6611] exFAT-fs (loop2): Filesystem has been set read-only [pid 6610] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6608] <... futex resumed>) = 0 [pid 5820] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] mkdir("./72", 0777 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6608] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6610] <... futex resumed>) = 0 [pid 6608] <... futex resumed>) = 1 [pid 6610] mkdir("./file3", 0777 [pid 6608] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... mkdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6612 attached [pid 5820] newfstatat(3, "", [pid 5819] <... openat resumed>) = 3 [pid 6612] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 6613 attached ) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6612 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6613 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6612] chdir("./71") = 0 [pid 5820] getdents64(3, [pid 5819] <... ioctl resumed>) = 0 [pid 6613] set_robust_list(0x55555eedf6a0, 24 [pid 6612] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6613] <... set_robust_list resumed>) = 0 [pid 6612] <... prctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] close(3 [pid 6613] chdir("./73" [pid 6612] setpgid(0, 0 [pid 5820] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... close resumed>) = 0 [pid 6613] <... chdir resumed>) = 0 [pid 6612] <... setpgid resumed>) = 0 [pid 6612] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6610] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6613] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6612] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6614 attached [pid 6610] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6613] <... prctl resumed>) = 0 [pid 6612] write(3, "1000", 4 [pid 5820] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6612] <... write resumed>) = 4 [pid 6612] close(3) = 0 [pid 6612] symlink("/dev/binderfs", "./binderfs" [pid 6613] setpgid(0, 0 [pid 6608] <... futex resumed>) = ? [ 124.372280][ T6610] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.387201][ T6610] exFAT-fs (loop0): Filesystem has been set read-only [pid 6614] set_robust_list(0x55555eedf6a0, 24 [pid 6613] <... setpgid resumed>) = 0 [pid 6612] <... symlink resumed>) = 0 [pid 6610] +++ killed by SIGSEGV +++ [pid 6608] +++ killed by SIGSEGV +++ [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6614 [pid 6613] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6608, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6613] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6613] write(3, "1000", 4) = 4 [pid 5820] newfstatat(AT_FDCWD, "./70/file2", [pid 6613] close(3 [pid 6614] <... set_robust_list resumed>) = 0 [pid 6613] <... close resumed>) = 0 executing program [pid 6612] write(1, "executing program\n", 18 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6614] chdir("./72" [pid 6613] symlink("/dev/binderfs", "./binderfs" [pid 5818] <... restart_syscall resumed>) = 0 [pid 6614] <... chdir resumed>) = 0 [pid 6613] <... symlink resumed>) = 0 [pid 6612] <... write resumed>) = 18 [pid 5820] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6614] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6613] write(1, "executing program\n", 18 [pid 6612] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6614] <... prctl resumed>) = 0 [pid 6612] <... futex resumed>) = 0 executing program [pid 5818] umount2("./69", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6614] setpgid(0, 0 [pid 6613] <... write resumed>) = 18 [pid 5820] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6613] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 4 [pid 5818] openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6612] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6614] <... setpgid resumed>) = 0 [pid 6613] <... futex resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5818] <... openat resumed>) = 3 [pid 6614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6613] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6612] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] newfstatat(3, "", [pid 6614] <... openat resumed>) = 3 [pid 6613] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6612] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6614] write(3, "1000", 4 [pid 6613] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] getdents64(3, [pid 6614] <... write resumed>) = 4 [pid 6613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6614] close(3 [pid 6613] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6612] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 6614] <... close resumed>) = 0 [pid 6613] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6612] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... umount2 resumed>) = 0 [pid 6614] symlink("/dev/binderfs", "./binderfs" [pid 6612] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] getdents64(4, [pid 5818] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6614] <... symlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6613] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6612] <... mprotect resumed>) = 0 [pid 5820] close(4 [pid 5818] newfstatat(AT_FDCWD, "./69/file2", [pid 6614] write(1, "executing program\n", 18) = 18 [pid 6613] <... mprotect resumed>) = 0 [pid 6612] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6614] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] rmdir("./70/file2" [pid 6614] <... futex resumed>) = 0 [pid 5818] umount2("./69/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6614] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6613] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./69/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6614] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6613] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6612] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 4 [pid 6614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6613] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6612] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] newfstatat(AT_FDCWD, "./70/binderfs", [pid 5818] newfstatat(4, "", [pid 6614] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6615 attached ./strace-static-x86_64: Process 6616 attached [pid 6615] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6612] <... clone3 resumed> => {parent_tid=[6615]}, 88) = 6615 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6615] <... rseq resumed>) = 0 [pid 6614] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6612] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] unlink("./70/binderfs" [pid 6615] set_robust_list(0x7fbb68bde9a0, 24 [pid 6614] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6613] <... clone3 resumed> => {parent_tid=[6616]}, 88) = 6616 [pid 6612] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] getdents64(4, [pid 6616] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6615] <... set_robust_list resumed>) = 0 [pid 6614] <... mprotect resumed>) = 0 [pid 6613] rt_sigprocmask(SIG_SETMASK, [], [pid 6612] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... unlink resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6616] <... rseq resumed>) = 0 [pid 6615] rt_sigprocmask(SIG_SETMASK, [], [pid 6613] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6612] <... futex resumed>) = 0 [pid 5818] getdents64(4, [pid 6616] set_robust_list(0x7fbb68bde9a0, 24 [pid 6615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6614] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6613] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6612] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6616] <... set_robust_list resumed>) = 0 [pid 6615] memfd_create("syzkaller", 0 [pid 6614] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6613] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 6616] rt_sigprocmask(SIG_SETMASK, [], [pid 6615] <... memfd_create resumed>) = 3 [pid 6614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6613] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] close(3./strace-static-x86_64: Process 6617 attached [pid 6616] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6617] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6616] memfd_create("syzkaller", 0 [pid 6615] <... mmap resumed>) = 0x7fbb60600000 [pid 6614] <... clone3 resumed> => {parent_tid=[6617]}, 88) = 6617 [pid 5820] rmdir("./70" [pid 5818] rmdir("./69/file2" [pid 6617] <... rseq resumed>) = 0 [pid 6616] <... memfd_create resumed>) = 3 [pid 6614] rt_sigprocmask(SIG_SETMASK, [], [pid 6617] set_robust_list(0x7fbb68bde9a0, 24 [pid 6616] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6616] <... mmap resumed>) = 0x7fbb60600000 [pid 6617] <... set_robust_list resumed>) = 0 [pid 6615] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] mkdir("./71", 0777 [pid 5818] umount2("./69/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6617] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6617] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6614] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6614] <... futex resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6617] memfd_create("syzkaller", 0 [pid 6616] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6614] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./69/binderfs" [pid 6617] <... memfd_create resumed>) = 3 [pid 6616] <... write resumed>) = 131072 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... unlink resumed>) = 0 [pid 6617] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6616] munmap(0x7fbb60600000, 138412032 [pid 6615] <... write resumed>) = 131072 [pid 5820] <... openat resumed>) = 3 [pid 5818] getdents64(3, [pid 6616] <... munmap resumed>) = 0 [pid 6615] munmap(0x7fbb60600000, 138412032 [pid 6617] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6616] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... ioctl resumed>) = 0 [pid 5818] close(3 [pid 5820] close(3 [pid 6617] <... write resumed>) = 131072 [pid 6616] <... openat resumed>) = 4 [pid 6615] <... munmap resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6617] munmap(0x7fbb60600000, 138412032) = 0 [pid 6615] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6617] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6616] ioctl(4, LOOP_SET_FD, 3 [pid 6615] <... openat resumed>) = 4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] rmdir("./69" [pid 6617] <... openat resumed>) = 4 [pid 6616] <... ioctl resumed>) = 0 [pid 6615] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6618 attached [pid 6617] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6618] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... rmdir resumed>) = 0 [pid 6618] <... set_robust_list resumed>) = 0 executing program [pid 6618] chdir("./71" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6618 [pid 6618] <... chdir resumed>) = 0 [pid 6618] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6618] setpgid(0, 0) = 0 [pid 6618] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6618] write(3, "1000", 4) = 4 [pid 6618] close(3) = 0 [pid 6618] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6618] write(1, "executing program\n", 18) = 18 [pid 6618] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] mkdir("./70", 0777 [pid 6618] <... futex resumed>) = 0 [pid 6618] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6618] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6618] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6618] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6618] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6618] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6619 attached => {parent_tid=[6619]}, 88) = 6619 [pid 6617] close(3 [pid 6616] close(3 [pid 6615] <... ioctl resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6618] rt_sigprocmask(SIG_SETMASK, [], [pid 6616] <... close resumed>) = 0 [pid 6618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6616] close(4 [pid 6618] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... close resumed>) = 0 [pid 6616] <... close resumed>) = 0 [pid 6618] <... futex resumed>) = 0 [pid 6617] close(4 [pid 6616] mkdir("./file2", 0777 [pid 5818] <... openat resumed>) = 3 [pid 6618] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6617] <... close resumed>) = 0 [pid 6616] <... mkdir resumed>) = 0 [pid 6615] close(3 [pid 6619] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6617] mkdir("./file2", 0777 [pid 6615] <... close resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6619] <... rseq resumed>) = 0 [pid 6616] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6619] set_robust_list(0x7fbb68bde9a0, 24 [pid 6615] close(4 [pid 6619] <... set_robust_list resumed>) = 0 [pid 6617] <... mkdir resumed>) = 0 [pid 6615] <... close resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6619] rt_sigprocmask(SIG_SETMASK, [], [pid 6615] mkdir("./file2", 0777 [pid 5818] close(3 [pid 6619] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6617] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6615] <... mkdir resumed>) = 0 [pid 6619] memfd_create("syzkaller", 0 [pid 5818] <... close resumed>) = 0 [ 124.520288][ T6616] loop3: detected capacity change from 0 to 256 [ 124.529789][ T6617] loop1: detected capacity change from 0 to 256 [ 124.530699][ T6615] loop4: detected capacity change from 0 to 256 [pid 6619] <... memfd_create resumed>) = 3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6619] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6615] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6619] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6620 ./strace-static-x86_64: Process 6620 attached [pid 6619] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6620] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6619] <... write resumed>) = 131072 [pid 6619] munmap(0x7fbb60600000, 138412032 [pid 6620] chdir("./70" [pid 6619] <... munmap resumed>) = 0 [pid 6620] <... chdir resumed>) = 0 [pid 6620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6620] setpgid(0, 0) = 0 [pid 6620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6619] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6619] ioctl(4, LOOP_SET_FD, 3 [pid 6620] <... openat resumed>) = 3 executing program [pid 6620] write(3, "1000", 4) = 4 [pid 6620] close(3) = 0 [pid 6620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6620] write(1, "executing program\n", 18) = 18 [pid 6620] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6620] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [ 124.587950][ T6616] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.613635][ T6619] loop2: detected capacity change from 0 to 256 [ 124.625948][ T6615] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6621]}, 88) = 6621 [pid 6620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6620] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6620] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6619] <... ioctl resumed>) = 0 [pid 6619] close(3) = 0 [pid 6619] close(4) = 0 [pid 6619] mkdir("./file2", 0777) = 0 ./strace-static-x86_64: Process 6621 attached [pid 6619] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6621] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6621] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6621] memfd_create("syzkaller", 0) = 3 [pid 6621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 124.630286][ T6617] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.642447][ T6616] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.669784][ T6615] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6621] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6615] <... mount resumed>) = 0 [pid 6615] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6616] <... mount resumed>) = 0 [pid 6615] chdir("./file2" [pid 6616] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6615] <... chdir resumed>) = 0 [pid 6615] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6621] <... write resumed>) = 131072 [pid 6615] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6616] <... openat resumed>) = 3 [pid 6616] chdir("./file2") = 0 [pid 6616] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6616] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6616] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6615] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6615] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6612] <... futex resumed>) = 0 [pid 6612] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6615] <... futex resumed>) = 0 [pid 6612] <... futex resumed>) = 1 [pid 6615] mkdir("./file3", 0777 [pid 6612] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] munmap(0x7fbb60600000, 138412032 [pid 6613] <... futex resumed>) = 0 [pid 6613] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6617] <... mount resumed>) = 0 [pid 6616] <... futex resumed>) = 0 [pid 6613] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6621] <... munmap resumed>) = 0 [pid 6617] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6616] mkdir("./file3", 0777 [pid 6617] <... openat resumed>) = 3 [ 124.682063][ T6617] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.695343][ T6619] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.713166][ T6619] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.722444][ T6615] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6617] chdir("./file2" [pid 6621] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6617] <... chdir resumed>) = 0 [pid 6617] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6617] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6617] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6619] <... mount resumed>) = 0 [pid 6619] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6619] chdir("./file2") = 0 [pid 6619] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6619] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6614] <... futex resumed>) = 0 [pid 6614] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6617] <... futex resumed>) = 0 [pid 6614] <... futex resumed>) = 1 [pid 6617] mkdir("./file3", 0777 [pid 6621] <... openat resumed>) = 4 [pid 6615] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6614] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6619] <... futex resumed>) = 1 [pid 6619] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6618] <... futex resumed>) = 0 [pid 6618] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6621] ioctl(4, LOOP_SET_FD, 3 [pid 6619] <... futex resumed>) = 0 [pid 6618] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6617] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6616] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6615] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6612] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6619] mkdir("./file3", 0777 [pid 6617] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6614] <... futex resumed>) = ? [ 124.735187][ T6616] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.743454][ T6615] exFAT-fs (loop4): Filesystem has been set read-only [ 124.749553][ T6617] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.752706][ T6616] exFAT-fs (loop3): Filesystem has been set read-only [ 124.761743][ T6617] exFAT-fs (loop1): Filesystem has been set read-only [ 124.774902][ T6621] loop0: detected capacity change from 0 to 256 [pid 6621] <... ioctl resumed>) = 0 [pid 6617] +++ killed by SIGSEGV +++ [pid 6616] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6614] +++ killed by SIGSEGV +++ [pid 6613] <... futex resumed>) = 0 [pid 6621] close(3 [pid 6615] +++ killed by SIGSEGV +++ [pid 6612] +++ killed by SIGSEGV +++ [pid 6621] <... close resumed>) = 0 [pid 6619] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6621] close(4 [pid 6616] +++ killed by SIGSEGV +++ [pid 6619] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6613] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6614, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6612, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... restart_syscall resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6613, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6621] <... close resumed>) = 0 [pid 6618] <... futex resumed>) = ? [pid 6621] mkdir("./file2", 0777 [pid 6619] +++ killed by SIGSEGV +++ [pid 6618] +++ killed by SIGSEGV +++ [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6618, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5821] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(3, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5822] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(3, "", [pid 5821] getdents64(3, [pid 5822] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] newfstatat(3, "", [pid 6621] <... mkdir resumed>) = 0 [pid 5819] getdents64(3, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] getdents64(3, [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6621] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 4 [pid 5822] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./71/file2", [pid 5821] newfstatat(4, "", [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 124.782718][ T6619] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 124.792555][ T6619] exFAT-fs (loop2): Filesystem has been set read-only [pid 5820] getdents64(3, [pid 5822] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(AT_FDCWD, "./72/file2", [pid 5822] <... openat resumed>) = 4 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] newfstatat(4, "", [pid 5819] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] getdents64(4, [pid 5819] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... openat resumed>) = 4 [pid 5822] getdents64(4, [pid 5819] newfstatat(4, "", [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] close(4 [pid 5819] getdents64(4, [pid 5822] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] rmdir("./71/file2" [pid 5819] getdents64(4, [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5822] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./72/file2" [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(4, [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] newfstatat(AT_FDCWD, "./71/file2", [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] unlink("./71/binderfs" [pid 5820] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", [pid 5819] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5822] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(4, [pid 5819] unlink("./72/binderfs" [pid 5822] close(3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... unlink resumed>) = 0 [pid 5822] rmdir("./71" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5820] close(4 [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./73/file2" [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] rmdir("./71/file2" [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6621] <... mount resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(3 [pid 6621] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] newfstatat(AT_FDCWD, "./73/binderfs", [pid 6621] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... close resumed>) = 0 [pid 5822] mkdir("./72", 0777 [pid 5821] unlink("./73/binderfs" [pid 5820] <... rmdir resumed>) = 0 [pid 5819] rmdir("./72" [pid 6621] chdir("./file2" [pid 5821] <... unlink resumed>) = 0 [pid 6621] <... chdir resumed>) = 0 [pid 5821] getdents64(3, [pid 6621] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6621] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] close(3) = 0 [pid 5821] rmdir("./73") = 0 [pid 6621] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] mkdir("./74", 0777) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 6621] <... futex resumed>) = 1 [pid 6620] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6620] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 6621] mkdir("./file3", 0777 [pid 6620] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5819] mkdir("./73", 0777 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] unlink("./71/binderfs" [pid 5819] <... mkdir resumed>) = 0 [pid 5822] close(3 [pid 5820] <... unlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] getdents64(3, [pid 5821] close(3 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./71"./strace-static-x86_64: Process 6622 attached [pid 6620] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... close resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [ 124.843962][ T6621] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 124.860118][ T6621] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 124.882291][ T6621] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6622 [pid 5820] mkdir("./72", 0777 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5820] <... openat resumed>) = 3 [pid 5819] <... ioctl resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] close(3 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6623 [pid 6622] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 6623 attached ) = 0 [pid 6621] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6623] set_robust_list(0x55555eedf6a0, 24 [pid 5820] close(3 [pid 6623] <... set_robust_list resumed>) = 0 [pid 6622] chdir("./72" [pid 6621] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... close resumed>) = 0 [pid 6622] <... chdir resumed>) = 0 [pid 6620] <... futex resumed>) = ? [pid 6623] chdir("./74" [pid 6622] prctl(PR_SET_PDEATHSIG, SIGKILLexecuting program [pid 6621] +++ killed by SIGSEGV +++ [pid 6620] +++ killed by SIGSEGV +++ [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6623] <... chdir resumed>) = 0 [pid 6622] <... prctl resumed>) = 0 [pid 6623] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6622] setpgid(0, 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6620, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6623] <... prctl resumed>) = 0 [pid 6622] <... setpgid resumed>) = 0 [pid 6623] setpgid(0, 0 [pid 6622] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6623] <... setpgid resumed>) = 0 [pid 6622] <... openat resumed>) = 3 [pid 6623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6622] write(3, "1000", 4./strace-static-x86_64: Process 6624 attached ) = 4 [pid 5818] umount2("./70", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6622] close(3) = 0 [pid 6622] symlink("/dev/binderfs", "./binderfs" [pid 6623] <... openat resumed>) = 3 [pid 6622] <... symlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6625 attached [pid 6624] set_robust_list(0x55555eedf6a0, 24 [pid 6622] write(1, "executing program\n", 18 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6624 [pid 5818] openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6623] write(3, "1000", 4 [pid 6622] <... write resumed>) = 18 [pid 6623] <... write resumed>) = 4 [pid 6622] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... openat resumed>) = 3 [pid 6623] close(3 [pid 6622] <... futex resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 6624] <... set_robust_list resumed>) = 0 [pid 6623] <... close resumed>) = 0 [pid 6622] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6624] chdir("./73" [pid 6623] symlink("/dev/binderfs", "./binderfs" [pid 6622] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6623] <... symlink resumed>) = 0 [pid 6622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] getdents64(3, [pid 6622] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6625] set_robust_list(0x55555eedf6a0, 24 [pid 6624] <... chdir resumed>) = 0 [pid 6622] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6625 [pid 5818] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6625] <... set_robust_list resumed>) = 0 [pid 6624] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6623] write(1, "executing program\n", 18 [pid 6622] <... mprotect resumed>) = 0 [pid 6624] <... prctl resumed>) = 0 [pid 6623] <... write resumed>) = 18 [pid 6622] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6623] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6622] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6623] <... futex resumed>) = 0 [pid 6622] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6626 attached [pid 6623] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6626] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6623] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6622] <... clone3 resumed> => {parent_tid=[6626]}, 88) = 6626 [pid 6626] <... rseq resumed>) = 0 [pid 6623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6622] rt_sigprocmask(SIG_SETMASK, [], [pid 6626] set_robust_list(0x7fbb68bde9a0, 24 [pid 6623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6626] <... set_robust_list resumed>) = 0 [pid 6625] chdir("./72" [pid 6624] setpgid(0, 0 [pid 6623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6622] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6626] rt_sigprocmask(SIG_SETMASK, [], [pid 6623] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6624] <... setpgid resumed>) = 0 [pid 6622] <... futex resumed>) = 0 [pid 6626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6623] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6622] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6626] memfd_create("syzkaller", 0 [pid 6625] <... chdir resumed>) = 0 [pid 6624] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6623] <... mprotect resumed>) = 0 [pid 6626] <... memfd_create resumed>) = 3 [pid 6626] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6625] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6626] <... mmap resumed>) = 0x7fbb60600000 [pid 6625] <... prctl resumed>) = 0 [pid 6624] <... openat resumed>) = 3 [pid 6623] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6626] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6625] setpgid(0, 0 [pid 6624] write(3, "1000", 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6625] <... setpgid resumed>) = 0 [pid 6624] <... write resumed>) = 4 [pid 5818] newfstatat(AT_FDCWD, "./70/file2", [pid 6624] close(3 [pid 6623] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6624] <... close resumed>) = 0 [pid 6623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6627 attached [pid 6625] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6624] symlink("/dev/binderfs", "./binderfs" [pid 5818] umount2("./70/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6627] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6626] munmap(0x7fbb60600000, 138412032 [pid 6623] <... clone3 resumed> => {parent_tid=[6627]}, 88) = 6627 [pid 6627] <... rseq resumed>) = 0 [pid 6626] <... munmap resumed>) = 0 [pid 6624] <... symlink resumed>) = 0 [pid 6623] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6627] set_robust_list(0x7fbb68bde9a0, 24 [pid 6623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6623] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6625] <... openat resumed>) = 3 executing program [pid 6627] <... set_robust_list resumed>) = 0 [pid 6624] write(1, "executing program\n", 18 [pid 6623] <... futex resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./70/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6627] rt_sigprocmask(SIG_SETMASK, [], [pid 6626] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6625] write(3, "1000", 4 [pid 6624] <... write resumed>) = 18 [pid 6623] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6627] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6626] <... openat resumed>) = 4 [pid 6624] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... openat resumed>) = 4 [pid 6627] memfd_create("syzkaller", 0 [ 124.893874][ T6621] exFAT-fs (loop0): Filesystem has been set read-only [pid 6626] ioctl(4, LOOP_SET_FD, 3 [pid 6625] <... write resumed>) = 4 [pid 6624] <... futex resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6625] close(3 [pid 6624] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6625] <... close resumed>) = 0 [pid 6624] <... rt_sigaction resumed>NULL, 8) = 0 executing program [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6627] <... memfd_create resumed>) = 3 [pid 6626] <... ioctl resumed>) = 0 [pid 6625] symlink("/dev/binderfs", "./binderfs" [pid 5818] getdents64(4, [pid 6627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6624] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6627] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6627] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6625] <... symlink resumed>) = 0 [pid 6624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] getdents64(4, [pid 6627] <... write resumed>) = 131072 [pid 6625] write(1, "executing program\n", 18 [pid 6624] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6627] munmap(0x7fbb60600000, 138412032 [pid 6624] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] close(4 [pid 6625] <... write resumed>) = 18 [pid 6624] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... close resumed>) = 0 [pid 6627] <... munmap resumed>) = 0 [pid 6625] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6624] <... mprotect resumed>) = 0 [pid 5818] rmdir("./70/file2" [pid 6625] <... futex resumed>) = 0 [pid 6627] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6626] close(3 [pid 6627] ioctl(4, LOOP_SET_FD, 3 [pid 6626] <... close resumed>) = 0 [pid 6626] close(4 [pid 6625] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6624] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... rmdir resumed>) = 0 [pid 6625] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6625] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6626] <... close resumed>) = 0 [pid 6625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6626] mkdir("./file2", 0777) = 0 [pid 6626] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6625] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6627] <... ioctl resumed>) = 0 [pid 6625] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6624] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] umount2("./70/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6625] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6627] close(3) = 0 [pid 6624] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 124.946724][ T6626] loop4: detected capacity change from 0 to 256 [ 124.963242][ T6627] loop3: detected capacity change from 0 to 256 [pid 6627] close(4 [pid 6625] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] newfstatat(AT_FDCWD, "./70/binderfs", ./strace-static-x86_64: Process 6628 attached [pid 6625] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6628] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6627] <... close resumed>) = 0 [pid 6625] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6624] <... clone3 resumed> => {parent_tid=[6628]}, 88) = 6628 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6628] <... rseq resumed>) = 0 [pid 6624] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] unlink("./70/binderfs"./strace-static-x86_64: Process 6629 attached [pid 6628] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6629] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6628] rt_sigprocmask(SIG_SETMASK, [], [pid 6627] mkdir("./file2", 0777 [pid 6625] <... clone3 resumed> => {parent_tid=[6629]}, 88) = 6629 [pid 6624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6629] <... rseq resumed>) = 0 [pid 6628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6625] rt_sigprocmask(SIG_SETMASK, [], [pid 6627] <... mkdir resumed>) = 0 [pid 6624] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] getdents64(3, [pid 6628] memfd_create("syzkaller", 0 [pid 6625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6624] <... futex resumed>) = 0 [pid 6629] set_robust_list(0x7fbb68bde9a0, 24 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6629] <... set_robust_list resumed>) = 0 [pid 6625] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6629] rt_sigprocmask(SIG_SETMASK, [], [pid 6627] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6625] <... futex resumed>) = 0 [pid 6624] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] close(3 [pid 6629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6628] <... memfd_create resumed>) = 3 [pid 6625] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6629] memfd_create("syzkaller", 0 [pid 6628] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] <... close resumed>) = 0 [pid 6628] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] rmdir("./70") = 0 [pid 5818] mkdir("./71", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6630 attached , child_tidptr=0x55555eedf690) = 6630 [pid 6630] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6630] chdir("./71" [pid 6629] <... memfd_create resumed>) = 3 [pid 6628] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6630] <... chdir resumed>) = 0 [pid 6629] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6630] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6630] setpgid(0, 0) = 0 [pid 6630] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6630] write(3, "1000", 4) = 4 [pid 6630] close(3) = 0 [pid 6630] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6630] write(1, "executing program\n", 18) = 18 [pid 6629] <... mmap resumed>) = 0x7fbb60600000 [pid 6630] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6630] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6630] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6630] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [ 124.993994][ T6626] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6630] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6629] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6628] <... write resumed>) = 131072 [pid 6630] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6631]}, 88) = 6631 [pid 6630] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6630] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6630] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6631 attached [pid 6631] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6629] <... write resumed>) = 131072 [pid 6628] munmap(0x7fbb60600000, 138412032 [pid 6631] <... rseq resumed>) = 0 [pid 6631] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6631] memfd_create("syzkaller", 0) = 3 [pid 6631] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6631] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6628] <... munmap resumed>) = 0 [pid 6631] <... write resumed>) = 131072 [pid 6629] munmap(0x7fbb60600000, 138412032 [pid 6631] munmap(0x7fbb60600000, 138412032 [pid 6629] <... munmap resumed>) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6629] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6631] <... munmap resumed>) = 0 [pid 6628] <... openat resumed>) = 4 [ 125.035886][ T6626] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.062474][ T6627] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.077581][ T6628] loop1: detected capacity change from 0 to 256 [pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6628] ioctl(4, LOOP_SET_FD, 3 [pid 6631] <... openat resumed>) = 4 [pid 6631] ioctl(4, LOOP_SET_FD, 3 [pid 6629] <... openat resumed>) = 4 [pid 6629] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6626] <... mount resumed>) = 0 [pid 6626] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6626] chdir("./file2" [pid 6631] <... ioctl resumed>) = 0 [pid 6626] <... chdir resumed>) = 0 [pid 6631] close(3 [pid 6626] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6631] <... close resumed>) = 0 [pid 6626] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6631] close(4 [pid 6626] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... close resumed>) = 0 [pid 6626] <... futex resumed>) = 1 [pid 6622] <... futex resumed>) = 0 [pid 6631] mkdir("./file2", 0777 [pid 6626] mkdir("./file3", 0777 [pid 6622] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] <... mkdir resumed>) = 0 [pid 6622] <... futex resumed>) = 0 [pid 6622] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6631] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6628] <... ioctl resumed>) = 0 [pid 6628] close(3) = 0 [ 125.078297][ T6631] loop0: detected capacity change from 0 to 256 [ 125.092304][ T6629] loop2: detected capacity change from 0 to 256 [ 125.093423][ T6627] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.115885][ T6626] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6628] close(4) = 0 [pid 6628] mkdir("./file2", 0777 [pid 6629] close(3 [pid 6626] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6629] <... close resumed>) = 0 [pid 6628] <... mkdir resumed>) = 0 [pid 6627] <... mount resumed>) = 0 [pid 6629] close(4 [pid 6628] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6627] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6629] <... close resumed>) = 0 [pid 6627] <... openat resumed>) = 3 [pid 6627] chdir("./file2" [pid 6629] mkdir("./file2", 0777 [pid 6627] <... chdir resumed>) = 0 [pid 6627] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6629] <... mkdir resumed>) = 0 [pid 6627] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6629] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6627] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6627] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6626] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6623] <... futex resumed>) = 0 [pid 6622] <... futex resumed>) = ? [pid 6623] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6627] <... futex resumed>) = 0 [pid 6623] <... futex resumed>) = 1 [pid 6627] mkdir("./file3", 0777 [ 125.134522][ T6626] exFAT-fs (loop4): Filesystem has been set read-only [pid 6623] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6626] +++ killed by SIGSEGV +++ [pid 6622] +++ killed by SIGSEGV +++ [ 125.166805][ T6631] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.174116][ T6628] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.180042][ T6627] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.196248][ T6629] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6623] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6622, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6623] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 5822] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6623] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5822] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6623] <... clone3 resumed> => {parent_tid=[6632]}, 88) = 6632 [pid 5822] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 6623] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] getdents64(3, [pid 6628] <... mount resumed>) = 0 [pid 6628] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6623] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6628] <... openat resumed>) = 3 [pid 6623] <... futex resumed>) = 0 [pid 5822] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6628] chdir("./file2"./strace-static-x86_64: Process 6632 attached ) = 0 [pid 6623] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6629] <... mount resumed>) = 0 [pid 6628] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6632] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6632] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6632] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6632] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6623] <... futex resumed>) = 0 [pid 6623] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6623] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6632] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 6632] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] <... futex resumed>) = 0 [pid 6632] <... futex resumed>) = 1 [pid 6632] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6627] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = 0 [pid 6631] <... mount resumed>) = 0 [pid 6629] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6628] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6627] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6631] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6628] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] ???( [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6632] <... futex resumed>) = ? [pid 6631] <... openat resumed>) = 3 [pid 6629] <... openat resumed>) = 3 [pid 6628] <... futex resumed>) = 1 [pid 6624] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./72/file2", [pid 6632] +++ killed by SIGSEGV +++ [pid 6631] chdir("./file2" [pid 6629] chdir("./file2" [pid 6628] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6624] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6631] <... chdir resumed>) = 0 [pid 6629] <... chdir resumed>) = 0 [pid 6628] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6624] <... futex resumed>) = 0 [pid 6631] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6629] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6628] mkdir("./file3", 0777 [pid 6624] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6631] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6629] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6629] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [ 125.215891][ T6628] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.223084][ T6631] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.235324][ T6629] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.248881][ T6627] exFAT-fs (loop3): Filesystem has been set read-only [pid 5822] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6629] <... futex resumed>) = 1 [pid 6625] <... futex resumed>) = 0 [pid 6629] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6631] <... futex resumed>) = 1 [pid 6630] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 6630] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6631] mkdir("./file3", 0777 [pid 6630] <... futex resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 6630] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6627] +++ killed by SIGSEGV +++ [pid 6625] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6623] +++ killed by SIGSEGV +++ [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6629] <... futex resumed>) = 0 [pid 6625] <... futex resumed>) = 1 [pid 5822] getdents64(4, [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6623, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6629] mkdir("./file3", 0777 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6625] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./72/file2") = 0 [pid 5822] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./72/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./72") = 0 [pid 5822] mkdir("./73", 0777) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6629] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6628] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... openat resumed>) = 3 [pid 6629] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6628] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 125.274147][ T6628] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.287184][ T6631] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.287379][ T6629] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.302857][ T6628] exFAT-fs (loop1): Filesystem has been set read-only [ 125.306132][ T6629] exFAT-fs (loop2): Filesystem has been set read-only [pid 5821] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6631] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6624] <... futex resumed>) = ? [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6631] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3executing program ) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6633 attached [pid 6633] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6633 [pid 6633] <... set_robust_list resumed>) = 0 [pid 6633] chdir("./73") = 0 [pid 6633] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6633] setpgid(0, 0) = 0 [pid 6633] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6633] write(3, "1000", 4) = 4 [pid 6633] close(3) = 0 [pid 6633] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6633] write(1, "executing program\n", 18) = 18 [pid 6633] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6633] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6633] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6633] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6633] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6630] <... futex resumed>) = ? [pid 6628] +++ killed by SIGSEGV +++ [pid 6625] <... futex resumed>) = ? [pid 6624] +++ killed by SIGSEGV +++ [pid 5821] <... openat resumed>) = 3 [pid 6633] <... mprotect resumed>) = 0 [pid 6631] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6624, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6633] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6629] +++ killed by SIGSEGV +++ [pid 6625] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(3, "", [pid 6633] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6625, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6633] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6634 attached ) = -1 EINVAL (Invalid argument) [pid 6634] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6633] <... clone3 resumed> => {parent_tid=[6634]}, 88) = 6634 [pid 5819] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6634] <... rseq resumed>) = 0 [pid 6633] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] getdents64(3, [pid 5819] <... openat resumed>) = 3 [pid 6634] set_robust_list(0x7fbb68bde9a0, 24 [pid 6633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] newfstatat(3, "", [pid 6634] <... set_robust_list resumed>) = 0 [pid 6633] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6634] rt_sigprocmask(SIG_SETMASK, [], [pid 6633] <... futex resumed>) = 0 [pid 6630] +++ killed by SIGSEGV +++ [pid 5821] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 6634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6633] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6634] memfd_create("syzkaller", 0 [pid 5819] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6630, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 125.314412][ T6631] exFAT-fs (loop0): Filesystem has been set read-only [pid 6634] <... memfd_create resumed>) = 3 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6634] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... restart_syscall resumed>) = 0 [pid 6634] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./74/file2", [pid 5820] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] newfstatat(AT_FDCWD, "./73/file2", [pid 6634] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./71", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6634] <... write resumed>) = 131072 [pid 5821] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6634] munmap(0x7fbb60600000, 138412032 [pid 5821] <... openat resumed>) = 4 [pid 5820] newfstatat(3, "", [pid 5819] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 5821] newfstatat(4, "", [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5818] newfstatat(3, "", [pid 6634] <... munmap resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, [pid 5819] newfstatat(4, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6634] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] getdents64(4, [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 6634] <... openat resumed>) = 4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6634] ioctl(4, LOOP_SET_FD, 3 [pid 5821] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] getdents64(4, [pid 5821] close(4 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./73/file2") = 0 [pid 5819] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./73/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./73") = 0 [pid 5821] rmdir("./74/file2" [pid 6634] <... ioctl resumed>) = 0 [pid 5820] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] mkdir("./74", 0777 [pid 5818] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6634] close(3 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6634] <... close resumed>) = 0 [pid 5821] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./72/file2", [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6634] close(4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6634] <... close resumed>) = 0 [pid 5820] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./71/file2", [pid 6634] mkdir("./file2", 0777 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6634] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] umount2("./71/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 4 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... openat resumed>) = 3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(4, "", [pid 5818] openat(AT_FDCWD, "./71/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6634] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... openat resumed>) = 4 [pid 5820] getdents64(4, [pid 5819] <... ioctl resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./74/binderfs", [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(4, "", [pid 5821] unlink("./74/binderfs" [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] getdents64(4, [pid 5821] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 5818] getdents64(4, [pid 5821] close(3 [pid 5820] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] rmdir("./72/file2" [pid 5818] close(4 [pid 5821] rmdir("./74" [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] rmdir("./71/file2" [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5820] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./72/binderfs") = 0 [pid 5818] umount2("./71/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./71/binderfs", [pid 5820] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] unlink("./71/binderfs" [pid 5820] close(3 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6635 [pid 5818] <... unlink resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./72") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3./strace-static-x86_64: Process 6635 attached [pid 5821] mkdir("./75", 0777 [pid 5818] <... close resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] rmdir("./71" [pid 5820] mkdir("./73", 0777 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6635] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 6635] <... set_robust_list resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... mkdir resumed>) = 0 [pid 6635] chdir("./74" [pid 5821] <... ioctl resumed>) = 0 [pid 6635] <... chdir resumed>) = 0 [pid 5821] close(3 [pid 6635] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] mkdir("./72", 0777 [pid 6635] <... prctl resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5818] <... mkdir resumed>) = 0 [pid 6635] setpgid(0, 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6635] <... setpgid resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3./strace-static-x86_64: Process 6636 attached [pid 6635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6635] <... openat resumed>) = 3 [pid 6636] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6636 [pid 6636] <... set_robust_list resumed>) = 0 [pid 6635] write(3, "1000", 4) = 4 [pid 6636] chdir("./75" [pid 6635] close(3 [pid 5818] <... openat resumed>) = 3 [pid 6636] <... chdir resumed>) = 0 [pid 6635] <... close resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6636] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6635] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... close resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6636] <... prctl resumed>) = 0 [ 125.381673][ T6634] loop4: detected capacity change from 0 to 256 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 5818] close(3 [pid 6636] setpgid(0, 0 [pid 6635] <... symlink resumed>) = 0 [pid 6636] <... setpgid resumed>) = 0 [pid 6635] write(1, "executing program\n", 18./strace-static-x86_64: Process 6637 attached [pid 6636] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6635] <... write resumed>) = 18 [pid 5818] <... close resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6637 [pid 6637] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6637] chdir("./73") = 0 [pid 6637] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6637] setpgid(0, 0) = 0 [pid 6637] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6637] write(3, "1000", 4) = 4 [pid 6637] close(3) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6637] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6637] write(1, "executing program\n", 18 [pid 6635] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] <... write resumed>) = 18 [pid 6637] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6637] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6637] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6636] <... openat resumed>) = 3 [pid 6635] <... futex resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6638 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6637] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6635] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6637] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6636] write(3, "1000", 4 [pid 6635] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6637] <... mprotect resumed>) = 0 [pid 6636] <... write resumed>) = 4 [pid 6635] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6637] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6636] close(3 [pid 6635] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6638 attached [pid 6637] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6636] <... close resumed>) = 0 [pid 6635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6638] set_robust_list(0x55555eedf6a0, 24 [pid 6637] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6636] symlink("/dev/binderfs", "./binderfs" [pid 6635] <... mmap resumed>) = 0x7fbb68bbe000 ./strace-static-x86_64: Process 6639 attached [pid 6638] <... set_robust_list resumed>) = 0 [pid 6635] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6638] chdir("./72") = 0 [pid 6637] <... clone3 resumed> => {parent_tid=[6639]}, 88) = 6639 [pid 6635] <... mprotect resumed>) = 0 [pid 6639] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6638] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6637] rt_sigprocmask(SIG_SETMASK, [], [pid 6636] <... symlink resumed>) = 0 [pid 6639] <... rseq resumed>) = 0 [pid 6638] <... prctl resumed>) = 0 [pid 6637] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 6636] write(1, "executing program\n", 18 [pid 6635] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6639] set_robust_list(0x7fbb68bde9a0, 24 [pid 6638] setpgid(0, 0 [pid 6637] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6636] <... write resumed>) = 18 [pid 6635] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6639] <... set_robust_list resumed>) = 0 [pid 6638] <... setpgid resumed>) = 0 [pid 6637] <... futex resumed>) = 0 [pid 6635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6639] rt_sigprocmask(SIG_SETMASK, [], [pid 6638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6637] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6636] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6640 attached [pid 6639] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6638] <... openat resumed>) = 3 [pid 6636] <... futex resumed>) = 0 [pid 6640] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6639] memfd_create("syzkaller", 0 [pid 6638] write(3, "1000", 4 [pid 6635] <... clone3 resumed> => {parent_tid=[6640]}, 88) = 6640 [pid 6640] <... rseq resumed>) = 0 [pid 6639] <... memfd_create resumed>) = 3 [pid 6635] rt_sigprocmask(SIG_SETMASK, [], [pid 6636] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6640] set_robust_list(0x7fbb68bde9a0, 24 [pid 6639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6636] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6635] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6640] <... set_robust_list resumed>) = 0 [pid 6639] <... mmap resumed>) = 0x7fbb60600000 [pid 6640] rt_sigprocmask(SIG_SETMASK, [], [pid 6635] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6638] <... write resumed>) = 4 [pid 6638] close(3) = 0 [pid 6639] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6635] <... futex resumed>) = 0 [pid 6640] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6636] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6635] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6640] memfd_create("syzkaller", 0 [pid 6638] symlink("/dev/binderfs", "./binderfs" [pid 6636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6640] <... memfd_create resumed>) = 3 [pid 6638] <... symlink resumed>) = 0 [pid 6636] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6640] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program ) = 0x7fbb60600000 [pid 6638] write(1, "executing program\n", 18 [pid 6636] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6638] <... write resumed>) = 18 [pid 6638] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6638] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6640] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6636] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6638] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6636] <... mprotect resumed>) = 0 [pid 6638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6638] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6640] <... write resumed>) = 131072 [pid 6638] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6636] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6638] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6636] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6636] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6641 attached [pid 6638] <... clone3 resumed> => {parent_tid=[6641]}, 88) = 6641 [pid 6638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6638] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6638] <... futex resumed>) = 0 [pid 6641] <... rseq resumed>) = 0 [pid 6638] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6641] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6641] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6641] memfd_create("syzkaller", 0) = 3 [pid 6641] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6641] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6639] <... write resumed>) = 131072 ./strace-static-x86_64: Process 6642 attached [ 125.439234][ T6634] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.478003][ T6634] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6640] munmap(0x7fbb60600000, 138412032 [pid 6639] munmap(0x7fbb60600000, 138412032 [pid 6636] <... clone3 resumed> => {parent_tid=[6642]}, 88) = 6642 [pid 6641] <... write resumed>) = 131072 [pid 6634] <... mount resumed>) = 0 [pid 6639] <... munmap resumed>) = 0 [pid 6636] rt_sigprocmask(SIG_SETMASK, [], [pid 6640] <... munmap resumed>) = 0 [pid 6639] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6636] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6634] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6640] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6639] <... openat resumed>) = 4 [pid 6636] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6641] munmap(0x7fbb60600000, 138412032 [pid 6640] <... openat resumed>) = 4 [pid 6639] ioctl(4, LOOP_SET_FD, 3 [pid 6636] <... futex resumed>) = 0 [pid 6634] <... openat resumed>) = 3 [pid 6640] ioctl(4, LOOP_SET_FD, 3 [pid 6636] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6641] <... munmap resumed>) = 0 [pid 6634] chdir("./file2") = 0 [pid 6634] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6641] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6634] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6641] <... openat resumed>) = 4 [pid 6634] <... futex resumed>) = 1 [pid 6642] <... rseq resumed>) = 0 [pid 6641] ioctl(4, LOOP_SET_FD, 3 [pid 6642] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6641] <... ioctl resumed>) = 0 [pid 6634] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6633] <... futex resumed>) = 0 [pid 6642] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6642] memfd_create("syzkaller", 0) = 3 [pid 6642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6634] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6633] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... mmap resumed>) = 0x7fbb60600000 [pid 6634] mkdir("./file3", 0777 [pid 6633] <... futex resumed>) = 0 [pid 6642] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6633] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6642] <... write resumed>) = 131072 [pid 6639] <... ioctl resumed>) = 0 [pid 6639] close(3 [pid 6641] close(3 [pid 6640] <... ioctl resumed>) = 0 [pid 6639] <... close resumed>) = 0 [pid 6641] <... close resumed>) = 0 [pid 6639] close(4 [pid 6641] close(4 [pid 6640] close(3) = 0 [pid 6639] <... close resumed>) = 0 [pid 6641] <... close resumed>) = 0 [pid 6642] munmap(0x7fbb60600000, 138412032 [pid 6640] close(4 [pid 6639] mkdir("./file2", 0777 [pid 6641] mkdir("./file2", 0777 [pid 6642] <... munmap resumed>) = 0 [pid 6641] <... mkdir resumed>) = 0 [pid 6640] <... close resumed>) = 0 [ 125.532385][ T6639] loop2: detected capacity change from 0 to 256 [ 125.540161][ T6641] loop0: detected capacity change from 0 to 256 [ 125.543435][ T6640] loop1: detected capacity change from 0 to 256 [ 125.558442][ T6634] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6642] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6642] ioctl(4, LOOP_SET_FD, 3 [pid 6641] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6640] mkdir("./file2", 0777 [pid 6639] <... mkdir resumed>) = 0 [pid 6640] <... mkdir resumed>) = 0 [pid 6642] <... ioctl resumed>) = 0 [pid 6642] close(3) = 0 [pid 6642] close(4) = 0 [pid 6639] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6642] mkdir("./file2", 0777) = 0 [pid 6642] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6640] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6634] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6633] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6633] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6634] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6633] <... futex resumed>) = 0 [pid 6634] +++ killed by SIGSEGV +++ [pid 6633] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6633, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5822] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 125.578584][ T6642] loop3: detected capacity change from 0 to 256 [ 125.591893][ T6634] exFAT-fs (loop4): Filesystem has been set read-only [ 125.612472][ T6641] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5822] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 125.639245][ T6639] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.641838][ T6642] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.658480][ T6640] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 125.679931][ T6641] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5822] newfstatat(AT_FDCWD, "./73/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./73/file2") = 0 [pid 6641] <... mount resumed>) = 0 [pid 6641] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6641] chdir("./file2") = 0 [pid 5822] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./73/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./73") = 0 [pid 6641] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6639] <... mount resumed>) = 0 [pid 6641] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6640] <... mount resumed>) = 0 [pid 6639] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6641] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6639] chdir("./file2" [pid 6641] <... futex resumed>) = 1 [pid 6640] <... openat resumed>) = 3 [pid 6638] <... futex resumed>) = 0 [pid 5822] mkdir("./74", 0777 [pid 6639] <... chdir resumed>) = 0 [pid 6641] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6640] chdir("./file2" [pid 6639] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6640] <... chdir resumed>) = 0 [pid 6642] <... mount resumed>) = 0 [pid 6640] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6639] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6638] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... mkdir resumed>) = 0 [pid 6639] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6641] <... futex resumed>) = 0 [pid 6640] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6639] <... futex resumed>) = 1 [pid 6638] <... futex resumed>) = 1 [pid 6637] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6641] mkdir("./file3", 0777 [pid 6640] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6639] mkdir("./file3", 0777 [pid 6638] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6637] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... openat resumed>) = 3 [pid 5822] <... openat resumed>) = 3 [pid 6637] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6637] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6643 attached [pid 6643] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6643 [pid 6643] <... set_robust_list resumed>) = 0 [pid 6643] chdir("./74") = 0 [ 125.693407][ T6639] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.705170][ T6640] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 125.721161][ T6642] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6643] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6643] setpgid(0, 0) = 0 [pid 6643] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6642] chdir("./file2" [pid 6643] <... openat resumed>) = 3 [pid 6643] write(3, "1000", 4) = 4 [pid 6643] close(3) = 0 [pid 6643] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 6643] write(1, "executing program\n", 18) = 18 [pid 6642] <... chdir resumed>) = 0 [pid 6640] <... futex resumed>) = 1 [pid 6635] <... futex resumed>) = 0 [pid 6642] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6640] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6635] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6640] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6639] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6635] <... futex resumed>) = 0 [pid 6642] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6640] mkdir("./file3", 0777 [pid 6635] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = 1 [pid 6638] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6637] <... futex resumed>) = ? [pid 6636] <... futex resumed>) = 0 [ 125.736049][ T6639] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.760478][ T6641] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.763719][ T6639] exFAT-fs (loop2): Filesystem has been set read-only [ 125.770601][ T6641] exFAT-fs (loop0): Filesystem has been set read-only [ 125.783780][ T6640] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6642] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6639] +++ killed by SIGSEGV +++ [pid 6636] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6636] <... futex resumed>) = 0 [pid 6642] mkdir("./file3", 0777 [pid 6636] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6643] <... futex resumed>) = 0 [pid 6641] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6638] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6637] +++ killed by SIGSEGV +++ [pid 6643] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6638] <... futex resumed>) = 0 [pid 6643] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6641] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6640] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6637, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6643] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6642] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6640] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6642] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6638] <... mmap resumed>) = ? [pid 6635] <... futex resumed>) = ? [pid 5820] <... restart_syscall resumed>) = 0 [pid 6643] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6641] +++ killed by SIGSEGV +++ [pid 6640] +++ killed by SIGSEGV +++ [pid 6638] +++ killed by SIGSEGV +++ [pid 6636] <... futex resumed>) = ? [pid 6635] +++ killed by SIGSEGV +++ [pid 6643] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6635, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6638, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6643] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6643] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6643] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6642] +++ killed by SIGSEGV +++ [pid 6636] +++ killed by SIGSEGV +++ [pid 5820] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6643] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6636, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- ./strace-static-x86_64: Process 6644 attached [pid 5820] <... openat resumed>) = 3 [ 125.797064][ T6642] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 125.804922][ T6640] exFAT-fs (loop1): Filesystem has been set read-only [ 125.814914][ T6642] exFAT-fs (loop3): Filesystem has been set read-only [pid 5819] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6644] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6643] <... clone3 resumed> => {parent_tid=[6644]}, 88) = 6644 [pid 5821] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 6644] <... rseq resumed>) = 0 [pid 6643] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./72", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6644] set_robust_list(0x7fbb68bde9a0, 24 [pid 6643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] getdents64(3, [pid 5819] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6644] <... set_robust_list resumed>) = 0 [pid 6643] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 5818] openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6644] rt_sigprocmask(SIG_SETMASK, [], [pid 6643] <... futex resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5820] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 6644] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6643] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6644] memfd_create("syzkaller", 0 [pid 5821] getdents64(3, [pid 5819] newfstatat(3, "", [pid 5818] newfstatat(3, "", [pid 6644] <... memfd_create resumed>) = 3 [pid 5820] <... umount2 resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6644] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6644] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [pid 5820] newfstatat(AT_FDCWD, "./73/file2", [pid 5818] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6644] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 4 [pid 5821] newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(4, "", [pid 5821] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] getdents64(4, [pid 5821] <... openat resumed>) = 4 [pid 6644] <... write resumed>) = 131072 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(4, "", [pid 5820] getdents64(4, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(4, [pid 5820] close(4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./73/file2" [pid 5821] getdents64(4, [pid 5820] <... rmdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./75/file2") = 0 [pid 5820] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6644] munmap(0x7fbb60600000, 138412032 [pid 5821] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./73/binderfs", [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6644] <... munmap resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(AT_FDCWD, "./75/binderfs", [pid 6644] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./73/binderfs" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] unlink("./75/binderfs" [pid 5820] <... unlink resumed>) = 0 [pid 6644] <... openat resumed>) = 4 [pid 5821] <... unlink resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./74/file2", [pid 5818] newfstatat(AT_FDCWD, "./72/file2", [pid 6644] ioctl(4, LOOP_SET_FD, 3 [pid 5821] getdents64(3, [pid 5820] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3 [pid 5820] close(3 [pid 5821] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5821] rmdir("./75" [pid 6644] <... ioctl resumed>) = 0 [pid 5820] rmdir("./73" [pid 5819] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./72/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6644] close(3) = 0 [pid 6644] close(4) = 0 [pid 6644] mkdir("./file2", 0777 [pid 5821] <... rmdir resumed>) = 0 [pid 6644] <... mkdir resumed>) = 0 [pid 6644] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] mkdir("./76", 0777 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... mkdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./72/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] mkdir("./74", 0777 [pid 5819] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", [pid 5818] <... openat resumed>) = 4 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(4, "", [pid 5819] getdents64(4, [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 5821] <... openat resumed>) = 3 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] getdents64(4, [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [ 125.920284][ T6644] loop4: detected capacity change from 0 to 256 [ 125.952424][ T6644] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] close(3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5821] <... close resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5820] close(3 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... close resumed>) = 0 ./strace-static-x86_64: Process 6645 attached [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] rmdir("./74/file2" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] close(4 [pid 5819] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] rmdir("./72/file2" [pid 5819] newfstatat(AT_FDCWD, "./74/binderfs", [pid 6645] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6645 [pid 5818] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./72/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] unlink("./74/binderfs" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... unlink resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./72/binderfs", [pid 5819] getdents64(3, ./strace-static-x86_64: Process 6646 attached [pid 6645] chdir("./76" [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6646] set_robust_list(0x55555eedf6a0, 24 [pid 5819] close(3 [pid 5818] unlink("./72/binderfs" [pid 6646] <... set_robust_list resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6645] <... chdir resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6646 [pid 5819] rmdir("./74" [pid 5818] <... unlink resumed>) = 0 [pid 6646] chdir("./74" [pid 6645] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6646] <... chdir resumed>) = 0 [pid 6645] <... prctl resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] getdents64(3, [pid 6646] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6645] setpgid(0, 0 [pid 6644] <... mount resumed>) = 0 [pid 6646] <... prctl resumed>) = 0 [pid 6645] <... setpgid resumed>) = 0 [pid 5819] mkdir("./75", 0777 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6646] setpgid(0, 0 [pid 6645] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6644] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6646] <... setpgid resumed>) = 0 [pid 6645] <... openat resumed>) = 3 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] close(3 [pid 6646] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... close resumed>) = 0 [pid 6645] write(3, "1000", 4) = 4 [pid 6645] close(3 [pid 6646] <... openat resumed>) = 3 [pid 5818] rmdir("./72" [pid 6646] write(3, "1000", 4 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6645] <... close resumed>) = 0 [pid 6645] symlink("/dev/binderfs", "./binderfs" [pid 6646] <... write resumed>) = 4 [pid 6645] <... symlink resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 executing program [pid 6646] close(3 [pid 5819] <... openat resumed>) = 3 [pid 6646] <... close resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6646] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... ioctl resumed>) = 0 [pid 6645] write(1, "executing program\n", 18) = 18 [pid 6645] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] <... symlink resumed>) = 0 [pid 5819] close(3 [pid 6645] <... futex resumed>) = 0 [pid 6645] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6645] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6645] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6645] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6645] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6645] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6647 attached executing program [pid 6646] write(1, "executing program\n", 18 [pid 5819] <... close resumed>) = 0 [pid 6646] <... write resumed>) = 18 [pid 6646] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6644] <... openat resumed>) = 3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] mkdir("./73", 0777 [pid 6646] <... futex resumed>) = 0 [pid 6644] chdir("./file2" [pid 6647] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6646] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6645] <... clone3 resumed> => {parent_tid=[6647]}, 88) = 6647 [pid 6644] <... chdir resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6646] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6644] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6645] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6648 attached NULL, 8) = 0 [pid 6647] <... rseq resumed>) = 0 [pid 6645] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] set_robust_list(0x7fbb68bde9a0, 24 [pid 6645] <... futex resumed>) = 0 [pid 6646] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6644] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6646] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 125.966045][ T6644] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6644] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6646] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6644] <... futex resumed>) = 1 [pid 6643] <... futex resumed>) = 0 [pid 6646] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6644] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6643] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6648 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6646] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6643] <... futex resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6646] <... mprotect resumed>) = 0 [pid 6644] mkdir("./file3", 0777 [pid 6648] set_robust_list(0x55555eedf6a0, 24 [pid 6647] <... set_robust_list resumed>) = 0 [pid 6646] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6645] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6643] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6648] <... set_robust_list resumed>) = 0 [pid 6647] rt_sigprocmask(SIG_SETMASK, [], [pid 6648] chdir("./75" [pid 6647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] <... chdir resumed>) = 0 [pid 6648] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6647] memfd_create("syzkaller", 0 [pid 6646] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6648] <... prctl resumed>) = 0 [pid 6647] <... memfd_create resumed>) = 3 [pid 6648] setpgid(0, 0 [pid 6647] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6646] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] <... ioctl resumed>) = 0 [pid 6648] <... setpgid resumed>) = 0 [pid 6647] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] close(3 [pid 6647] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 6649 attached [pid 6649] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6648] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6647] <... write resumed>) = 131072 [pid 6646] <... clone3 resumed> => {parent_tid=[6649]}, 88) = 6649 [pid 5818] <... close resumed>) = 0 [pid 6649] <... rseq resumed>) = 0 [pid 6649] set_robust_list(0x7fbb68bde9a0, 24 [pid 6646] rt_sigprocmask(SIG_SETMASK, [], [pid 6649] <... set_robust_list resumed>) = 0 [pid 6648] <... openat resumed>) = 3 [pid 6649] rt_sigprocmask(SIG_SETMASK, [], [pid 6647] munmap(0x7fbb60600000, 138412032 [pid 6649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6649] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6646] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6650 attached [pid 6647] <... munmap resumed>) = 0 [pid 6646] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] write(3, "1000", 4 [pid 6646] <... futex resumed>) = 1 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6650 [pid 6646] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6650] set_robust_list(0x55555eedf6a0, 24 [pid 6649] <... futex resumed>) = 0 [pid 6648] <... write resumed>) = 4 [pid 6647] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6644] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6650] <... set_robust_list resumed>) = 0 [pid 6649] memfd_create("syzkaller", 0 [pid 6648] close(3 [pid 6647] <... openat resumed>) = 4 [pid 6648] <... close resumed>) = 0 [pid 6647] ioctl(4, LOOP_SET_FD, 3 [pid 6648] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6644] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6643] <... futex resumed>) = ? [pid 6644] +++ killed by SIGSEGV +++ [pid 6643] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6643, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6650] chdir("./73" [pid 6649] <... memfd_create resumed>) = 3 executing program [pid 6650] <... chdir resumed>) = 0 [pid 6649] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6648] write(1, "executing program\n", 18 [pid 6647] <... ioctl resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 6650] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6649] <... mmap resumed>) = 0x7fbb60600000 [pid 6648] <... write resumed>) = 18 [pid 6647] close(3 [pid 6650] <... prctl resumed>) = 0 [pid 5822] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6650] setpgid(0, 0 [pid 6649] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6648] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] <... close resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 6650] <... setpgid resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6648] <... futex resumed>) = 0 [pid 6647] close(4 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6650] <... openat resumed>) = 3 [pid 6648] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6647] <... close resumed>) = 0 [pid 5822] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [ 126.017117][ T6644] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.038541][ T6644] exFAT-fs (loop4): Filesystem has been set read-only [ 126.058553][ T6647] loop3: detected capacity change from 0 to 256 [pid 6650] write(3, "1000", 4 [pid 6648] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6647] mkdir("./file2", 0777 [pid 6650] <... write resumed>) = 4 [pid 6648] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6650] close(3 [pid 6649] <... write resumed>) = 131072 [pid 6647] <... mkdir resumed>) = 0 [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6647] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6650] <... close resumed>) = 0 [pid 6649] munmap(0x7fbb60600000, 138412032 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6650] symlink("/dev/binderfs", "./binderfs" [pid 6649] <... munmap resumed>) = 0 [pid 6648] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... umount2 resumed>) = 0 [pid 6650] <... symlink resumed>) = 0 [pid 6649] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6648] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6650] write(1, "executing program\n", 18 [pid 6649] <... openat resumed>) = 4 [pid 6648] <... mprotect resumed>) = 0 [pid 5822] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6650] <... write resumed>) = 18 [pid 6649] ioctl(4, LOOP_SET_FD, 3 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6650] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6648] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6650] <... futex resumed>) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6651 attached [pid 6650] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6651] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6650] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6648] <... clone3 resumed> => {parent_tid=[6651]}, 88) = 6651 [pid 5822] <... openat resumed>) = 4 [pid 6651] <... rseq resumed>) = 0 [pid 6650] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6648] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] newfstatat(4, "", [pid 6651] set_robust_list(0x7fbb68bde9a0, 24 [pid 6650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6651] <... set_robust_list resumed>) = 0 [pid 6650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6648] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 6651] rt_sigprocmask(SIG_SETMASK, [], [pid 6650] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6648] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6651] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6650] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6648] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] getdents64(4, [pid 6651] memfd_create("syzkaller", 0 [pid 6650] <... mprotect resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6651] <... memfd_create resumed>) = 3 [pid 5822] close(4 [pid 6651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... close resumed>) = 0 [pid 6651] <... mmap resumed>) = 0x7fbb60600000 [pid 6650] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] rmdir("./74/file2" [pid 6651] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6650] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6652 attached [pid 6649] <... ioctl resumed>) = 0 [pid 5822] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6650] <... clone3 resumed> => {parent_tid=[6652]}, 88) = 6652 [pid 6649] close(3 [pid 6650] rt_sigprocmask(SIG_SETMASK, [], [pid 6649] <... close resumed>) = 0 [pid 6650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6649] close(4 [pid 6650] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6650] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6652] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6651] <... write resumed>) = 131072 [pid 6652] <... rseq resumed>) = 0 [pid 5822] unlink("./74/binderfs" [pid 6652] set_robust_list(0x7fbb68bde9a0, 24 [pid 5822] <... unlink resumed>) = 0 [pid 6652] <... set_robust_list resumed>) = 0 [pid 6652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6652] memfd_create("syzkaller", 0) = 3 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6652] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5822] close(3 [pid 6652] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./74" [pid 6651] munmap(0x7fbb60600000, 138412032 [pid 5822] <... rmdir resumed>) = 0 [pid 6651] <... munmap resumed>) = 0 [pid 6649] <... close resumed>) = 0 [pid 6649] mkdir("./file2", 0777 [pid 6651] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] mkdir("./75", 0777) = 0 [pid 6652] <... write resumed>) = 131072 [ 126.123096][ T6649] loop2: detected capacity change from 0 to 256 [ 126.156006][ T6647] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6651] <... openat resumed>) = 4 [pid 6649] <... mkdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6652] munmap(0x7fbb60600000, 138412032 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3 [pid 6651] ioctl(4, LOOP_SET_FD, 3 [pid 6649] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6653 attached [pid 6653] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6653 [pid 6653] <... set_robust_list resumed>) = 0 [pid 6653] chdir("./75" [pid 6652] <... munmap resumed>) = 0 [pid 6653] <... chdir resumed>) = 0 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6647] <... mount resumed>) = 0 [pid 6653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6653] setpgid(0, 0 [pid 6652] <... openat resumed>) = 4 [pid 6647] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6653] <... setpgid resumed>) = 0 [pid 6647] <... openat resumed>) = 3 [pid 6653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6652] ioctl(4, LOOP_SET_FD, 3 [pid 6647] chdir("./file2" [pid 6653] write(3, "1000", 4 [pid 6651] <... ioctl resumed>) = 0 [pid 6647] <... chdir resumed>) = 0 [pid 6651] close(3 [pid 6653] <... write resumed>) = 4 [pid 6651] <... close resumed>) = 0 [pid 6651] close(4 [pid 6653] close(3 [pid 6651] <... close resumed>) = 0 [pid 6653] <... close resumed>) = 0 [ 126.176157][ T6647] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.191792][ T6651] loop1: detected capacity change from 0 to 256 [ 126.204444][ T6649] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 126.214138][ T6652] loop0: detected capacity change from 0 to 256 [pid 6653] symlink("/dev/binderfs", "./binderfs" [pid 6647] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6653] <... symlink resumed>) = 0 [pid 6647] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6647] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6647] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program [pid 6653] write(1, "executing program\n", 18) = 18 [pid 6653] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6653] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6645] <... futex resumed>) = 0 [pid 6653] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6651] mkdir("./file2", 0777 [pid 6653] <... mprotect resumed>) = 0 [pid 6653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6654]}, 88) = 6654 [pid 6651] <... mkdir resumed>) = 0 [pid 6645] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6653] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6654 attached NULL, 8) = 0 [pid 6651] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6647] <... futex resumed>) = 0 [pid 6645] <... futex resumed>) = 1 [pid 6653] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6647] mkdir("./file3", 0777 [pid 6654] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6653] <... futex resumed>) = 0 [pid 6645] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6654] <... rseq resumed>) = 0 [pid 6654] set_robust_list(0x7fbb68bde9a0, 24 [pid 6652] <... ioctl resumed>) = 0 [pid 6654] <... set_robust_list resumed>) = 0 [pid 6653] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6649] <... mount resumed>) = 0 [pid 6647] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6654] rt_sigprocmask(SIG_SETMASK, [], [pid 6652] close(3 [pid 6649] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6647] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6654] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6652] <... close resumed>) = 0 [pid 6649] <... openat resumed>) = 3 [pid 6654] memfd_create("syzkaller", 0 [pid 6647] +++ killed by SIGSEGV +++ [pid 6645] <... futex resumed>) = ? [pid 6652] close(4 [pid 6649] chdir("./file2" [pid 6645] +++ killed by SIGSEGV +++ [pid 6652] <... close resumed>) = 0 [pid 6649] <... chdir resumed>) = 0 [pid 6652] mkdir("./file2", 0777 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6645, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6654] <... memfd_create resumed>) = 3 [pid 6652] <... mkdir resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6649] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... restart_syscall resumed>) = 0 [pid 6654] <... mmap resumed>) = 0x7fbb60600000 [pid 6649] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 126.225733][ T6649] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.246592][ T6647] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.258362][ T6647] exFAT-fs (loop3): Filesystem has been set read-only [pid 5821] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5821] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6649] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6649] <... futex resumed>) = 1 [pid 6646] <... futex resumed>) = 0 [pid 6646] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6654] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6649] mkdir("./file3", 0777 [pid 6646] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] newfstatat(AT_FDCWD, "./76/file2", [pid 6652] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6654] <... write resumed>) = 131072 [pid 5821] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6654] munmap(0x7fbb60600000, 138412032 [ 126.287932][ T6651] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 126.310877][ T6649] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.323584][ T6649] exFAT-fs (loop2): Filesystem has been set read-only [pid 5821] getdents64(4, [pid 6649] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6654] <... munmap resumed>) = 0 [pid 6651] <... mount resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6651] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6649] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6651] <... openat resumed>) = 3 [pid 6646] <... futex resumed>) = ? [pid 6654] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6651] chdir("./file2" [pid 6649] +++ killed by SIGSEGV +++ [pid 6646] +++ killed by SIGSEGV +++ [pid 5821] getdents64(4, [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6646, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6651] <... chdir resumed>) = 0 [pid 6651] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] close(4 [pid 6654] <... openat resumed>) = 4 [pid 6651] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... close resumed>) = 0 [pid 6654] ioctl(4, LOOP_SET_FD, 3 [pid 5821] rmdir("./76/file2" [pid 6651] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6651] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5820] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6648] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6651] <... futex resumed>) = 0 [pid 6648] <... futex resumed>) = 1 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6654] <... ioctl resumed>) = 0 [ 126.333369][ T6651] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.345264][ T6652] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 126.358638][ T6652] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.370010][ T6654] loop4: detected capacity change from 0 to 256 [pid 6652] <... mount resumed>) = 0 [pid 6651] mkdir("./file3", 0777 [pid 6648] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5820] <... umount2 resumed>) = 0 [pid 6654] close(3 [pid 6652] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6654] <... close resumed>) = 0 [pid 6652] <... openat resumed>) = 3 [pid 5821] unlink("./76/binderfs" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6654] close(4 [pid 6652] chdir("./file2" [pid 5821] <... unlink resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./74/file2", [pid 6654] <... close resumed>) = 0 [pid 6652] <... chdir resumed>) = 0 [pid 5821] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6654] mkdir("./file2", 0777 [pid 6652] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6654] <... mkdir resumed>) = 0 [pid 6652] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6654] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6652] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6652] <... futex resumed>) = 1 [pid 6650] <... futex resumed>) = 0 [pid 5821] rmdir("./76" [pid 5820] <... openat resumed>) = 4 [pid 6652] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6650] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 6652] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6650] <... futex resumed>) = 0 [pid 5821] mkdir("./77", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6652] mkdir("./file3", 0777 [pid 6650] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... mkdir resumed>) = 0 [pid 5820] getdents64(4, [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] getdents64(4, [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] close(4) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6655 [pid 5820] rmdir("./74/file2") = 0 [pid 5820] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./74/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./74") = 0 [pid 5820] mkdir("./75", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 ./strace-static-x86_64: Process 6655 attached [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6655] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6655] chdir("./77" [pid 5820] <... ioctl resumed>) = 0 [pid 6655] <... chdir resumed>) = 0 [pid 6655] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6651] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6655] <... prctl resumed>) = 0 [pid 6655] setpgid(0, 0 [pid 5820] close(3 [pid 6655] <... setpgid resumed>) = 0 [pid 6655] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6648] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... close resumed>) = 0 [pid 6648] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6648] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6648] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6648] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6648] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6656 attached => {parent_tid=[6656]}, 88) = 6656 [pid 6648] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6656] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6648] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... rseq resumed>) = 0 [pid 6648] <... futex resumed>) = 0 [pid 6656] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6648] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6656] <... set_robust_list resumed>) = 0 [pid 6655] <... openat resumed>) = 3 [pid 6656] rt_sigprocmask(SIG_SETMASK, [], [pid 6651] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6657 attached [pid 6656] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6657 [pid 6656] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6648] <... futex resumed>) = 0 [pid 6656] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6648] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6656] <... ioctl resumed>) = 0 [pid 6648] <... futex resumed>) = 0 [pid 6648] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6655] write(3, "1000", 4 [pid 6657] set_robust_list(0x55555eedf6a0, 24 [pid 6655] <... write resumed>) = 4 [pid 6648] <... futex resumed>) = ? [pid 6657] <... set_robust_list resumed>) = 0 [pid 6656] +++ killed by SIGSEGV +++ [pid 6655] close(3 [pid 6651] +++ killed by SIGSEGV +++ [pid 6648] +++ killed by SIGSEGV +++ [pid 6657] chdir("./75" [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6648, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6657] <... chdir resumed>) = 0 executing program [pid 6655] <... close resumed>) = 0 [pid 6652] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6657] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6655] symlink("/dev/binderfs", "./binderfs" [pid 6652] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6657] <... prctl resumed>) = 0 [pid 6657] setpgid(0, 0) = 0 [pid 6650] <... futex resumed>) = ? [pid 6657] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6655] <... symlink resumed>) = 0 [pid 5819] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6655] write(1, "executing program\n", 18 [pid 5819] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6655] <... write resumed>) = 18 [pid 5819] <... openat resumed>) = 3 [pid 6655] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(3, "", [pid 6655] <... futex resumed>) = 0 [pid 6655] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6657] <... openat resumed>) = 3 [pid 6655] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6657] write(3, "1000", 4) = 4 [pid 6655] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] getdents64(3, [pid 6657] close(3) = 0 [pid 6657] symlink("/dev/binderfs", "./binderfs" [pid 6655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6657] <... symlink resumed>) = 0 executing program [pid 6657] write(1, "executing program\n", 18 [pid 6655] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6652] +++ killed by SIGSEGV +++ [pid 6650] +++ killed by SIGSEGV +++ [pid 5819] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6657] <... write resumed>) = 18 [pid 6657] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6650, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6657] <... futex resumed>) = 0 [pid 6655] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6657] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6655] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... restart_syscall resumed>) = 0 [pid 6657] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6657] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6655] <... mprotect resumed>) = 0 [pid 6657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6657] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] umount2("./73", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6657] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6657] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6655] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6657] <... mprotect resumed>) = 0 [pid 6657] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6655] <... rt_sigprocmask resumed>[], 8) = 0 [ 126.381317][ T6651] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.391363][ T6652] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.405569][ T6651] exFAT-fs (loop1): Filesystem has been set read-only [ 126.419695][ T6652] exFAT-fs (loop0): Filesystem has been set read-only [pid 5818] <... openat resumed>) = 3 [pid 6657] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] newfstatat(3, "", [pid 6655] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 6655] <... clone3 resumed> => {parent_tid=[6658]}, 88) = 6658 [pid 5819] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6655] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6655] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6655] <... futex resumed>) = 0 [pid 6655] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] newfstatat(AT_FDCWD, "./75/file2", [pid 5818] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6658 attached [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./73/file2", [pid 5819] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6658] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5819] <... openat resumed>) = 4 [pid 5818] umount2("./73/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6658] <... rseq resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6658] set_robust_list(0x7fbb68bde9a0, 24 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] openat(AT_FDCWD, "./73/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6658] <... set_robust_list resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] <... openat resumed>) = 4 [pid 6658] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] newfstatat(4, "", [pid 6658] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] getdents64(4, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6658] memfd_create("syzkaller", 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(4, [pid 5819] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5819] rmdir("./75/file2" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] close(4 [pid 5819] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 6658] <... memfd_create resumed>) = 3 [pid 6657] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6659 attached [pid 6658] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] newfstatat(AT_FDCWD, "./75/binderfs", [pid 5818] rmdir("./73/file2" [pid 6658] <... mmap resumed>) = 0x7fbb60600000 [pid 6657] <... clone3 resumed> => {parent_tid=[6659]}, 88) = 6659 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6658] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6657] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] unlink("./75/binderfs" [pid 5818] <... rmdir resumed>) = 0 [pid 6657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 6659] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6658] <... write resumed>) = 131072 [pid 6657] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] umount2("./73/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6659] <... rseq resumed>) = 0 [pid 6658] munmap(0x7fbb60600000, 138412032 [pid 6657] <... futex resumed>) = 0 [pid 5819] getdents64(3, [pid 6659] set_robust_list(0x7fbb68bde9a0, 24 [pid 6658] <... munmap resumed>) = 0 [pid 6657] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6659] <... set_robust_list resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6659] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] close(3 [pid 6659] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... close resumed>) = 0 [pid 6659] memfd_create("syzkaller", 0 [pid 5819] rmdir("./75" [pid 6659] <... memfd_create resumed>) = 3 [pid 6658] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6659] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6658] <... openat resumed>) = 4 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./73/binderfs", [pid 6659] <... mmap resumed>) = 0x7fbb60600000 [pid 6658] ioctl(4, LOOP_SET_FD, 3 [pid 6659] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] mkdir("./76", 0777 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] unlink("./73/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 6659] <... write resumed>) = 131072 [pid 5818] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] rmdir("./73" [pid 5819] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [ 126.456461][ T6654] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] mkdir("./74", 0777 [pid 6659] munmap(0x7fbb60600000, 138412032 [pid 6658] <... ioctl resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6659] <... munmap resumed>) = 0 [pid 5819] close(3) = 0 [pid 6659] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6658] close(3 [pid 6654] <... mount resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6659] <... openat resumed>) = 4 [pid 6658] <... close resumed>) = 0 [pid 6654] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 6659] ioctl(4, LOOP_SET_FD, 3 [pid 6658] close(4 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6660 [pid 5818] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6660 attached [pid 6658] <... close resumed>) = 0 [pid 6654] <... openat resumed>) = 3 [pid 5818] <... ioctl resumed>) = 0 [pid 6658] mkdir("./file2", 0777 [pid 5818] close(3 [pid 6658] <... mkdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6658] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6654] chdir("./file2" [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6660] set_robust_list(0x55555eedf6a0, 24 [pid 6654] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6661 attached [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6661 [pid 6661] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6661] chdir("./74" [pid 6660] <... set_robust_list resumed>) = 0 [pid 6654] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6661] <... chdir resumed>) = 0 [pid 6661] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6659] <... ioctl resumed>) = 0 [pid 6661] <... prctl resumed>) = 0 [pid 6661] setpgid(0, 0) = 0 executing program [pid 6661] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6659] close(3) = 0 [pid 6654] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6660] chdir("./76" [pid 6659] close(4 [pid 6654] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6659] <... close resumed>) = 0 [pid 6661] <... openat resumed>) = 3 [pid 6660] <... chdir resumed>) = 0 [pid 6659] mkdir("./file2", 0777 [pid 6654] <... futex resumed>) = 1 [pid 6653] <... futex resumed>) = 0 [pid 6654] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6653] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6661] write(3, "1000", 4) = 4 [pid 6661] close(3) = 0 [pid 6661] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6659] <... mkdir resumed>) = 0 [pid 6659] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6661] write(1, "executing program\n", 18) = 18 [ 126.502549][ T6658] loop3: detected capacity change from 0 to 256 [ 126.512720][ T6654] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.537237][ T6659] loop2: detected capacity change from 0 to 256 [pid 6661] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6653] <... futex resumed>) = 0 [pid 6661] <... futex resumed>) = 0 [pid 6653] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6661] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6660] <... prctl resumed>) = 0 [pid 6654] mkdir("./file3", 0777 [pid 6660] setpgid(0, 0 [pid 6661] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6660] <... setpgid resumed>) = 0 [pid 6661] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6661] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6661] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6661] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6662]}, 88) = 6662 [pid 6661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6662 attached [pid 6661] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6661] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6662] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6662] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6662] memfd_create("syzkaller", 0 [pid 6660] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6662] <... memfd_create resumed>) = 3 [pid 6662] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6660] <... openat resumed>) = 3 [ 126.565174][ T6658] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 126.584716][ T6658] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.585914][ T6654] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6662] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6660] write(3, "1000", 4 [pid 6658] <... mount resumed>) = 0 [pid 6662] munmap(0x7fbb60600000, 138412032 [pid 6658] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6662] <... munmap resumed>) = 0 [pid 6660] <... write resumed>) = 4 [pid 6658] <... openat resumed>) = 3 [pid 6658] chdir("./file2" [pid 6662] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6658] <... chdir resumed>) = 0 [pid 6662] <... openat resumed>) = 4 [pid 6658] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6658] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6662] ioctl(4, LOOP_SET_FD, 3 [pid 6658] <... futex resumed>) = 1 [pid 6660] close(3 [pid 6658] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6655] <... futex resumed>) = 0 [pid 6654] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6653] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6655] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... close resumed>) = 0 [pid 6653] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] symlink("/dev/binderfs", "./binderfs" [pid 6658] <... futex resumed>) = 0 [pid 6655] <... futex resumed>) = 1 [pid 6654] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6658] mkdir("./file3", 0777 [pid 6660] <... symlink resumed>) = 0 [pid 6655] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6653] <... futex resumed>) = ? executing program [pid 6660] write(1, "executing program\n", 18 [pid 6654] +++ killed by SIGSEGV +++ [pid 6653] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6653, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6660] <... write resumed>) = 18 [pid 6660] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 126.614307][ T6654] exFAT-fs (loop4): Filesystem has been set read-only [ 126.622934][ T6662] loop0: detected capacity change from 0 to 256 [ 126.633365][ T6658] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.653870][ T6659] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6660] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6662] <... ioctl resumed>) = 0 [pid 6660] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6660] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6662] close(3 [pid 5822] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6660] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6662] <... close resumed>) = 0 [pid 6662] close(4) = 0 [pid 6660] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6662] mkdir("./file2", 0777 [pid 6660] <... mprotect resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6662] <... mkdir resumed>) = 0 [pid 6660] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... openat resumed>) = 3 [pid 6662] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] newfstatat(3, "", [pid 6660] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6660] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6663 attached [pid 5822] getdents64(3, [pid 6660] <... clone3 resumed> => {parent_tid=[6663]}, 88) = 6663 [pid 6660] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6660] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6660] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6663] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [ 126.658250][ T6658] exFAT-fs (loop3): Filesystem has been set read-only [ 126.700356][ T6659] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6663] set_robust_list(0x7fbb68bde9a0, 24 [pid 6658] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6663] <... set_robust_list resumed>) = 0 [pid 6655] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... umount2 resumed>) = 0 [pid 6658] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6658] +++ killed by SIGSEGV +++ [pid 6663] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6659] <... mount resumed>) = 0 [pid 6659] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6663] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6655] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(AT_FDCWD, "./75/file2", [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6655, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6663] memfd_create("syzkaller", 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(3, [pid 6663] <... memfd_create resumed>) = 3 [pid 5822] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6663] <... mmap resumed>) = 0x7fbb60600000 [pid 6659] chdir("./file2" [pid 5822] <... openat resumed>) = 4 [pid 6659] <... chdir resumed>) = 0 [pid 6659] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6659] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6657] <... futex resumed>) = 0 [pid 6657] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6657] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6659] <... futex resumed>) = 1 [pid 6659] mkdir("./file3", 0777 [pid 6663] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6662] <... mount resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 6663] <... write resumed>) = 131072 [pid 6662] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6663] munmap(0x7fbb60600000, 138412032 [pid 6662] <... openat resumed>) = 3 [pid 5822] getdents64(4, [pid 6663] <... munmap resumed>) = 0 [pid 6662] chdir("./file2" [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6663] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6662] <... chdir resumed>) = 0 [pid 5822] getdents64(4, [pid 5821] <... umount2 resumed>) = 0 [pid 6663] <... openat resumed>) = 4 [pid 6662] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6663] ioctl(4, LOOP_SET_FD, 3 [pid 6662] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] close(4 [pid 6659] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6659] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6657] <... futex resumed>) = ? [ 126.707734][ T6662] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 126.728247][ T6662] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 126.742769][ T6659] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.753771][ T6659] exFAT-fs (loop2): Filesystem has been set read-only [pid 5821] newfstatat(AT_FDCWD, "./77/file2", [pid 6662] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6659] +++ killed by SIGSEGV +++ [pid 6657] +++ killed by SIGSEGV +++ [pid 5822] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6662] <... futex resumed>) = 1 [pid 6661] <... futex resumed>) = 0 [pid 5821] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6657, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6661] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6663] <... ioctl resumed>) = 0 [pid 6662] mkdir("./file3", 0777 [pid 6661] <... futex resumed>) = 0 [pid 5822] rmdir("./75/file2" [pid 5821] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6661] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./77/file2") = 0 [pid 5821] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./77/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./77") = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5820] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] getdents64(3, [pid 6663] close(3 [pid 5822] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6663] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./75/binderfs", [pid 5820] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6663] close(4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./75/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6663] <... close resumed>) = 0 [pid 5822] unlink("./75/binderfs" [pid 5820] getdents64(4, [pid 6663] mkdir("./file2", 0777 [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6663] <... mkdir resumed>) = 0 [pid 5822] getdents64(3, [pid 5820] close(4 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./75/file2" [pid 6663] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 5821] mkdir("./78", 0777 [pid 5820] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./75/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] rmdir("./75" [pid 5821] <... openat resumed>) = 3 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5822] rmdir("./75" [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] mkdir("./76", 0777 [pid 5822] mkdir("./76", 0777 [pid 5820] <... mkdir resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6662] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... mkdir resumed>) = 0 [ 126.758841][ T6663] loop1: detected capacity change from 0 to 256 [ 126.771883][ T6662] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 126.793736][ T6662] exFAT-fs (loop0): Filesystem has been set read-only [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6662] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6661] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6661] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 3 [pid 5822] <... openat resumed>) = 3 [pid 6661] <... futex resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5822] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6664 attached [pid 6664] set_robust_list(0x55555eedf6a0, 24 [pid 6661] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 6664] <... set_robust_list resumed>) = 0 [pid 5822] close(3 [pid 6661] <... mmap resumed>) = ? [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6664 [pid 5820] close(3 [pid 6664] chdir("./78" [pid 5822] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6664] <... chdir resumed>) = 0 [pid 6664] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6664] <... prctl resumed>) = 0 [pid 6664] setpgid(0, 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6665 ./strace-static-x86_64: Process 6665 attached [pid 6665] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6665] chdir("./76") = 0 [pid 6665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6662] +++ killed by SIGSEGV +++ [pid 6664] <... setpgid resumed>) = 0 [pid 6661] +++ killed by SIGSEGV +++ [pid 6665] setpgid(0, 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6661, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5818] umount2("./74", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6666 attached [pid 6664] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6664] <... openat resumed>) = 3 [pid 5818] getdents64(3, [pid 6665] <... setpgid resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 executing program [pid 6665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6665] <... openat resumed>) = 3 [pid 5818] <... umount2 resumed>) = 0 [pid 6665] write(3, "1000", 4 [pid 5818] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6665] <... write resumed>) = 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./74/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./74/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./74/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6665] close(3 [pid 5818] newfstatat(4, "", [pid 6665] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6665] symlink("/dev/binderfs", "./binderfs" [pid 5818] getdents64(4, [pid 6665] <... symlink resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6665] write(1, "executing program\n", 18 [pid 5818] getdents64(4, [pid 6665] <... write resumed>) = 18 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6665] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] close(4) = 0 [pid 5818] rmdir("./74/file2") = 0 [pid 5818] umount2("./74/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6665] <... futex resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./74/binderfs", [pid 6665] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6664] write(3, "1000", 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6666] set_robust_list(0x55555eedf6a0, 24 [pid 6665] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6664] <... write resumed>) = 4 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6666 [ 126.818612][ T6663] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5818] unlink("./74/binderfs" [pid 6665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6664] close(3 [pid 5818] <... unlink resumed>) = 0 [pid 6666] <... set_robust_list resumed>) = 0 [pid 6665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6664] <... close resumed>) = 0 [pid 5818] getdents64(3, [pid 6666] chdir("./76" [pid 6664] symlink("/dev/binderfs", "./binderfs" [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6666] <... chdir resumed>) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 6664] <... symlink resumed>) = 0 [pid 6666] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6665] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6664] write(1, "executing program\n", 18 [pid 6666] <... prctl resumed>) = 0 [pid 6665] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6664] <... write resumed>) = 18 [pid 6666] setpgid(0, 0 [pid 6665] <... mprotect resumed>) = 0 [pid 6664] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] <... setpgid resumed>) = 0 [pid 6665] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6664] <... futex resumed>) = 0 [pid 6666] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6665] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6664] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] close(3 [pid 6666] <... openat resumed>) = 3 [pid 6665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6664] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... close resumed>) = 0 [pid 6666] write(3, "1000", 4 [pid 6664] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6666] <... write resumed>) = 4 [pid 6664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] close(3 [pid 6664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6666] <... close resumed>) = 0 [pid 6664] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] rmdir("./74"./strace-static-x86_64: Process 6667 attached [pid 6666] symlink("/dev/binderfs", "./binderfs" [pid 6665] <... clone3 resumed> => {parent_tid=[6667]}, 88) = 6667 [pid 6664] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... rmdir resumed>) = 0 [pid 6667] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6665] rt_sigprocmask(SIG_SETMASK, [], [pid 6667] <... rseq resumed>) = 0 [pid 6665] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6664] <... mprotect resumed>) = 0 [pid 5818] mkdir("./75", 0777 [pid 6667] set_robust_list(0x7fbb68bde9a0, 24 [pid 6665] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... mkdir resumed>) = 0 [pid 6667] <... set_robust_list resumed>) = 0 [pid 6665] <... futex resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6667] rt_sigprocmask(SIG_SETMASK, [], [pid 6665] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6664] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6666] <... symlink resumed>) = 0 [pid 6667] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6666] write(1, "executing program\n", 18 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6664] <... clone3 resumed> => {parent_tid=[6668]}, 88) = 6668 executing program [pid 6667] memfd_create("syzkaller", 0 [pid 6666] <... write resumed>) = 18 [pid 6664] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... ioctl resumed>) = 0 [pid 6664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] close(3 [pid 6667] <... memfd_create resumed>) = 3 [pid 6666] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6666] <... futex resumed>) = 0 [pid 6664] <... futex resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6667] <... mmap resumed>) = 0x7fbb60600000 [pid 6666] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6664] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6668 attached [pid 6666] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6668] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6668] <... rseq resumed>) = 0 [pid 6668] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6668] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6669 attached ) = 3 [pid 6667] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6666] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6663] <... mount resumed>) = 0 [pid 6669] set_robust_list(0x55555eedf6a0, 24 [pid 6668] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6668] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6666] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6663] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6666] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6669] <... set_robust_list resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6669 [pid 6669] chdir("./75") = 0 [pid 6668] <... write resumed>) = 131072 [pid 6669] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6668] munmap(0x7fbb60600000, 138412032 [pid 6669] <... prctl resumed>) = 0 [pid 6668] <... munmap resumed>) = 0 [pid 6669] setpgid(0, 0 [ 126.861264][ T6663] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6668] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6669] <... setpgid resumed>) = 0 [pid 6668] <... openat resumed>) = 4 [pid 6669] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6668] ioctl(4, LOOP_SET_FD, 3 [pid 6667] <... write resumed>) = 131072 [pid 6666] <... mprotect resumed>) = 0 [pid 6663] <... openat resumed>) = 3 [pid 6667] munmap(0x7fbb60600000, 138412032 [pid 6666] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6667] <... munmap resumed>) = 0 [pid 6663] chdir("./file2" [pid 6667] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6666] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6663] <... chdir resumed>) = 0 [pid 6669] <... openat resumed>) = 3 [pid 6667] <... openat resumed>) = 4 [pid 6666] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6663] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6669] write(3, "1000", 4 [pid 6667] ioctl(4, LOOP_SET_FD, 3 [pid 6663] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6670 attached [pid 6669] <... write resumed>) = 4 [pid 6666] <... clone3 resumed> => {parent_tid=[6670]}, 88) = 6670 [pid 6663] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6669] close(3 [pid 6670] <... rseq resumed>) = 0 [pid 6669] <... close resumed>) = 0 [pid 6670] set_robust_list(0x7fbb68bde9a0, 24 [pid 6669] symlink("/dev/binderfs", "./binderfs"executing program [pid 6670] <... set_robust_list resumed>) = 0 [pid 6669] <... symlink resumed>) = 0 [pid 6670] rt_sigprocmask(SIG_SETMASK, [], [pid 6669] write(1, "executing program\n", 18 [pid 6670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6669] <... write resumed>) = 18 [pid 6670] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6669] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6669] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6669] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6669] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6669] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6667] <... ioctl resumed>) = 0 [pid 6666] rt_sigprocmask(SIG_SETMASK, [], [pid 6660] <... futex resumed>) = 0 [pid 6669] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6666] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6660] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6666] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6660] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6671 attached [pid 6670] <... futex resumed>) = 0 [pid 6669] <... clone3 resumed> => {parent_tid=[6671]}, 88) = 6671 [pid 6666] <... futex resumed>) = 1 [pid 6660] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6671] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6670] memfd_create("syzkaller", 0 [pid 6669] rt_sigprocmask(SIG_SETMASK, [], [pid 6668] <... ioctl resumed>) = 0 [pid 6667] close(3 [pid 6666] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6671] <... rseq resumed>) = 0 [pid 6670] <... memfd_create resumed>) = 3 [pid 6669] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6667] <... close resumed>) = 0 [pid 6668] close(3 [pid 6667] close(4 [pid 6668] <... close resumed>) = 0 [pid 6668] close(4) = 0 [pid 6670] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6668] mkdir("./file2", 0777 [pid 6670] <... mmap resumed>) = 0x7fbb60600000 [pid 6669] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] <... mkdir resumed>) = 0 [pid 6670] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6669] <... futex resumed>) = 0 [pid 6668] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6667] <... close resumed>) = 0 [pid 6667] mkdir("./file2", 0777 [pid 6671] set_robust_list(0x7fbb68bde9a0, 24 [pid 6669] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6667] <... mkdir resumed>) = 0 [pid 6663] <... futex resumed>) = 1 [pid 6671] <... set_robust_list resumed>) = 0 [pid 6663] mkdir("./file3", 0777 [pid 6667] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6671] memfd_create("syzkaller", 0) = 3 [pid 6671] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6670] <... write resumed>) = 131072 [pid 6671] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6670] munmap(0x7fbb60600000, 138412032) = 0 [ 126.919667][ T6668] loop3: detected capacity change from 0 to 256 [ 126.930572][ T6667] loop2: detected capacity change from 0 to 256 [ 126.959042][ T6663] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6671] <... write resumed>) = 131072 [pid 6670] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6671] munmap(0x7fbb60600000, 138412032 [pid 6670] <... openat resumed>) = 4 [pid 6671] <... munmap resumed>) = 0 [pid 6670] ioctl(4, LOOP_SET_FD, 3 [pid 6671] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 126.977665][ T6667] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 126.991357][ T6670] loop4: detected capacity change from 0 to 256 [ 126.998068][ T6663] exFAT-fs (loop1): Filesystem has been set read-only [ 126.999036][ T6667] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 127.013401][ T6668] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6671] ioctl(4, LOOP_SET_FD, 3 [pid 6670] <... ioctl resumed>) = 0 [pid 6660] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6663] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6663] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6660] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 6670] close(3) = 0 [pid 6670] close(4) = 0 [pid 6670] mkdir("./file2", 0777) = 0 [pid 6670] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6668] <... mount resumed>) = 0 [pid 6667] <... mount resumed>) = 0 [pid 6663] +++ killed by SIGSEGV +++ [pid 6660] +++ killed by SIGSEGV +++ [pid 6671] <... ioctl resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6660, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6671] close(3 [pid 6668] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6667] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6671] <... close resumed>) = 0 [pid 6671] close(4 [pid 6668] <... openat resumed>) = 3 [pid 6667] <... openat resumed>) = 3 [pid 6671] <... close resumed>) = 0 [pid 6668] chdir("./file2" [pid 6671] mkdir("./file2", 0777 [pid 5819] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6668] <... chdir resumed>) = 0 [pid 6667] chdir("./file2" [pid 6668] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6667] <... chdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6671] <... mkdir resumed>) = 0 [pid 6667] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6668] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6671] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6668] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6667] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... openat resumed>) = 3 [pid 6667] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(3, "", [pid 6668] <... futex resumed>) = 1 [pid 6667] <... futex resumed>) = 1 [pid 6664] <... futex resumed>) = 0 [pid 6667] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6665] <... futex resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6668] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6664] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6665] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6664] <... futex resumed>) = 0 [pid 6668] mkdir("./file3", 0777 [pid 6667] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = 1 [pid 5819] getdents64(3, [pid 6667] mkdir("./file3", 0777 [pid 6665] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 127.015225][ T6671] loop0: detected capacity change from 0 to 256 [ 127.027093][ T6668] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5819] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./76/file2") = 0 [pid 5819] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./76/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./76") = 0 [pid 5819] mkdir("./77", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3) = 0 [pid 6670] <... mount resumed>) = 0 [pid 6670] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6670] chdir("./file2") = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6670] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6670] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 127.071156][ T6667] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.080428][ T6668] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.090612][ T6670] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 127.090950][ T6670] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6670] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6672 attached [pid 6666] <... futex resumed>) = 0 [pid 6665] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6664] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6665] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6665] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6666] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6664] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6665] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6673 attached [pid 6664] <... futex resumed>) = 0 [pid 6666] <... futex resumed>) = 1 [pid 6670] <... futex resumed>) = 0 [pid 6667] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6665] <... clone3 resumed> => {parent_tid=[6673]}, 88) = 6673 [pid 6673] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6670] mkdir("./file3", 0777 [pid 6667] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6666] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6664] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6672] set_robust_list(0x55555eedf6a0, 24 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6672 [pid 6664] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6673] <... rseq resumed>) = ? [pid 6672] <... set_robust_list resumed>) = 0 [pid 6664] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6672] chdir("./77") = 0 [pid 6672] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6672] setpgid(0, 0) = 0 [pid 6673] +++ killed by SIGSEGV +++ [pid 6672] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6664] <... mprotect resumed>) = 0 [pid 6664] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6672] <... openat resumed>) = 3 [pid 6667] +++ killed by SIGSEGV +++ [pid 6665] +++ killed by SIGSEGV +++ [pid 6664] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6672] write(3, "1000", 4) = 4 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6665, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6672] close(3 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6672] <... close resumed>) = 0 executing program [pid 6672] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6672] write(1, "executing program\n", 18) = 18 [pid 6672] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6672] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6672] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6672] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6672] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 6672] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6664] <... clone3 resumed> => {parent_tid=[6674]}, 88) = 6674 [pid 6672] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6675 attached ./strace-static-x86_64: Process 6674 attached [ 127.113387][ T6671] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 127.126142][ T6667] exFAT-fs (loop2): Filesystem has been set read-only [ 127.149712][ T6670] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.162163][ T6668] exFAT-fs (loop3): Filesystem has been set read-only [pid 6664] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6675] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6674] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6672] <... clone3 resumed> => {parent_tid=[6675]}, 88) = 6675 [pid 6670] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6664] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6675] <... rseq resumed>) = 0 [pid 6674] <... rseq resumed>) = 0 [pid 6672] rt_sigprocmask(SIG_SETMASK, [], [pid 6664] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6675] set_robust_list(0x7fbb68bde9a0, 24 [pid 6674] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6664] <... futex resumed>) = 0 [pid 6675] <... set_robust_list resumed>) = 0 [pid 6674] <... set_robust_list resumed>) = 0 [pid 6664] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6675] rt_sigprocmask(SIG_SETMASK, [], [pid 6674] rt_sigprocmask(SIG_SETMASK, [], [pid 6675] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6674] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6675] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6674] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6668] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6666] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... openat resumed>) = 3 [pid 6674] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6668] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6666] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6674] <... futex resumed>) = 1 [pid 6666] <... futex resumed>) = 0 [pid 6664] <... futex resumed>) = 0 [pid 6666] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6674] +++ killed by SIGSEGV +++ [pid 6672] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6670] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6666] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5820] newfstatat(3, "", [pid 6675] <... futex resumed>) = 0 [pid 6672] <... futex resumed>) = 1 [pid 6666] write(0, "\x00\x02\x00\x25\x61\x20\x25\x62\x20\x25\x65\x20\x25\x48\x3a\x25\x4d\x3a\x25\x53\x20\x25\x5a\x20\x25\x59\x00\x53\x00\x00\x00\x75\x00\x00\x00\x6e\x00\x00\x00\x00\x00\x00\x00\x4d\x00\x00\x00\x6f\x00\x00\x00\x6e\x00\x00\x00\x00\x00\x00\x00\x54\x00\x00\x00\x75\x00\x00\x00\x65\x00\x00\x00\x00\x00\x00\x00\x57\x00\x00\x00\x65\x00\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x54\x00\x00\x00\x68\x00\x00\x00\x75"..., 140722446006800 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6675] memfd_create("syzkaller", 0 [pid 6672] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] getdents64(3, [pid 6675] <... memfd_create resumed>) = 3 [pid 6675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6675] <... mmap resumed>) = 0x7fbb60600000 [pid 6675] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6670] +++ killed by SIGSEGV +++ [pid 6666] +++ killed by SIGSEGV +++ [pid 5820] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6675] munmap(0x7fbb60600000, 138412032 [pid 6671] <... mount resumed>) = 0 [pid 6668] +++ killed by SIGSEGV +++ [pid 6664] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6666, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6664, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6671] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... umount2 resumed>) = 0 [pid 6675] <... munmap resumed>) = 0 [pid 6671] <... openat resumed>) = 3 [pid 6675] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6671] chdir("./file2" [pid 5820] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6671] <... chdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6671] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6675] <... openat resumed>) = 4 [pid 5820] newfstatat(AT_FDCWD, "./76/file2", [pid 6675] ioctl(4, LOOP_SET_FD, 3 [pid 6671] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6671] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6675] <... ioctl resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6671] <... futex resumed>) = 1 [pid 6669] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6671] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6669] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6671] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6669] <... futex resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 6675] close(3 [pid 6671] mkdir("./file3", 0777 [pid 6669] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 127.180845][ T6670] exFAT-fs (loop4): Filesystem has been set read-only [ 127.191161][ T6671] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 127.214160][ T6675] loop1: detected capacity change from 0 to 256 [pid 5820] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6675] <... close resumed>) = 0 [pid 5822] getdents64(3, [pid 5821] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", [pid 6675] close(4 [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./76/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6675] <... close resumed>) = 0 [pid 6671] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... openat resumed>) = 4 [pid 5820] <... openat resumed>) = 4 [pid 5822] newfstatat(4, "", [pid 6675] mkdir("./file2", 0777 [pid 6671] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(4, "", [pid 6675] <... mkdir resumed>) = 0 [pid 6669] <... futex resumed>) = ? [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 5821] getdents64(3, [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] rmdir("./76/file2" [pid 5821] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [pid 5820] getdents64(4, [pid 6675] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 5822] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./76/binderfs") = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(3, [pid 5820] close(4 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... close resumed>) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./76" [pid 5820] rmdir("./76/file2" [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] mkdir("./77", 0777 [pid 6671] +++ killed by SIGSEGV +++ [pid 6669] +++ killed by SIGSEGV +++ [pid 5822] <... mkdir resumed>) = 0 [pid 5820] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6669, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5820] newfstatat(AT_FDCWD, "./76/binderfs", [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./76/binderfs" [ 127.230977][ T6671] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.242763][ T6671] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... unlink resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3 [pid 5821] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(3, [pid 5818] <... restart_syscall resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] umount2("./75", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 ./strace-static-x86_64: Process 6676 attached [pid 5818] newfstatat(3, "", [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6676 [pid 6676] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6676] <... set_robust_list resumed>) = 0 [pid 5820] close(3 [pid 5818] getdents64(3, [pid 6676] chdir("./77" [pid 5821] newfstatat(AT_FDCWD, "./78/file2", [pid 6675] <... mount resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6676] <... chdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] rmdir("./76" [pid 5818] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6676] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6675] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6676] <... prctl resumed>) = 0 [pid 6675] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] mkdir("./77", 0777 [pid 5818] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6676] setpgid(0, 0 [pid 6675] chdir("./file2" [pid 5821] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6676] <... setpgid resumed>) = 0 [pid 6675] <... chdir resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6676] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6675] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] newfstatat(AT_FDCWD, "./75/file2", [pid 6676] <... openat resumed>) = 3 [pid 6675] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] newfstatat(4, "", [pid 6676] write(3, "1000", 4 [pid 6675] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6676] <... write resumed>) = 4 [pid 6675] <... futex resumed>) = 1 [pid 6672] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] umount2("./75/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6676] close(3 [pid 6675] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6672] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(4, [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6676] <... close resumed>) = 0 [pid 6675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 127.276858][ T6675] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 127.292279][ T6675] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6672] <... futex resumed>) = 0 [pid 6676] symlink("/dev/binderfs", "./binderfs" [pid 6675] mkdir("./file3", 0777 [pid 6672] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... ioctl resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./75/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6676] <... symlink resumed>) = 0 [pid 5821] getdents64(4, [pid 5820] close(3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... openat resumed>) = 4 executing program [pid 6676] write(1, "executing program\n", 18) = 18 [pid 6676] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... close resumed>) = 0 [pid 6676] <... futex resumed>) = 0 [pid 6676] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6676] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6676] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6676] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] close(4 [pid 5818] newfstatat(4, "", [pid 6676] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6677]}, 88) = 6677 [pid 6676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6676] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6676] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6677 attached [pid 5821] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6677] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 5818] getdents64(4, [pid 6675] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 6678 attached [pid 6677] set_robust_list(0x7fbb68bde9a0, 24 [pid 5821] rmdir("./78/file2" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6678] set_robust_list(0x55555eedf6a0, 24 [pid 6677] <... set_robust_list resumed>) = 0 [pid 6675] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6678 [pid 5818] getdents64(4, [pid 6678] <... set_robust_list resumed>) = 0 [pid 6677] rt_sigprocmask(SIG_SETMASK, [], [pid 6672] <... futex resumed>) = ? [pid 5821] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6678] chdir("./77" [pid 6677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6677] memfd_create("syzkaller", 0 [pid 5818] close(4 [pid 6677] <... memfd_create resumed>) = 3 [pid 5821] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6677] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... close resumed>) = 0 [pid 6677] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] unlink("./78/binderfs" [pid 5818] rmdir("./75/file2" [pid 6678] <... chdir resumed>) = 0 [pid 6677] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6675] +++ killed by SIGSEGV +++ [pid 6672] +++ killed by SIGSEGV +++ [pid 5821] <... unlink resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6678] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6677] <... write resumed>) = 131072 [pid 5821] getdents64(3, [pid 5818] umount2("./75/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6678] <... prctl resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6672, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6678] setpgid(0, 0 [pid 5821] close(3 [pid 5818] newfstatat(AT_FDCWD, "./75/binderfs", [pid 6678] <... setpgid resumed>) = 0 [pid 6677] munmap(0x7fbb60600000, 138412032 [pid 5821] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6678] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6677] <... munmap resumed>) = 0 [pid 5821] rmdir("./78" [pid 5818] unlink("./75/binderfs" [pid 6678] <... openat resumed>) = 3 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5821] mkdir("./79", 0777 [pid 5818] getdents64(3, [pid 6678] write(3, "1000", 4 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6678] <... write resumed>) = 4 [pid 6677] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] close(3 [pid 6677] <... openat resumed>) = 4 [pid 5821] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5818] rmdir("./75" [pid 6678] close(3 [pid 6677] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... ioctl resumed>) = 0 [ 127.323270][ T6675] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.342729][ T6675] exFAT-fs (loop1): Filesystem has been set read-only [pid 5818] <... rmdir resumed>) = 0 [pid 6678] <... close resumed>) = 0 [pid 5821] close(3 [pid 6678] symlink("/dev/binderfs", "./binderfs" [pid 5818] mkdir("./76", 0777 [pid 6678] <... symlink resumed>) = 0 [pid 6677] <... ioctl resumed>) = 0 [pid 5821] <... close resumed>) = 0 executing program [pid 5818] <... mkdir resumed>) = 0 [pid 6678] write(1, "executing program\n", 18 [pid 6677] close(3 [pid 6678] <... write resumed>) = 18 [pid 6677] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6678] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6679 attached [pid 6678] <... futex resumed>) = 0 [pid 6677] <... close resumed>) = 0 [pid 6679] set_robust_list(0x55555eedf6a0, 24 [pid 6678] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6679] <... set_robust_list resumed>) = 0 [pid 6678] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6678] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6677] mkdir("./file2", 0777 [pid 5819] <... openat resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6679] chdir("./79" [pid 6678] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6677] <... mkdir resumed>) = 0 [pid 5819] newfstatat(3, "", [pid 5818] <... ioctl resumed>) = 0 [pid 6679] <... chdir resumed>) = 0 [pid 6678] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6679 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] close(3 [pid 6679] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6678] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6677] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] getdents64(3, [pid 5818] <... close resumed>) = 0 [pid 6679] <... prctl resumed>) = 0 [pid 6678] <... mprotect resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6678] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6679] setpgid(0, 0 [pid 6678] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6679] <... setpgid resumed>) = 0 [pid 6678] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6680 attached [pid 6679] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6680] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 6681 attached ) = 0 [pid 6679] <... openat resumed>) = 3 [pid 6678] <... clone3 resumed> => {parent_tid=[6680]}, 88) = 6680 [pid 6680] set_robust_list(0x7fbb68bde9a0, 24 [pid 6678] rt_sigprocmask(SIG_SETMASK, [], [pid 6680] <... set_robust_list resumed>) = 0 [pid 6678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6680] rt_sigprocmask(SIG_SETMASK, [], [pid 6678] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6678] <... futex resumed>) = 0 [pid 5819] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6681 [pid 6680] memfd_create("syzkaller", 0 [pid 6678] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6680] <... memfd_create resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./77/file2") = 0 [pid 5819] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6681] set_robust_list(0x55555eedf6a0, 24 [pid 6680] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6679] write(3, "1000", 4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./77/binderfs" [pid 6679] <... write resumed>) = 4 [pid 6681] <... set_robust_list resumed>) = 0 [pid 6680] <... mmap resumed>) = 0x7fbb60600000 [pid 6679] close(3 [pid 5819] <... unlink resumed>) = 0 [pid 6679] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 6681] chdir("./76" [pid 6679] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./77" [pid 6680] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6679] <... symlink resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] mkdir("./78", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 executing program [pid 5819] close(3 [pid 6681] <... chdir resumed>) = 0 [pid 6680] <... write resumed>) = 131072 [pid 6679] write(1, "executing program\n", 18 [pid 5819] <... close resumed>) = 0 [ 127.381433][ T6677] loop4: detected capacity change from 0 to 256 [ 127.416043][ T6677] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6681] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6680] munmap(0x7fbb60600000, 138412032 [pid 6679] <... write resumed>) = 18 [pid 6681] <... prctl resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6681] setpgid(0, 0 [pid 6680] <... munmap resumed>) = 0 [pid 6679] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6681] <... setpgid resumed>) = 0 [pid 6679] <... futex resumed>) = 0 [pid 6681] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6679] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6681] <... openat resumed>) = 3 [pid 6679] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6679] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6679] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6679] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6681] write(3, "1000", 4) = 4 [pid 6679] <... mprotect resumed>) = 0 [pid 6681] close(3) = 0 [pid 6680] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6679] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6681] symlink("/dev/binderfs", "./binderfs" [pid 6680] <... openat resumed>) = 4 [pid 6679] <... rt_sigprocmask resumed>[], 8) = 0 [ 127.451935][ T6677] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) ./strace-static-x86_64: Process 6682 attached [pid 6681] <... symlink resumed>) = 0 [pid 6680] ioctl(4, LOOP_SET_FD, 3 [pid 6679] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6681] write(1, "executing program\n", 18 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6682 executing program [pid 6682] set_robust_list(0x55555eedf6a0, 24 [pid 6681] <... write resumed>) = 18 [pid 6682] <... set_robust_list resumed>) = 0 [pid 6682] chdir("./78") = 0 [pid 6682] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6682] setpgid(0, 0) = 0 [pid 6682] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6681] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6679] <... clone3 resumed> => {parent_tid=[6683]}, 88) = 6683 [pid 6681] <... futex resumed>) = 0 [pid 6682] write(3, "1000", 4) = 4 [pid 6681] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6679] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6683 attached [pid 6682] close(3 [pid 6679] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6683] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6682] <... close resumed>) = 0 [pid 6681] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6679] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] symlink("/dev/binderfs", "./binderfs" [pid 6679] <... futex resumed>) = 0 [pid 6677] <... mount resumed>) = 0 [pid 6683] <... rseq resumed>) = 0 [pid 6681] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6679] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}executing program [pid 6682] <... symlink resumed>) = 0 [pid 6681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6677] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6683] set_robust_list(0x7fbb68bde9a0, 24 [pid 6682] write(1, "executing program\n", 18 [pid 6677] <... openat resumed>) = 3 [pid 6683] <... set_robust_list resumed>) = 0 [pid 6681] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6682] <... write resumed>) = 18 [pid 6677] chdir("./file2" [pid 6682] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6677] <... chdir resumed>) = 0 [pid 6682] <... futex resumed>) = 0 [pid 6677] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6682] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6677] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6682] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6677] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6677] <... futex resumed>) = 1 [pid 6676] <... futex resumed>) = 0 [pid 6683] rt_sigprocmask(SIG_SETMASK, [], [pid 6682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6681] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6677] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6682] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6681] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6676] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] memfd_create("syzkaller", 0 [pid 6682] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6677] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6681] <... mprotect resumed>) = 0 [pid 6676] <... futex resumed>) = 0 [pid 6683] <... memfd_create resumed>) = 3 [pid 6682] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6677] mkdir("./file3", 0777 [pid 6681] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6676] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6683] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6682] <... mprotect resumed>) = 0 [pid 6683] <... mmap resumed>) = 0x7fbb60600000 [pid 6681] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6680] <... ioctl resumed>) = 0 [pid 6683] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6682] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6681] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6680] close(3 [pid 6682] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6682] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6680] <... close resumed>) = 0 [pid 6681] <... clone3 resumed> => {parent_tid=[6684]}, 88) = 6684 [pid 6680] close(4 [pid 6681] rt_sigprocmask(SIG_SETMASK, [], [pid 6680] <... close resumed>) = 0 [pid 6681] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6680] mkdir("./file2", 0777 [pid 6681] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6685 attached ./strace-static-x86_64: Process 6684 attached [pid 6684] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6682] <... clone3 resumed> => {parent_tid=[6685]}, 88) = 6685 [pid 6681] <... futex resumed>) = 0 [pid 6680] <... mkdir resumed>) = 0 [pid 6684] <... rseq resumed>) = 0 [pid 6682] rt_sigprocmask(SIG_SETMASK, [], [pid 6681] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6680] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6685] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6684] set_robust_list(0x7fbb68bde9a0, 24 [pid 6682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6685] <... rseq resumed>) = 0 [pid 6684] <... set_robust_list resumed>) = 0 [pid 6682] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] set_robust_list(0x7fbb68bde9a0, 24 [pid 6684] rt_sigprocmask(SIG_SETMASK, [], [pid 6682] <... futex resumed>) = 0 [pid 6685] <... set_robust_list resumed>) = 0 [pid 6684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6682] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6685] rt_sigprocmask(SIG_SETMASK, [], [pid 6684] memfd_create("syzkaller", 0 [pid 6685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6685] memfd_create("syzkaller", 0) = 3 [pid 6684] <... memfd_create resumed>) = 3 [pid 6683] <... write resumed>) = 131072 [pid 6685] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6685] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6683] munmap(0x7fbb60600000, 138412032 [pid 6685] <... write resumed>) = 131072 [pid 6684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6683] <... munmap resumed>) = 0 [ 127.496909][ T6680] loop2: detected capacity change from 0 to 256 [ 127.520445][ T6677] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6684] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6683] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6685] munmap(0x7fbb60600000, 138412032) = 0 [pid 6684] <... write resumed>) = 131072 [pid 6683] <... openat resumed>) = 4 [pid 6685] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6685] ioctl(4, LOOP_SET_FD, 3 [pid 6683] ioctl(4, LOOP_SET_FD, 3 [pid 6676] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6684] munmap(0x7fbb60600000, 138412032 [pid 6676] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... munmap resumed>) = 0 [pid 6684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6684] ioctl(4, LOOP_SET_FD, 3 [pid 6676] <... futex resumed>) = 0 [pid 6676] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6676] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6685] <... ioctl resumed>) = 0 [pid 6676] <... mprotect resumed>) = 0 [pid 6685] close(3) = 0 [pid 6685] close(4) = 0 [pid 6685] mkdir("./file2", 0777) = 0 [pid 6676] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6685] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6676] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6684] <... ioctl resumed>) = 0 [pid 6683] <... ioctl resumed>) = 0 [pid 6680] <... mount resumed>) = 0 [pid 6677] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6676] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6686 attached [ 127.555900][ T6677] exFAT-fs (loop4): Filesystem has been set read-only [ 127.563096][ T6680] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 127.563431][ T6680] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 127.578265][ T6685] loop1: detected capacity change from 0 to 256 [ 127.591415][ T6683] loop3: detected capacity change from 0 to 256 [ 127.599098][ T6684] loop0: detected capacity change from 0 to 256 [pid 6680] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6677] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6686] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6684] close(3 [pid 6683] close(3 [pid 6680] <... openat resumed>) = 3 [pid 6683] <... close resumed>) = 0 [pid 6684] <... close resumed>) = 0 [pid 6683] close(4 [pid 6684] close(4 [pid 6676] <... clone3 resumed> => {parent_tid=[6686]}, 88) = 6686 [pid 6684] <... close resumed>) = 0 [pid 6680] chdir("./file2" [pid 6684] mkdir("./file2", 0777 [pid 6680] <... chdir resumed>) = 0 [pid 6684] <... mkdir resumed>) = 0 [pid 6680] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6684] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6680] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6680] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6680] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6677] +++ killed by SIGSEGV +++ [pid 6683] <... close resumed>) = 0 [pid 6686] <... rseq resumed>) = ? [pid 6678] <... futex resumed>) = 0 [pid 6683] mkdir("./file2", 0777) = 0 [pid 6683] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6678] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6680] <... futex resumed>) = 0 [pid 6678] <... futex resumed>) = 1 [pid 6680] mkdir("./file3", 0777 [pid 6686] +++ killed by SIGSEGV +++ [pid 6676] +++ killed by SIGSEGV +++ [pid 6678] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6676, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [ 127.632041][ T6685] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 127.658121][ T6684] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5822] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 6685] <... mount resumed>) = 0 [pid 6684] <... mount resumed>) = 0 [pid 5822] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./77/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./77/file2" [pid 6685] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./77/binderfs", [pid 6685] <... openat resumed>) = 3 [pid 6684] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6685] chdir("./file2" [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6684] <... openat resumed>) = 3 [pid 6685] <... chdir resumed>) = 0 [pid 5822] unlink("./77/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./77") = 0 [pid 5822] mkdir("./78", 0777 [pid 6685] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6684] chdir("./file2" [pid 6680] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6678] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6685] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6678] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... chdir resumed>) = 0 [pid 6685] <... futex resumed>) = 1 [pid 6680] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6684] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6678] <... futex resumed>) = 0 [pid 6685] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6684] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6682] <... futex resumed>) = 0 [pid 6684] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6682] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6685] <... futex resumed>) = 0 [pid 6684] <... futex resumed>) = 1 [pid 6682] <... futex resumed>) = 1 [pid 6681] <... futex resumed>) = 0 [pid 6685] mkdir("./file3", 0777 [pid 6684] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6681] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6681] <... futex resumed>) = 0 [ 127.676657][ T6685] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 127.687023][ T6684] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 127.687893][ T6680] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.713643][ T6680] exFAT-fs (loop2): Filesystem has been set read-only [pid 6684] mkdir("./file3", 0777 [pid 6682] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6681] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6680] +++ killed by SIGSEGV +++ [pid 6678] +++ killed by SIGSEGV +++ [pid 5822] <... mkdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6678, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 127.730851][ T6685] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.735557][ T6684] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.741334][ T6683] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 127.749893][ T6684] exFAT-fs (loop0): Filesystem has been set read-only [ 127.761626][ T6685] exFAT-fs (loop1): Filesystem has been set read-only [pid 6684] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6685] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... openat resumed>) = 3 [pid 6685] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6682] <... futex resumed>) = ? [pid 5822] <... ioctl resumed>) = 0 [pid 5820] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6684] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6687 attached [pid 5820] newfstatat(3, "", [pid 6687] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6687 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6687] <... set_robust_list resumed>) = 0 [pid 5820] getdents64(3, [pid 6687] chdir("./78" [pid 6685] +++ killed by SIGSEGV +++ [pid 6682] +++ killed by SIGSEGV +++ [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6687] <... chdir resumed>) = 0 [pid 5820] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6682, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6687] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... umount2 resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6687] <... prctl resumed>) = 0 [pid 5820] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6687] setpgid(0, 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./77/file2", [pid 6687] <... setpgid resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6687] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", [pid 6687] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6681] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] getdents64(4, [pid 6687] write(3, "1000", 4 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6687] <... write resumed>) = 4 [pid 5820] close(4 [pid 6687] close(3 [pid 5820] <... close resumed>) = 0 [pid 6687] <... close resumed>) = 0 [pid 5820] rmdir("./77/file2"executing program ) = 0 [pid 6687] symlink("/dev/binderfs", "./binderfs" [pid 5820] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6687] <... symlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./77/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6687] write(1, "executing program\n", 18) = 18 [pid 5820] close(3 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6687] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6684] +++ killed by SIGSEGV +++ [pid 6681] +++ killed by SIGSEGV +++ [pid 5820] <... close resumed>) = 0 [pid 6687] <... futex resumed>) = 0 [pid 5820] rmdir("./77" [pid 6687] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... rmdir resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6681, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6687] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] mkdir("./78", 0777 [pid 5819] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./76", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6687] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6687] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 6687] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] newfstatat(3, "", [pid 6687] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... ioctl resumed>) = 0 [pid 5819] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6687] <... mprotect resumed>) = 0 [pid 5820] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 6687] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6687] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6687] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6688 attached [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = 0 [pid 5819] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6687] <... clone3 resumed> => {parent_tid=[6688]}, 88) = 6688 [pid 6683] <... mount resumed>) = 0 [pid 6688] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6687] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6688] <... rseq resumed>) = 0 [pid 6687] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 127.770765][ T6683] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6688] set_robust_list(0x7fbb68bde9a0, 24 [pid 6687] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6683] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] newfstatat(AT_FDCWD, "./76/file2", [pid 6688] <... set_robust_list resumed>) = 0 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6688] memfd_create("syzkaller", 0 [pid 5818] umount2("./76/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./76/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6688] <... memfd_create resumed>) = 3 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6689 [pid 5818] newfstatat(4, "", [pid 6688] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6688] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] getdents64(4, [pid 6688] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 6689 attached [pid 6683] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 6683] chdir("./file2" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 6689] set_robust_list(0x55555eedf6a0, 24 [pid 6688] <... write resumed>) = 131072 [pid 6683] <... chdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./76/file2" [pid 6689] <... set_robust_list resumed>) = 0 [pid 6683] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6689] chdir("./78" [pid 6683] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6683] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6679] <... futex resumed>) = 0 [pid 5819] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6689] <... chdir resumed>) = 0 [pid 6683] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6679] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6689] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6679] <... futex resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6689] <... prctl resumed>) = 0 [pid 6683] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6679] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] newfstatat(AT_FDCWD, "./78/file2", [pid 6688] munmap(0x7fbb60600000, 138412032 [pid 6683] mkdir("./file3", 0777 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6689] setpgid(0, 0 [pid 6688] <... munmap resumed>) = 0 [pid 6689] <... setpgid resumed>) = 0 [pid 6688] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 [pid 6689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6688] <... openat resumed>) = 4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6689] <... openat resumed>) = 3 [pid 6688] ioctl(4, LOOP_SET_FD, 3 [pid 5818] umount2("./76/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6689] write(3, "1000", 4 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./76/binderfs") = 0 [pid 5818] getdents64(3, [pid 5819] newfstatat(4, "", [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] close(3 [pid 5819] getdents64(4, [pid 5818] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] rmdir("./76" [pid 5819] getdents64(4, [pid 5818] <... rmdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] mkdir("./77", 0777 [pid 6689] <... write resumed>) = 4 [pid 6688] <... ioctl resumed>) = 0 [pid 6683] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5819] close(4 [pid 5818] <... openat resumed>) = 3 [pid 5819] <... close resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 6683] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5818] <... close resumed>) = 0 [pid 5819] rmdir("./78/file2" [pid 6689] close(3 [pid 6688] close(3 [pid 6679] <... futex resumed>) = ? [pid 5819] <... rmdir resumed>) = 0 [pid 6688] <... close resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6690 attached [pid 6688] close(4 [pid 5819] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6689] <... close resumed>) = 0 [pid 6688] <... close resumed>) = 0 [pid 6683] +++ killed by SIGSEGV +++ [pid 6679] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6690] set_robust_list(0x55555eedf6a0, 24 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6679, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] newfstatat(AT_FDCWD, "./78/binderfs", [pid 6690] <... set_robust_list resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6688] mkdir("./file2", 0777 [pid 6689] symlink("/dev/binderfs", "./binderfs" [pid 6690] chdir("./77" [pid 5819] unlink("./78/binderfs" [pid 6690] <... chdir resumed>) = 0 [pid 6689] <... symlink resumed>) = 0 [pid 6688] <... mkdir resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6690 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [ 127.850013][ T6683] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 127.851091][ T6688] loop4: detected capacity change from 0 to 256 [ 127.865334][ T6683] exFAT-fs (loop3): Filesystem has been set read-only executing program [pid 6689] write(1, "executing program\n", 18 [pid 6688] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6690] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] close(3 [pid 6689] <... write resumed>) = 18 [pid 6690] <... prctl resumed>) = 0 [pid 6689] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 6690] setpgid(0, 0 [pid 6689] <... futex resumed>) = 0 [pid 5819] rmdir("./78" [pid 6690] <... setpgid resumed>) = 0 [pid 5821] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 6690] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6690] <... openat resumed>) = 3 [pid 5821] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6690] write(3, "1000", 4 [pid 5821] <... openat resumed>) = 3 [pid 5819] mkdir("./79", 0777 [pid 6690] <... write resumed>) = 4 [pid 5821] newfstatat(3, "", [pid 5819] <... mkdir resumed>) = 0 [pid 6690] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6690] <... close resumed>) = 0 executing program [pid 5821] getdents64(3, [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6690] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6690] <... symlink resumed>) = 0 [pid 5821] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6690] write(1, "executing program\n", 18 [pid 5819] <... openat resumed>) = 3 [pid 6690] <... write resumed>) = 18 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6690] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... ioctl resumed>) = 0 [pid 6690] <... futex resumed>) = 0 [pid 5819] close(3 [pid 6690] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6689] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6690] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6689] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6690] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6691 [pid 5821] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6691 attached [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6690] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6690] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... openat resumed>) = 4 [pid 6690] <... mprotect resumed>) = 0 [pid 5821] newfstatat(4, "", [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6691] set_robust_list(0x55555eedf6a0, 24 [pid 5821] getdents64(4, [pid 6691] <... set_robust_list resumed>) = 0 [pid 6690] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6691] chdir("./79" [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] getdents64(4, [pid 6691] <... chdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6691] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6690] <... clone3 resumed> => {parent_tid=[6692]}, 88) = 6692 [pid 5821] close(4 [pid 6691] <... prctl resumed>) = 0 [pid 6690] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./79/file2") = 0 [pid 6689] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6692 attached [pid 6689] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6691] setpgid(0, 0) = 0 [pid 5821] newfstatat(AT_FDCWD, "./79/binderfs", [pid 6691] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6691] write(3, "1000", 4 [pid 6690] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] unlink("./79/binderfs" [pid 6691] <... write resumed>) = 4 [pid 6690] <... futex resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6691] close(3 [ 127.903524][ T6688] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6690] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] getdents64(3, [pid 6691] <... close resumed>) = 0 [pid 6689] <... mprotect resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6692] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6691] symlink("/dev/binderfs", "./binderfs" [pid 5821] close(3 [pid 6691] <... symlink resumed>) = 0 [pid 5821] <... close resumed>) = 0 executing program [pid 6691] write(1, "executing program\n", 18 [pid 5821] rmdir("./79" [pid 6691] <... write resumed>) = 18 [pid 5821] <... rmdir resumed>) = 0 [pid 6691] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6691] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5821] mkdir("./80", 0777 [pid 6691] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... mkdir resumed>) = 0 [pid 6691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6691] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6691] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6692] <... rseq resumed>) = 0 [pid 6689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6692] set_robust_list(0x7fbb68bde9a0, 24 [pid 6691] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6692] <... set_robust_list resumed>) = 0 [pid 6691] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6693 attached [pid 6692] rt_sigprocmask(SIG_SETMASK, [], [pid 6691] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6694 attached [pid 6692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6689] <... clone3 resumed> => {parent_tid=[6693]}, 88) = 6693 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6694] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6693] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6692] memfd_create("syzkaller", 0 [pid 6689] rt_sigprocmask(SIG_SETMASK, [], [pid 6694] <... rseq resumed>) = 0 [pid 6693] <... rseq resumed>) = 0 [pid 6692] <... memfd_create resumed>) = 3 [pid 6689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 6694] set_robust_list(0x7fbb68bde9a0, 24 [pid 6693] set_robust_list(0x7fbb68bde9a0, 24 [pid 6692] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6691] <... clone3 resumed> => {parent_tid=[6694]}, 88) = 6694 [pid 6689] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... mount resumed>) = 0 [pid 6694] <... set_robust_list resumed>) = 0 [pid 6693] <... set_robust_list resumed>) = 0 [pid 6692] <... mmap resumed>) = 0x7fbb60600000 [pid 6691] rt_sigprocmask(SIG_SETMASK, [], [pid 6689] <... futex resumed>) = 0 [pid 5821] close(3 [pid 6694] rt_sigprocmask(SIG_SETMASK, [], [pid 6693] rt_sigprocmask(SIG_SETMASK, [], [pid 6692] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6689] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6692] <... write resumed>) = 131072 [pid 6694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6692] munmap(0x7fbb60600000, 138412032 [pid 6691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6688] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6694] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6693] memfd_create("syzkaller", 0 [pid 6692] <... munmap resumed>) = 0 [pid 6693] <... memfd_create resumed>) = 3 [pid 6691] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6688] <... openat resumed>) = 3 [pid 6693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6694] <... futex resumed>) = 0 [pid 6691] <... futex resumed>) = 1 [pid 6694] memfd_create("syzkaller", 0 [pid 6693] <... mmap resumed>) = 0x7fbb60600000 [pid 6692] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6691] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6688] chdir("./file2" [pid 5821] <... close resumed>) = 0 [pid 6688] <... chdir resumed>) = 0 [pid 6692] <... openat resumed>) = 4 [pid 6688] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6694] <... memfd_create resumed>) = 3 [ 127.945552][ T6688] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6694] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 6695 attached ) = 0x7fbb60600000 [pid 6692] ioctl(4, LOOP_SET_FD, 3 [pid 6688] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6688] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6695] set_robust_list(0x55555eedf6a0, 24 [pid 6694] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6693] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6695] <... set_robust_list resumed>) = 0 [pid 6692] <... ioctl resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6695 [pid 6687] <... futex resumed>) = 0 [pid 6687] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] chdir("./80" [pid 6687] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6692] close(3) = 0 [pid 6695] <... chdir resumed>) = 0 [pid 6694] <... write resumed>) = 131072 [pid 6693] <... write resumed>) = 131072 [pid 6692] close(4 [pid 6688] <... futex resumed>) = 1 [pid 6695] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6692] <... close resumed>) = 0 [pid 6695] <... prctl resumed>) = 0 [pid 6692] mkdir("./file2", 0777 [pid 6695] setpgid(0, 0 [pid 6692] <... mkdir resumed>) = 0 [pid 6695] <... setpgid resumed>) = 0 [pid 6688] mkdir("./file3", 0777 [pid 6695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6694] munmap(0x7fbb60600000, 138412032 [pid 6695] <... openat resumed>) = 3 [pid 6694] <... munmap resumed>) = 0 [pid 6693] munmap(0x7fbb60600000, 138412032 [pid 6692] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6693] <... munmap resumed>) = 0 [pid 6695] write(3, "1000", 4) = 4 [pid 6694] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6693] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6695] close(3 [pid 6694] <... openat resumed>) = 4 [pid 6693] <... openat resumed>) = 4 [pid 6693] ioctl(4, LOOP_SET_FD, 3 [pid 6695] <... close resumed>) = 0 [ 127.991156][ T6692] loop0: detected capacity change from 0 to 256 [ 128.012544][ T6688] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.031722][ T6693] loop2: detected capacity change from 0 to 256 [pid 6694] ioctl(4, LOOP_SET_FD, 3executing program [pid 6695] symlink("/dev/binderfs", "./binderfs" [pid 6688] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6687] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6695] <... symlink resumed>) = 0 [pid 6695] write(1, "executing program\n", 18) = 18 [pid 6695] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6695] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6695] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6696]}, 88) = 6696 [pid 6688] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6687] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6693] <... ioctl resumed>) = 0 [pid 6693] close(3) = 0 ./strace-static-x86_64: Process 6696 attached [pid 6695] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] close(4 [pid 6687] <... futex resumed>) = ? [pid 6695] <... futex resumed>) = 0 [pid 6693] <... close resumed>) = 0 [pid 6695] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6693] mkdir("./file2", 0777) = 0 [pid 6696] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6696] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6693] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6688] +++ killed by SIGSEGV +++ [pid 6687] +++ killed by SIGSEGV +++ [pid 6696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6687, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6696] memfd_create("syzkaller", 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6696] <... memfd_create resumed>) = 3 [pid 6696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6696] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6696] <... write resumed>) = 131072 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 128.038904][ T6694] loop1: detected capacity change from 0 to 256 [ 128.045267][ T6688] exFAT-fs (loop4): Filesystem has been set read-only [ 128.052943][ T6692] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6694] <... ioctl resumed>) = 0 [pid 6694] close(3 [pid 6696] munmap(0x7fbb60600000, 138412032 [pid 6694] <... close resumed>) = 0 [pid 6696] <... munmap resumed>) = 0 [pid 6694] close(4 [pid 6696] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6694] <... close resumed>) = 0 [pid 6692] <... mount resumed>) = 0 [pid 6696] ioctl(4, LOOP_SET_FD, 3 [pid 6694] mkdir("./file2", 0777 [pid 6692] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6694] <... mkdir resumed>) = 0 [pid 6692] <... openat resumed>) = 3 [pid 6694] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6692] chdir("./file2") = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 6692] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6692] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6692] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6690] <... futex resumed>) = 0 [ 128.084923][ T6692] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.103175][ T6693] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.117050][ T6696] loop3: detected capacity change from 0 to 256 [pid 5822] getdents64(4, [pid 6690] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6690] <... futex resumed>) = 1 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6692] <... futex resumed>) = 0 [pid 5822] close(4 [pid 6692] mkdir("./file3", 0777 [pid 5822] <... close resumed>) = 0 [pid 6690] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] rmdir("./78/file2") = 0 [pid 5822] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6696] <... ioctl resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6696] close(3) = 0 [pid 6696] close(4 [pid 5822] unlink("./78/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6696] <... close resumed>) = 0 [pid 6696] mkdir("./file2", 0777) = 0 [pid 5822] close(3 [pid 6696] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./78") = 0 [pid 5822] mkdir("./79", 0777) = 0 [ 128.135414][ T6694] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.152473][ T6696] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.165484][ T6693] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.176495][ T6692] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6690] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6690] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6690] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6690] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6690] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] close(3 [pid 6690] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... close resumed>) = 0 [pid 6693] <... mount resumed>) = 0 [pid 6690] <... mprotect resumed>) = 0 [pid 6690] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6694] <... mount resumed>) = 0 [pid 6694] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6697 attached [pid 6697] set_robust_list(0x55555eedf6a0, 24 [pid 6696] <... mount resumed>) = 0 [pid 6694] <... openat resumed>) = 3 [pid 6693] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6692] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6690] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6697 [pid 6693] <... openat resumed>) = 3 [pid 6690] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6694] chdir("./file2"./strace-static-x86_64: Process 6698 attached [pid 6697] <... set_robust_list resumed>) = 0 [pid 6696] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6694] <... chdir resumed>) = 0 [pid 6693] chdir("./file2" [pid 6692] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6696] <... openat resumed>) = 3 [pid 6694] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6693] <... chdir resumed>) = 0 [pid 6690] <... clone3 resumed> ) = ? [pid 6697] chdir("./79" [pid 6698] +++ killed by SIGSEGV +++ [pid 6697] <... chdir resumed>) = 0 [pid 6696] chdir("./file2" [pid 6694] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6693] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6692] +++ killed by SIGSEGV +++ [pid 6690] +++ killed by SIGSEGV +++ [pid 6697] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6696] <... chdir resumed>) = 0 [pid 6694] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6693] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6697] <... prctl resumed>) = 0 [pid 6696] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6694] <... futex resumed>) = 1 [pid 6693] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6691] <... futex resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6690, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6697] setpgid(0, 0 [pid 6696] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6694] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6691] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6697] <... setpgid resumed>) = 0 [ 128.188016][ T6694] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.197522][ T6696] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.216074][ T6692] exFAT-fs (loop0): Filesystem has been set read-only [pid 6696] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6691] <... futex resumed>) = 0 [pid 6689] <... futex resumed>) = 0 [pid 6697] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6696] <... futex resumed>) = 1 [pid 6695] <... futex resumed>) = 0 [pid 6694] mkdir("./file3", 0777 [pid 6693] <... futex resumed>) = 1 [pid 6691] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... restart_syscall resumed>) = 0 [pid 6697] <... openat resumed>) = 3 [pid 6696] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6695] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6697] write(3, "1000", 4 [pid 6696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6697] <... write resumed>) = 4 [pid 6696] mkdir("./file3", 0777 [pid 6697] close(3) = 0 [pid 6697] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6697] write(1, "executing program\n", 18) = 18 [pid 6697] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6697] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6697] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6697] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6697] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6697] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6689] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6699 attached [pid 6695] <... futex resumed>) = 0 [pid 6693] mkdir("./file3", 0777 [pid 6697] <... clone3 resumed> => {parent_tid=[6699]}, 88) = 6699 [pid 6697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6697] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6697] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6699] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6695] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6689] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6696] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6699] <... rseq resumed>) = 0 [pid 6694] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6693] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] umount2("./77", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6696] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6699] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6699] rt_sigprocmask(SIG_SETMASK, [], [pid 6694] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6693] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6691] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6699] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6695] <... futex resumed>) = ? [pid 5818] <... openat resumed>) = 3 [pid 6699] memfd_create("syzkaller", 0 [pid 6696] +++ killed by SIGSEGV +++ [pid 6689] <... futex resumed>) = ? [pid 6695] +++ killed by SIGSEGV +++ [pid 6693] +++ killed by SIGSEGV +++ [pid 6689] +++ killed by SIGSEGV +++ [pid 5818] newfstatat(3, "", [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6695, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6699] <... memfd_create resumed>) = 3 [pid 6694] +++ killed by SIGSEGV +++ [pid 6691] +++ killed by SIGSEGV +++ [pid 5821] <... restart_syscall resumed>) = 0 [pid 6699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6689, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6699] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6691, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5820] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 128.246895][ T6694] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.256597][ T6696] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.263789][ T6694] exFAT-fs (loop1): Filesystem has been set read-only [ 128.270009][ T6696] exFAT-fs (loop3): Filesystem has been set read-only [ 128.274434][ T6693] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.290214][ T6693] exFAT-fs (loop2): Filesystem has been set read-only [pid 5821] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6699] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... openat resumed>) = 3 [pid 5818] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6699] <... write resumed>) = 131072 [pid 5821] newfstatat(3, "", [pid 5820] getdents64(3, [pid 5819] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6699] munmap(0x7fbb60600000, 138412032 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... openat resumed>) = 3 [pid 5818] newfstatat(AT_FDCWD, "./77/file2", [pid 5821] getdents64(3, [pid 5819] newfstatat(3, "", [pid 6699] <... munmap resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6699] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 5818] umount2("./77/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6699] <... openat resumed>) = 4 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6699] ioctl(4, LOOP_SET_FD, 3 [pid 5819] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./80/file2", [pid 5820] newfstatat(AT_FDCWD, "./78/file2", [pid 5818] openat(AT_FDCWD, "./77/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... openat resumed>) = 4 [pid 5821] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6699] <... ioctl resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6699] close(3 [pid 5820] <... openat resumed>) = 4 [pid 6699] <... close resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5820] newfstatat(4, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6699] close(4 [pid 5821] newfstatat(4, "", [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(AT_FDCWD, "./79/file2", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6699] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 5819] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, [pid 6699] mkdir("./file2", 0777 [pid 5819] <... openat resumed>) = 4 [pid 5818] getdents64(4, [pid 5821] getdents64(4, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 5818] close(4 [pid 6699] <... mkdir resumed>) = 0 [pid 5821] close(4 [pid 5820] <... close resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 5818] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] rmdir("./78/file2" [pid 5821] rmdir("./80/file2" [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] rmdir("./77/file2" [pid 6699] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... rmdir resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] <... rmdir resumed>) = 0 [pid 5820] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./77/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(4, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./78/binderfs", [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(AT_FDCWD, "./77/binderfs", [pid 5821] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./78/binderfs" [pid 5819] close(4 [pid 5818] unlink("./77/binderfs" [pid 5821] unlink("./80/binderfs" [pid 5820] <... unlink resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./79/file2" [pid 5820] getdents64(3, [pid 5818] getdents64(3, [pid 5821] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] close(3 [pid 5821] close(3 [pid 5820] <... close resumed>) = 0 [pid 5819] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] rmdir("./78" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] rmdir("./77" [pid 5821] rmdir("./80") = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [ 128.355995][ T6699] loop4: detected capacity change from 0 to 256 [pid 5821] mkdir("./81", 0777) = 0 [pid 5820] mkdir("./79", 0777 [pid 5819] newfstatat(AT_FDCWD, "./79/binderfs", [pid 5818] mkdir("./78", 0777 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... ioctl resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] close(3 [pid 5818] <... openat resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6699] <... mount resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] unlink("./79/binderfs" [pid 5818] <... ioctl resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] close(3 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5820] close(3 [pid 5819] getdents64(3, [pid 6699] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6699] <... openat resumed>) = 3 [pid 5820] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6699] chdir("./file2"./strace-static-x86_64: Process 6701 attached [pid 5819] close(3 [pid 6699] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6700 attached [pid 6701] set_robust_list(0x55555eedf6a0, 24 [pid 6699] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... close resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6701 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6700 [pid 6700] set_robust_list(0x55555eedf6a0, 24 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6700] <... set_robust_list resumed>) = 0 [pid 6700] chdir("./78" [pid 6701] <... set_robust_list resumed>) = 0 [pid 6700] <... chdir resumed>) = 0 [pid 6699] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] rmdir("./79" [pid 6699] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] chdir("./81" [pid 6700] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6699] <... futex resumed>) = 1 ./strace-static-x86_64: Process 6702 attached [pid 6700] <... prctl resumed>) = 0 [pid 6700] setpgid(0, 0 [pid 6699] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6697] <... futex resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6701] <... chdir resumed>) = 0 [pid 6700] <... setpgid resumed>) = 0 [pid 6699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6697] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6702 [pid 5819] mkdir("./80", 0777 [pid 6701] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6699] mkdir("./file3", 0777 [pid 6697] <... futex resumed>) = 0 [pid 6702] set_robust_list(0x55555eedf6a0, 24 [pid 6700] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6697] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... mkdir resumed>) = 0 [ 128.396672][ T6699] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.411401][ T6699] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6702] <... set_robust_list resumed>) = 0 [pid 6700] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6702] chdir("./79" [pid 6700] write(3, "1000", 4 [pid 6702] <... chdir resumed>) = 0 [pid 6700] <... write resumed>) = 4 [pid 6702] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6700] close(3 [pid 6702] <... prctl resumed>) = 0 [pid 6702] setpgid(0, 0 [pid 6700] <... close resumed>) = 0 [pid 6702] <... setpgid resumed>) = 0 [pid 6700] symlink("/dev/binderfs", "./binderfs" [pid 6702] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6700] <... symlink resumed>) = 0 executing program [pid 6702] <... openat resumed>) = 3 [pid 6702] write(3, "1000", 4 [pid 6700] write(1, "executing program\n", 18 [pid 6702] <... write resumed>) = 4 [pid 6702] close(3 [pid 6700] <... write resumed>) = 18 [pid 6702] <... close resumed>) = 0 [pid 6700] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6702] symlink("/dev/binderfs", "./binderfs" [pid 6700] <... futex resumed>) = 0 [pid 6702] <... symlink resumed>) = 0 [pid 6700] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 executing program [pid 6700] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6702] write(1, "executing program\n", 18 [pid 6700] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6702] <... write resumed>) = 18 [pid 6700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6702] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... prctl resumed>) = 0 [pid 6700] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... openat resumed>) = 3 [pid 6702] <... futex resumed>) = 0 [pid 6701] setpgid(0, 0 [pid 6700] <... mprotect resumed>) = 0 [pid 6702] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6700] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6702] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6702] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6700] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6700] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6701] <... setpgid resumed>) = 0 [pid 6699] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6702] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... ioctl resumed>) = 0 [pid 6702] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] close(3 [pid 6702] <... mprotect resumed>) = 0 [pid 6700] <... clone3 resumed> => {parent_tid=[6703]}, 88) = 6703 ./strace-static-x86_64: Process 6703 attached [pid 6702] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6700] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 6700] <... futex resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6700] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6702] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6702] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6704 attached [pid 6703] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053./strace-static-x86_64: Process 6705 attached ) = 0 [pid 6702] <... clone3 resumed> => {parent_tid=[6704]}, 88) = 6704 [pid 6705] set_robust_list(0x55555eedf6a0, 24 [pid 6703] set_robust_list(0x7fbb68bde9a0, 24 [pid 6702] rt_sigprocmask(SIG_SETMASK, [], [pid 6699] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6705 [pid 6705] <... set_robust_list resumed>) = 0 [pid 6704] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6703] <... set_robust_list resumed>) = 0 [pid 6702] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6705] chdir("./80" [pid 6704] <... rseq resumed>) = 0 [pid 6703] rt_sigprocmask(SIG_SETMASK, [], [pid 6702] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] <... chdir resumed>) = 0 [pid 6704] set_robust_list(0x7fbb68bde9a0, 24 [pid 6703] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6702] <... futex resumed>) = 0 [pid 6697] <... futex resumed>) = ? [pid 6705] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6704] <... set_robust_list resumed>) = 0 [pid 6701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6705] <... prctl resumed>) = 0 [pid 6704] rt_sigprocmask(SIG_SETMASK, [], [pid 6703] memfd_create("syzkaller", 0 [pid 6702] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6705] setpgid(0, 0 [pid 6704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6703] <... memfd_create resumed>) = 3 [pid 6705] <... setpgid resumed>) = 0 [pid 6704] memfd_create("syzkaller", 0) = 3 [pid 6703] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6705] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6704] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6703] <... mmap resumed>) = 0x7fbb60600000 [pid 6705] <... openat resumed>) = 3 [pid 6704] <... mmap resumed>) = 0x7fbb60600000 [pid 6701] <... openat resumed>) = 3 [pid 6705] write(3, "1000", 4 [pid 6704] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6703] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6699] +++ killed by SIGSEGV +++ [pid 6697] +++ killed by SIGSEGV +++ [pid 6705] <... write resumed>) = 4 [pid 6701] write(3, "1000", 4 [pid 6705] close(3 [pid 6701] <... write resumed>) = 4 [pid 6705] <... close resumed>) = 0 [pid 6701] close(3 [pid 6705] symlink("/dev/binderfs", "./binderfs" [pid 6701] <... close resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6697, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6705] <... symlink resumed>) = 0 [pid 6701] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY executing program executing program [pid 6701] <... symlink resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6705] write(1, "executing program\n", 18 [pid 6704] <... write resumed>) = 131072 [pid 6703] <... write resumed>) = 131072 [pid 6701] write(1, "executing program\n", 18 [pid 5822] newfstatat(3, "", [pid 6705] <... write resumed>) = 18 [pid 6701] <... write resumed>) = 18 [pid 6705] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6705] <... futex resumed>) = 0 [pid 6701] <... futex resumed>) = 0 [ 128.454386][ T6699] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.470760][ T6699] exFAT-fs (loop4): Filesystem has been set read-only [pid 5822] getdents64(3, [pid 6705] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6704] munmap(0x7fbb60600000, 138412032 [pid 6703] munmap(0x7fbb60600000, 138412032 [pid 6701] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6705] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6704] <... munmap resumed>) = 0 [pid 6703] <... munmap resumed>) = 0 [pid 6701] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6705] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... umount2 resumed>) = 0 [pid 6705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6704] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6703] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6705] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6704] <... openat resumed>) = 4 [pid 6703] <... openat resumed>) = 4 [pid 6701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6705] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6704] ioctl(4, LOOP_SET_FD, 3 [pid 6703] ioctl(4, LOOP_SET_FD, 3 [pid 6705] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6705] <... mprotect resumed>) = 0 [pid 6701] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./79/file2", [pid 6705] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6701] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6705] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6701] <... mprotect resumed>) = 0 [pid 6701] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6701] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6707 attached ) = 4 [pid 6707] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6703] <... ioctl resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 6705] <... clone3 resumed> => {parent_tid=[6706]}, 88) = 6706 [pid 6701] <... clone3 resumed> => {parent_tid=[6707]}, 88) = 6707 ./strace-static-x86_64: Process 6706 attached [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 6705] rt_sigprocmask(SIG_SETMASK, [], [pid 6701] rt_sigprocmask(SIG_SETMASK, [], [pid 6707] <... rseq resumed>) = 0 [pid 6705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6701] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6707] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6701] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] rt_sigprocmask(SIG_SETMASK, [], [pid 6705] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6701] <... futex resumed>) = 0 [pid 6707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6705] <... futex resumed>) = 0 [pid 6701] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6706] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6705] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] close(4 [pid 6707] memfd_create("syzkaller", 0 [pid 6706] <... rseq resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6706] set_robust_list(0x7fbb68bde9a0, 24 [pid 5822] rmdir("./79/file2" [pid 6706] <... set_robust_list resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6706] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6706] memfd_create("syzkaller", 0 [pid 5822] newfstatat(AT_FDCWD, "./79/binderfs", [pid 6706] <... memfd_create resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6706] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] unlink("./79/binderfs" [pid 6707] <... memfd_create resumed>) = 3 [pid 6706] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] <... unlink resumed>) = 0 [pid 6707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 6704] <... ioctl resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6704] close(3 [pid 5822] rmdir("./79" [pid 6707] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] <... rmdir resumed>) = 0 [pid 6704] <... close resumed>) = 0 [pid 5822] mkdir("./80", 0777 [pid 6704] close(4 [pid 5822] <... mkdir resumed>) = 0 [pid 6707] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6704] <... close resumed>) = 0 [pid 6706] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6704] mkdir("./file2", 0777 [pid 6707] <... write resumed>) = 131072 [pid 6704] <... mkdir resumed>) = 0 [pid 6703] close(3) = 0 [pid 6703] close(4) = 0 [pid 6703] mkdir("./file2", 0777 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6706] <... write resumed>) = 131072 [pid 6704] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6703] <... mkdir resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6703] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6706] munmap(0x7fbb60600000, 138412032 [pid 5822] <... ioctl resumed>) = 0 [pid 6706] <... munmap resumed>) = 0 [pid 5822] close(3 [pid 6706] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... close resumed>) = 0 [pid 6706] <... openat resumed>) = 4 [ 128.530522][ T6704] loop2: detected capacity change from 0 to 256 [ 128.540999][ T6703] loop0: detected capacity change from 0 to 256 [pid 6706] ioctl(4, LOOP_SET_FD, 3 [pid 6707] munmap(0x7fbb60600000, 138412032) = 0 [pid 6706] <... ioctl resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 6708 ./strace-static-x86_64: Process 6708 attached [pid 6708] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6706] close(3 [pid 6708] chdir("./80" [pid 6706] <... close resumed>) = 0 [pid 6708] <... chdir resumed>) = 0 [pid 6706] close(4 [pid 6708] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6706] <... close resumed>) = 0 [pid 6708] <... prctl resumed>) = 0 [pid 6706] mkdir("./file2", 0777 [pid 6708] setpgid(0, 0 [pid 6706] <... mkdir resumed>) = 0 [pid 6708] <... setpgid resumed>) = 0 [pid 6706] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6708] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6707] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6707] ioctl(4, LOOP_SET_FD, 3 [pid 6708] write(3, "1000", 4) = 4 [pid 6708] close(3executing program ) = 0 [pid 6708] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6708] write(1, "executing program\n", 18) = 18 [pid 6708] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6708] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6708] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6708] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6708] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6708] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6708] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6709 attached => {parent_tid=[6709]}, 88) = 6709 [pid 6709] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6709] <... rseq resumed>) = 0 [pid 6708] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] set_robust_list(0x7fbb68bde9a0, 24 [pid 6708] <... futex resumed>) = 0 [pid 6709] <... set_robust_list resumed>) = 0 [pid 6709] rt_sigprocmask(SIG_SETMASK, [], [pid 6708] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6709] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 128.586284][ T6704] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.599814][ T6706] loop1: detected capacity change from 0 to 256 [ 128.621313][ T6707] loop3: detected capacity change from 0 to 256 [pid 6709] memfd_create("syzkaller", 0) = 3 [pid 6703] <... mount resumed>) = 0 [pid 6709] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6703] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6709] <... mmap resumed>) = 0x7fbb60600000 [pid 6703] <... openat resumed>) = 3 [pid 6709] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6703] chdir("./file2") = 0 [pid 6703] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6703] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6700] <... futex resumed>) = 0 [pid 6700] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6700] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6703] mkdir("./file3", 0777 [pid 6709] <... write resumed>) = 131072 [pid 6704] <... mount resumed>) = 0 [pid 6704] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6709] munmap(0x7fbb60600000, 138412032 [pid 6704] chdir("./file2" [pid 6709] <... munmap resumed>) = 0 [pid 6704] <... chdir resumed>) = 0 [ 128.628685][ T6704] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.639562][ T6703] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.639867][ T6703] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.665469][ T6703] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.671520][ T6706] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6704] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6704] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6709] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6709] ioctl(4, LOOP_SET_FD, 3 [pid 6704] <... futex resumed>) = 1 [pid 6704] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6702] <... futex resumed>) = 0 [pid 6702] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6702] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6704] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6700] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6704] mkdir("./file3", 0777 [pid 6707] <... ioctl resumed>) = 0 [pid 6706] <... mount resumed>) = 0 [pid 6700] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6706] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6700] <... futex resumed>) = 0 [pid 6706] <... openat resumed>) = 3 [pid 6707] close(3 [pid 6706] chdir("./file2" [pid 6700] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6707] <... close resumed>) = 0 [pid 6706] <... chdir resumed>) = 0 [pid 6707] close(4 [pid 6706] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6700] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6707] <... close resumed>) = 0 [pid 6709] <... ioctl resumed>) = 0 [pid 6707] mkdir("./file2", 0777 [pid 6706] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6700] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6709] close(3 [pid 6707] <... mkdir resumed>) = 0 [pid 6706] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6700] <... mprotect resumed>) = 0 [pid 6703] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6709] <... close resumed>) = 0 [pid 6706] <... futex resumed>) = 1 [pid 6705] <... futex resumed>) = 0 [pid 6709] close(4 [pid 6706] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [ 128.687331][ T6706] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.694767][ T6709] loop4: detected capacity change from 0 to 256 [ 128.707350][ T6703] exFAT-fs (loop0): Filesystem has been set read-only [ 128.717902][ T6704] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6700] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6705] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6703] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6709] <... close resumed>) = 0 [pid 6707] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6704] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6702] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6700] <... rt_sigprocmask resumed>0x7ffc7f680ad8, 8) = -1 ETIMEDOUT (Connection timed out) [pid 6709] mkdir("./file2", 0777 [pid 6706] mkdir("./file3", 0777 [pid 6705] <... futex resumed>) = 0 [pid 6705] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6702] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6709] <... mkdir resumed>) = 0 [pid 6704] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6703] +++ killed by SIGSEGV +++ [pid 6702] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6700] +++ killed by SIGSEGV +++ [pid 6702] <... mmap resumed>) = ? [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6700, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 6709] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] umount2("./78", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 128.747527][ T6704] exFAT-fs (loop2): Filesystem has been set read-only [ 128.763210][ T6706] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5818] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6704] +++ killed by SIGSEGV +++ [pid 6702] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6702, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./78/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./78/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./78/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(4, "", [pid 5820] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(3, "", [pid 5818] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(3, [pid 5818] getdents64(4, [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6706] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6705] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./79/file2", [pid 5818] rmdir("./78/file2" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5820] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./78/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./78/binderfs" [pid 5820] <... openat resumed>) = 4 [pid 5818] <... unlink resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5818] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(4, [pid 5818] close(3 [pid 6705] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] rmdir("./78" [pid 6706] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6705] <... futex resumed>) = 0 [ 128.793727][ T6707] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.809975][ T6706] exFAT-fs (loop1): Filesystem has been set read-only [ 128.814110][ T6709] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 128.817996][ T6707] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] <... rmdir resumed>) = 0 [pid 6709] <... mount resumed>) = 0 [pid 6707] <... mount resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6709] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6707] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] close(4 [pid 5818] mkdir("./79", 0777 [pid 6709] <... openat resumed>) = 3 [pid 6707] <... openat resumed>) = 3 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./79/file2" [pid 6706] +++ killed by SIGSEGV +++ [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6709] chdir("./file2" [pid 6707] chdir("./file2" [pid 5820] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6709] <... chdir resumed>) = 0 [pid 6707] <... chdir resumed>) = 0 [pid 6709] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] newfstatat(AT_FDCWD, "./79/binderfs", [pid 5818] <... openat resumed>) = 3 [pid 6709] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6709] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] unlink("./79/binderfs" [pid 6709] <... futex resumed>) = 1 [pid 6708] <... futex resumed>) = 0 [pid 6707] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6709] mkdir("./file3", 0777 [pid 6708] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6707] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6705] +++ killed by SIGSEGV +++ [pid 5820] <... unlink resumed>) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6708] <... futex resumed>) = 0 [pid 6707] <... futex resumed>) = 1 [pid 6701] <... futex resumed>) = 0 [pid 5820] getdents64(3, [pid 5818] close(3 [pid 6708] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6707] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6701] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6705, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5820] close(3 [pid 5818] <... close resumed>) = 0 [pid 6707] mkdir("./file3", 0777 [pid 5820] <... close resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5820] rmdir("./79") = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6701] <... futex resumed>) = 0 [pid 5820] mkdir("./80", 0777 [pid 6701] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... mkdir resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5820] close(3 [pid 5819] newfstatat(3, "", [pid 5820] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(3, ./strace-static-x86_64: Process 6710 attached 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6711 attached [ 128.841211][ T6709] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 128.865627][ T6709] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.875863][ T6707] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 128.887021][ T6709] exFAT-fs (loop4): Filesystem has been set read-only ) = 0 [pid 6711] set_robust_list(0x55555eedf6a0, 24 [pid 6710] set_robust_list(0x55555eedf6a0, 24 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6710 [pid 6710] <... set_robust_list resumed>) = 0 [pid 5819] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6710] chdir("./80") = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6710] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] newfstatat(AT_FDCWD, "./80/file2", [pid 6711] <... set_robust_list resumed>) = 0 [pid 6710] <... prctl resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6711 [pid 6709] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6711] chdir("./79" [pid 6710] setpgid(0, 0 [pid 6707] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6711] <... chdir resumed>) = 0 [pid 6710] <... setpgid resumed>) = 0 [pid 6709] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6710] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6711] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6710] <... openat resumed>) = 3 [pid 6708] <... futex resumed>) = ? [pid 5819] <... openat resumed>) = 4 [pid 6711] <... prctl resumed>) = 0 [pid 6711] setpgid(0, 0 [pid 6709] +++ killed by SIGSEGV +++ [pid 6711] <... setpgid resumed>) = 0 [pid 6707] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6711] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6710] write(3, "1000", 4 [pid 6701] <... futex resumed>) = ? [pid 5819] newfstatat(4, "", [pid 6711] <... openat resumed>) = 3 [pid 6710] <... write resumed>) = 4 [pid 6708] +++ killed by SIGSEGV +++ [pid 6707] +++ killed by SIGSEGV +++ [pid 6710] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6708, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6710] <... close resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5819] getdents64(4, [pid 6710] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6710] <... symlink resumed>) = 0 [pid 6701] +++ killed by SIGSEGV +++ [pid 6711] write(3, "1000", 4 [pid 5819] getdents64(4, executing program [pid 6711] <... write resumed>) = 4 [pid 6710] write(1, "executing program\n", 18 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6701, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6711] close(3 [pid 6710] <... write resumed>) = 18 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] close(4 [pid 6711] <... close resumed>) = 0 [pid 6710] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 6711] symlink("/dev/binderfs", "./binderfs" [pid 6710] <... futex resumed>) = 0 [pid 5819] rmdir("./80/file2"executing program [pid 6711] <... symlink resumed>) = 0 [pid 6710] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... rmdir resumed>) = 0 [pid 6710] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6711] write(1, "executing program\n", 18 [pid 6710] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6711] <... write resumed>) = 18 [pid 6710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6711] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6711] <... futex resumed>) = 0 [pid 6710] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6711] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6710] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6711] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6710] <... mprotect resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6711] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6710] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(AT_FDCWD, "./80/binderfs", [pid 6711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6710] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 6711] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6711] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... openat resumed>) = 3 [pid 5821] newfstatat(3, "", [pid 5819] unlink("./80/binderfs"./strace-static-x86_64: Process 6712 attached [pid 6711] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(3, "", [pid 6712] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6711] <... mprotect resumed>) = 0 [pid 6710] <... clone3 resumed> => {parent_tid=[6712]}, 88) = 6712 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 6712] <... rseq resumed>) = 0 [pid 6711] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6710] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 6712] set_robust_list(0x7fbb68bde9a0, 24 [pid 6711] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6710] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 128.894727][ T6707] exFAT-fs (loop3): Filesystem has been set read-only [pid 5822] getdents64(3, [pid 5821] getdents64(3, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6712] <... set_robust_list resumed>) = 0 [pid 6711] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6710] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6713 attached [pid 6712] rt_sigprocmask(SIG_SETMASK, [], [pid 6710] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] close(3 [pid 6713] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6711] <... clone3 resumed> => {parent_tid=[6713]}, 88) = 6713 [pid 6710] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6712] memfd_create("syzkaller", 0 [pid 6711] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... close resumed>) = 0 [pid 6711] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6711] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] rmdir("./80" [pid 6712] <... memfd_create resumed>) = 3 [pid 6711] <... futex resumed>) = 0 [pid 6712] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6711] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6712] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] mkdir("./81", 0777) = 0 [pid 6712] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6713] <... rseq resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6713] set_robust_list(0x7fbb68bde9a0, 24 [pid 5821] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6713] <... set_robust_list resumed>) = 0 [pid 6713] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6713] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6713] memfd_create("syzkaller", 0 [pid 5822] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(AT_FDCWD, "./81/file2", [pid 5819] <... openat resumed>) = 3 [pid 6713] <... memfd_create resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] newfstatat(AT_FDCWD, "./80/file2", [pid 5821] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... ioctl resumed>) = 0 [pid 6713] <... mmap resumed>) = 0x7fbb60600000 [pid 6712] <... write resumed>) = 131072 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6712] munmap(0x7fbb60600000, 138412032 [pid 6713] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] close(3) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 6713] <... write resumed>) = 131072 [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./81/file2") = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6714 attached [pid 6713] munmap(0x7fbb60600000, 138412032 [pid 6712] <... munmap resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6714] set_robust_list(0x55555eedf6a0, 24 [pid 6713] <... munmap resumed>) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6714] <... set_robust_list resumed>) = 0 [pid 6713] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6712] <... openat resumed>) = 4 [pid 5822] <... openat resumed>) = 4 [pid 5821] newfstatat(AT_FDCWD, "./81/binderfs", [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6714 [pid 6714] chdir("./81" [pid 6713] <... openat resumed>) = 4 [pid 6712] ioctl(4, LOOP_SET_FD, 3 [pid 5822] newfstatat(4, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6714] <... chdir resumed>) = 0 [pid 6713] ioctl(4, LOOP_SET_FD, 3 [pid 5821] unlink("./81/binderfs" [pid 6714] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./80/file2"executing program [pid 6714] <... prctl resumed>) = 0 [pid 6714] setpgid(0, 0) = 0 [pid 6714] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... unlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(3, [pid 5822] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6714] write(3, "1000", 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] close(3 [pid 5822] unlink("./80/binderfs" [pid 5821] <... close resumed>) = 0 [pid 6714] <... write resumed>) = 4 [pid 6714] close(3 [pid 5822] <... unlink resumed>) = 0 [pid 5821] rmdir("./81" [pid 5822] getdents64(3, [pid 6714] <... close resumed>) = 0 [pid 6714] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6712] <... ioctl resumed>) = 0 [pid 5822] close(3 [pid 6714] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6714] write(1, "executing program\n", 18 [pid 6712] close(3 [pid 5822] rmdir("./80" [pid 6712] <... close resumed>) = 0 [pid 5821] mkdir("./82", 0777 [pid 6714] <... write resumed>) = 18 [pid 6714] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... rmdir resumed>) = 0 [pid 6714] <... futex resumed>) = 0 [pid 6714] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6712] close(4 [pid 5822] mkdir("./81", 0777 [pid 5821] <... mkdir resumed>) = 0 [pid 6712] <... close resumed>) = 0 [pid 6714] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6714] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6712] mkdir("./file2", 0777 [pid 5822] <... mkdir resumed>) = 0 [pid 6714] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6714] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6714] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6714] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6715 attached [pid 6715] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6714] <... clone3 resumed> => {parent_tid=[6715]}, 88) = 6715 [pid 6715] set_robust_list(0x7fbb68bde9a0, 24 [pid 6714] rt_sigprocmask(SIG_SETMASK, [], [pid 6715] <... set_robust_list resumed>) = 0 [pid 6714] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6715] rt_sigprocmask(SIG_SETMASK, [], [pid 6714] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6714] <... futex resumed>) = 0 [pid 6715] memfd_create("syzkaller", 0 [pid 6714] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6715] <... memfd_create resumed>) = 3 [pid 6712] <... mkdir resumed>) = 0 [pid 6715] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6712] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5822] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6715] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] <... ioctl resumed>) = 0 [pid 6713] <... ioctl resumed>) = 0 [pid 6713] close(3) = 0 [pid 6713] close(4) = 0 [pid 6713] mkdir("./file2", 0777 [pid 5821] close(3 [pid 6715] <... write resumed>) = 131072 [pid 6713] <... mkdir resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6715] munmap(0x7fbb60600000, 138412032) = 0 [pid 5822] close(3 [pid 5821] <... close resumed>) = 0 [pid 6713] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [ 129.023429][ T6712] loop2: detected capacity change from 0 to 256 [ 129.024513][ T6713] loop0: detected capacity change from 0 to 256 [pid 6715] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 5822] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6715] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6716 attached [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6716] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6716] chdir("./82") = 0 [pid 6716] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6716] setpgid(0, 0) = 0 [pid 6716] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6716] write(3, "1000", 4./strace-static-x86_64: Process 6717 attached ) = 4 [pid 6715] <... ioctl resumed>) = 0 [pid 6712] <... mount resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6717 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6716 [ 129.079964][ T6712] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.085589][ T6715] loop1: detected capacity change from 0 to 256 [ 129.102721][ T6712] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6717] set_robust_list(0x55555eedf6a0, 24executing program [pid 6715] close(3 [pid 6717] <... set_robust_list resumed>) = 0 [pid 6716] close(3 [pid 6715] <... close resumed>) = 0 [pid 6712] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6717] chdir("./81" [pid 6716] <... close resumed>) = 0 [pid 6715] close(4 [pid 6717] <... chdir resumed>) = 0 [pid 6716] symlink("/dev/binderfs", "./binderfs" [pid 6715] <... close resumed>) = 0 [pid 6712] <... openat resumed>) = 3 [pid 6717] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6716] <... symlink resumed>) = 0 [pid 6716] write(1, "executing program\n", 18) = 18 [pid 6716] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6716] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6716] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6716] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6716] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6716] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6716] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6718 attached [pid 6717] <... prctl resumed>) = 0 [pid 6715] mkdir("./file2", 0777 [pid 6712] chdir("./file2" [pid 6717] setpgid(0, 0 [pid 6718] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6716] <... clone3 resumed> => {parent_tid=[6718]}, 88) = 6718 [pid 6718] <... rseq resumed>) = 0 [pid 6716] rt_sigprocmask(SIG_SETMASK, [], [pid 6718] set_robust_list(0x7fbb68bde9a0, 24 [pid 6716] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6715] <... mkdir resumed>) = 0 [pid 6718] <... set_robust_list resumed>) = 0 [pid 6717] <... setpgid resumed>) = 0 [pid 6716] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6712] <... chdir resumed>) = 0 [pid 6718] rt_sigprocmask(SIG_SETMASK, [], [pid 6717] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6716] <... futex resumed>) = 0 [pid 6712] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6716] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6718] memfd_create("syzkaller", 0 [pid 6712] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6717] <... openat resumed>) = 3 [pid 6717] write(3, "1000", 4 [pid 6718] <... memfd_create resumed>) = 3 [pid 6717] <... write resumed>) = 4 [pid 6712] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6717] close(3 [pid 6712] <... futex resumed>) = 1 [pid 6710] <... futex resumed>) = 0 [pid 6718] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6717] <... close resumed>) = 0 [pid 6712] mkdir("./file3", 0777 [pid 6710] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... mmap resumed>) = 0x7fbb60600000 [pid 6717] symlink("/dev/binderfs", "./binderfs" [pid 6710] <... futex resumed>) = 0 executing program [pid 6718] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6717] <... symlink resumed>) = 0 [pid 6710] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6717] write(1, "executing program\n", 18) = 18 [pid 6717] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6718] <... write resumed>) = 131072 [pid 6717] <... futex resumed>) = 0 [pid 6718] munmap(0x7fbb60600000, 138412032) = 0 [ 129.124286][ T6713] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.153893][ T6712] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.154855][ T6713] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6718] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6718] ioctl(4, LOOP_SET_FD, 3 [pid 6717] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6717] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6717] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6718] <... ioctl resumed>) = 0 [pid 6717] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6713] <... mount resumed>) = 0 [pid 6712] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6717] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6710] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6710] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6710] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6710] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6710] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6710] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6719 attached [pid 6717] <... mprotect resumed>) = 0 [pid 6718] close(3 [pid 6710] <... clone3 resumed> => {parent_tid=[6719]}, 88) = 6719 [pid 6719] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6718] <... close resumed>) = 0 [pid 6717] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6710] rt_sigprocmask(SIG_SETMASK, [], [pid 6719] <... rseq resumed>) = 0 [pid 6717] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6719] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6718] close(4 [pid 6717] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6713] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6712] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6718] <... close resumed>) = 0 [pid 6713] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6720 attached [pid 6718] mkdir("./file2", 0777 [pid 6713] chdir("./file2" [pid 6720] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6720] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6719] <... set_robust_list resumed>) = ? [pid 6718] <... mkdir resumed>) = 0 [pid 6717] <... clone3 resumed> => {parent_tid=[6720]}, 88) = 6720 [pid 6713] <... chdir resumed>) = 0 [pid 6720] rt_sigprocmask(SIG_SETMASK, [], [pid 6719] +++ killed by SIGSEGV +++ [pid 6717] rt_sigprocmask(SIG_SETMASK, [], [pid 6713] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6720] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6713] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6720] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6717] <... futex resumed>) = 0 [pid 6713] <... futex resumed>) = 1 [pid 6712] +++ killed by SIGSEGV +++ [pid 6711] <... futex resumed>) = 0 [pid 6710] +++ killed by SIGSEGV +++ [pid 6718] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6711] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6710, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [ 129.176209][ T6712] exFAT-fs (loop2): Filesystem has been set read-only [ 129.179308][ T6718] loop3: detected capacity change from 0 to 256 [ 129.208945][ T6715] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6713] mkdir("./file3", 0777 [pid 6711] <... futex resumed>) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6720] memfd_create("syzkaller", 0 [pid 6711] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... memfd_create resumed>) = 3 [pid 6717] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... restart_syscall resumed>) = 0 [pid 6720] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5820] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6720] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6715] <... mount resumed>) = 0 [pid 6715] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6715] chdir("./file2") = 0 [pid 6715] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6715] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6715] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6714] <... futex resumed>) = 0 [pid 6714] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] <... futex resumed>) = 0 [pid 6714] <... futex resumed>) = 1 [ 129.253680][ T6713] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.264476][ T6715] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 129.281313][ T6718] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.283486][ T6713] exFAT-fs (loop0): Filesystem has been set read-only [pid 6715] mkdir("./file3", 0777 [pid 6714] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6720] <... write resumed>) = 131072 [pid 6718] <... mount resumed>) = 0 [pid 6713] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6711] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6720] munmap(0x7fbb60600000, 138412032 [pid 6718] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6713] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6711] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6720] <... munmap resumed>) = 0 [pid 6718] <... openat resumed>) = 3 [pid 6711] <... futex resumed>) = ? [pid 6720] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6718] chdir("./file2" [pid 6720] ioctl(4, LOOP_SET_FD, 3 [pid 6718] <... chdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6718] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6718] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6713] +++ killed by SIGSEGV +++ [pid 6711] +++ killed by SIGSEGV +++ [pid 6718] <... futex resumed>) = 1 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6711, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6718] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6720] <... ioctl resumed>) = 0 [pid 6716] <... futex resumed>) = 0 [pid 6715] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6720] close(3 [pid 6716] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6715] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6718] <... futex resumed>) = 0 [pid 6716] <... futex resumed>) = 1 [pid 6720] <... close resumed>) = 0 [pid 6718] mkdir("./file3", 0777 [ 129.298015][ T6718] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 129.306984][ T6715] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.320575][ T6720] loop4: detected capacity change from 0 to 256 [ 129.321724][ T6715] exFAT-fs (loop1): Filesystem has been set read-only [ 129.337700][ T6718] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6716] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6714] <... futex resumed>) = ? [pid 5820] newfstatat(AT_FDCWD, "./80/file2", [pid 6720] close(4 [pid 6718] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6715] +++ killed by SIGSEGV +++ [pid 5818] <... restart_syscall resumed>) = 0 [pid 6718] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6720] <... close resumed>) = 0 [pid 6716] <... futex resumed>) = ? [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6720] mkdir("./file2", 0777 [pid 5820] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./79", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6720] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6720] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6718] +++ killed by SIGSEGV +++ [pid 6716] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6716, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] newfstatat(4, "", [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6714] +++ killed by SIGSEGV +++ [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6714, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] close(4 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./80/file2" [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./79/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./79/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./79/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(4, "", [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 5820] unlink("./80/binderfs" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... unlink resumed>) = 0 [pid 5818] getdents64(4, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(3, [pid 5819] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(4 [pid 5821] <... openat resumed>) = 3 [pid 5820] close(3 [pid 5819] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [ 129.347761][ T6718] exFAT-fs (loop3): Filesystem has been set read-only [pid 5821] newfstatat(3, "", [pid 5820] <... close resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] rmdir("./79/file2" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] rmdir("./80" [pid 5819] newfstatat(3, "", [pid 5818] <... rmdir resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] umount2("./79/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] newfstatat(AT_FDCWD, "./79/binderfs", [pid 5819] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./79/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./79") = 0 [pid 5818] mkdir("./80", 0777 [pid 5820] <... rmdir resumed>) = 0 [pid 5820] mkdir("./81", 0777) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6720] <... mount resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6720] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6720] <... openat resumed>) = 3 [pid 5821] newfstatat(AT_FDCWD, "./82/file2", [pid 6720] chdir("./file2" [pid 5818] <... ioctl resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6720] <... chdir resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 6720] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(3 [pid 5819] newfstatat(AT_FDCWD, "./81/file2", [pid 6720] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6720] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6720] <... futex resumed>) = 1 [pid 6717] <... futex resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5818] <... close resumed>) = 0 [pid 6720] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6717] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] newfstatat(4, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6720] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6717] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 129.376314][ T6720] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.389670][ T6720] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6720] mkdir("./file3", 0777 [pid 5821] getdents64(4, [pid 6717] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./82/file2") = 0 [pid 5821] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./82/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./82") = 0 [pid 5821] mkdir("./83", 0777) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... openat resumed>) = 4 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6722 attached ./strace-static-x86_64: Process 6721 attached [pid 5819] newfstatat(4, "", [pid 6721] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 6723 attached ) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6722 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6721 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6723 [pid 6722] set_robust_list(0x55555eedf6a0, 24 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6723] set_robust_list(0x55555eedf6a0, 24 [pid 6722] <... set_robust_list resumed>) = 0 [pid 6721] chdir("./81" [pid 6723] <... set_robust_list resumed>) = 0 [pid 6722] chdir("./83" [pid 5819] getdents64(4, [pid 6723] chdir("./80" [pid 6721] <... chdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6723] <... chdir resumed>) = 0 [pid 6721] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] close(4 [pid 6723] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6721] <... prctl resumed>) = 0 [pid 6723] <... prctl resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6723] setpgid(0, 0 [pid 6722] <... chdir resumed>) = 0 [pid 6721] setpgid(0, 0 [pid 5819] rmdir("./81/file2" [pid 6721] <... setpgid resumed>) = 0 [pid 6722] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6722] setpgid(0, 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6722] <... setpgid resumed>) = 0 [pid 5819] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6723] <... setpgid resumed>) = 0 [pid 6721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./81/binderfs", [pid 6723] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6722] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6721] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6721] write(3, "1000", 4 [pid 5819] unlink("./81/binderfs" [pid 6723] <... openat resumed>) = 3 [pid 6722] <... openat resumed>) = 3 [pid 6721] <... write resumed>) = 4 [pid 5819] <... unlink resumed>) = 0 [pid 6723] write(3, "1000", 4 [pid 6722] write(3, "1000", 4 [pid 6721] close(3 [pid 5819] getdents64(3, [pid 6723] <... write resumed>) = 4 [pid 6722] <... write resumed>) = 4 [pid 6721] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6722] close(3 [pid 6721] symlink("/dev/binderfs", "./binderfs" [pid 5819] close(3 [pid 6723] close(3 [pid 6722] <... close resumed>) = 0 [pid 6722] symlink("/dev/binderfs", "./binderfs" [pid 6723] <... close resumed>) = 0 [pid 6722] <... symlink resumed>) = 0 [pid 6721] <... symlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 executing program [pid 6723] symlink("/dev/binderfs", "./binderfs" [pid 6722] write(1, "executing program\n", 18 [pid 6721] write(1, "executing program\n", 18 [pid 5819] rmdir("./81" [pid 6722] <... write resumed>) = 18 [pid 6722] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... symlink resumed>) = 0 [pid 6722] <... futex resumed>) = 0 [pid 6722] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, executing program executing program NULL, 8) = 0 [pid 6722] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6722] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6722] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6723] write(1, "executing program\n", 18 [pid 6722] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6721] <... write resumed>) = 18 [pid 5819] <... rmdir resumed>) = 0 [pid 6723] <... write resumed>) = 18 [pid 6722] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6721] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6722] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6721] <... futex resumed>) = 0 [pid 5819] mkdir("./82", 0777./strace-static-x86_64: Process 6724 attached [pid 6723] <... futex resumed>) = 0 [pid 6721] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6720] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6724] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6723] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6722] <... clone3 resumed> => {parent_tid=[6724]}, 88) = 6724 [pid 6721] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6720] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6724] <... rseq resumed>) = 0 [pid 6722] rt_sigprocmask(SIG_SETMASK, [], [pid 6724] set_robust_list(0x7fbb68bde9a0, 24 [pid 6722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6717] <... futex resumed>) = ? [pid 5819] <... mkdir resumed>) = 0 [pid 6724] <... set_robust_list resumed>) = 0 [pid 6723] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6722] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6724] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6723] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6722] <... futex resumed>) = 0 [pid 6724] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6722] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6724] memfd_create("syzkaller", 0 [pid 6723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6724] <... memfd_create resumed>) = 3 [pid 6723] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6721] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] close(3 [pid 6724] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6723] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6721] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6724] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6723] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6721] <... mprotect resumed>) = 0 [pid 6720] +++ killed by SIGSEGV +++ [pid 6717] +++ killed by SIGSEGV +++ [pid 5819] <... close resumed>) = 0 [pid 6723] <... mprotect resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6717, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6721] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6723] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6721] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6724] <... write resumed>) = 131072 [pid 6721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6723] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6725 attached [pid 6723] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... restart_syscall resumed>) = 0 [pid 6724] munmap(0x7fbb60600000, 138412032) = 0 [pid 6721] <... clone3 resumed> => {parent_tid=[6725]}, 88) = 6725 [pid 5822] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6727 attached ./strace-static-x86_64: Process 6726 attached [ 129.430482][ T6720] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.458126][ T6720] exFAT-fs (loop4): Filesystem has been set read-only [pid 6725] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6724] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6721] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6727] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6726] set_robust_list(0x55555eedf6a0, 24 [pid 6725] <... rseq resumed>) = 0 [pid 6724] <... openat resumed>) = 4 [pid 6723] <... clone3 resumed> => {parent_tid=[6727]}, 88) = 6727 [pid 6721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6726 [pid 6727] <... rseq resumed>) = 0 [pid 6726] <... set_robust_list resumed>) = 0 [pid 6725] set_robust_list(0x7fbb68bde9a0, 24 [pid 6724] ioctl(4, LOOP_SET_FD, 3 [pid 6723] rt_sigprocmask(SIG_SETMASK, [], [pid 6721] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6727] set_robust_list(0x7fbb68bde9a0, 24 [pid 6726] chdir("./82" [pid 6725] <... set_robust_list resumed>) = 0 [pid 6723] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6721] <... futex resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 6727] <... set_robust_list resumed>) = 0 [pid 6721] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6727] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] getdents64(3, [pid 6726] <... chdir resumed>) = 0 [pid 6723] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6727] <... futex resumed>) = 0 [pid 6723] <... futex resumed>) = 1 [pid 6725] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6727] memfd_create("syzkaller", 0 [pid 6725] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6723] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6727] <... memfd_create resumed>) = 3 [pid 6727] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6726] <... prctl resumed>) = 0 [pid 6725] memfd_create("syzkaller", 0 [pid 6727] <... mmap resumed>) = 0x7fbb60600000 [pid 6726] setpgid(0, 0 [pid 6725] <... memfd_create resumed>) = 3 [pid 6726] <... setpgid resumed>) = 0 [pid 6725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6726] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 executing program [pid 6727] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6726] write(3, "1000", 4) = 4 [pid 6725] <... mmap resumed>) = 0x7fbb60600000 [pid 6726] close(3) = 0 [pid 6726] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6726] write(1, "executing program\n", 18) = 18 [pid 6726] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6726] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6725] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6726] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6726] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6726] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6726] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... umount2 resumed>) = 0 [pid 6726] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6726] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6728 attached [pid 6727] <... write resumed>) = 131072 [pid 6724] <... ioctl resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./81/file2", [pid 6728] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6726] <... clone3 resumed> => {parent_tid=[6728]}, 88) = 6728 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6728] <... rseq resumed>) = 0 [pid 6726] rt_sigprocmask(SIG_SETMASK, [], [pid 6725] <... write resumed>) = 131072 [pid 6724] close(3 [pid 6728] set_robust_list(0x7fbb68bde9a0, 24 [pid 6726] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6724] <... close resumed>) = 0 [pid 5822] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6728] <... set_robust_list resumed>) = 0 [pid 6726] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] close(4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6728] rt_sigprocmask(SIG_SETMASK, [], [pid 6726] <... futex resumed>) = 0 [pid 6724] <... close resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6726] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6724] mkdir("./file2", 0777 [pid 5822] <... openat resumed>) = 4 [pid 6728] memfd_create("syzkaller", 0 [pid 6724] <... mkdir resumed>) = 0 [pid 6728] <... memfd_create resumed>) = 3 [pid 5822] newfstatat(4, "", [pid 6728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6728] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6724] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] getdents64(4, [pid 6727] munmap(0x7fbb60600000, 138412032 [pid 6725] munmap(0x7fbb60600000, 138412032 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6728] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6725] <... munmap resumed>) = 0 [pid 5822] close(4 [pid 6727] <... munmap resumed>) = 0 [pid 6725] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... close resumed>) = 0 [pid 6725] <... openat resumed>) = 4 [pid 5822] rmdir("./81/file2" [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6725] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... rmdir resumed>) = 0 [ 129.515274][ T6724] loop3: detected capacity change from 0 to 256 [pid 6728] <... write resumed>) = 131072 [pid 6727] <... openat resumed>) = 4 [pid 5822] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6727] ioctl(4, LOOP_SET_FD, 3 [pid 6725] <... ioctl resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./81/binderfs", [pid 6728] munmap(0x7fbb60600000, 138412032) = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6728] ioctl(4, LOOP_SET_FD, 3 [pid 6727] <... ioctl resumed>) = 0 [pid 6725] close(3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6725] <... close resumed>) = 0 [pid 6727] close(3 [pid 5822] unlink("./81/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6725] close(4 [pid 5822] close(3 [pid 6727] <... close resumed>) = 0 [pid 6727] close(4 [pid 6725] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./81" [pid 6725] mkdir("./file2", 0777 [pid 5822] <... rmdir resumed>) = 0 [pid 5822] mkdir("./82", 0777) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [ 129.560651][ T6725] loop2: detected capacity change from 0 to 256 [ 129.563988][ T6724] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.581047][ T6727] loop0: detected capacity change from 0 to 256 [ 129.584165][ T6728] loop1: detected capacity change from 0 to 256 [pid 5822] close(3 [pid 6728] <... ioctl resumed>) = 0 [pid 6727] <... close resumed>) = 0 [pid 6725] <... mkdir resumed>) = 0 [pid 6727] mkdir("./file2", 0777 [pid 6725] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6727] <... mkdir resumed>) = 0 [pid 6728] close(3) = 0 [pid 6728] close(4) = 0 [pid 6728] mkdir("./file2", 0777) = 0 [pid 6727] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6728] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6729 attached [pid 6729] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6729 [pid 6729] <... set_robust_list resumed>) = 0 [ 129.603624][ T6724] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6729] chdir("./82") = 0 [pid 6729] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6729] setpgid(0, 0) = 0 [pid 6729] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6729] write(3, "1000", 4) = 4 [ 129.641517][ T6728] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6729] close(3) = 0 [pid 6724] <... mount resumed>) = 0 [pid 6724] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6724] chdir("./file2") = 0 [pid 6724] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6724] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6724] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6729] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6729] write(1, "executing program\n", 18 [pid 6722] <... futex resumed>) = 0 [ 129.684150][ T6725] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.690492][ T6728] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 129.698446][ T6727] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6722] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6724] <... futex resumed>) = 0 [pid 6722] <... futex resumed>) = 1 [pid 6724] mkdir("./file3", 0777 [pid 6722] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 6729] <... write resumed>) = 18 [pid 6729] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6729] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6729] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6728] <... mount resumed>) = 0 [pid 6729] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6730]}, 88) = 6730 [pid 6728] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6730 attached [pid 6729] rt_sigprocmask(SIG_SETMASK, [], [pid 6724] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6729] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6729] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6729] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6730] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6728] <... openat resumed>) = 3 [pid 6724] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6730] <... rseq resumed>) = 0 [pid 6728] chdir("./file2" [pid 6722] <... futex resumed>) = ? [pid 6730] set_robust_list(0x7fbb68bde9a0, 24 [pid 6728] <... chdir resumed>) = 0 [pid 6730] <... set_robust_list resumed>) = 0 [pid 6728] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6730] rt_sigprocmask(SIG_SETMASK, [], [pid 6728] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6727] <... mount resumed>) = 0 [pid 6724] +++ killed by SIGSEGV +++ [pid 6722] +++ killed by SIGSEGV +++ [pid 6730] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6728] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6727] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6730] memfd_create("syzkaller", 0 [pid 6728] <... futex resumed>) = 1 [pid 6726] <... futex resumed>) = 0 [pid 6725] <... mount resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6722, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6730] <... memfd_create resumed>) = 3 [pid 6728] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6727] <... openat resumed>) = 3 [pid 6726] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6730] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6728] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6727] chdir("./file2" [pid 6726] <... futex resumed>) = 0 [pid 6725] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6730] <... mmap resumed>) = 0x7fbb60600000 [pid 6728] mkdir("./file3", 0777 [pid 6730] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... restart_syscall resumed>) = 0 [ 129.736717][ T6725] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 129.741043][ T6724] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.762641][ T6724] exFAT-fs (loop3): Filesystem has been set read-only [ 129.770887][ T6727] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6727] <... chdir resumed>) = 0 [pid 6727] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6727] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6723] <... futex resumed>) = 0 [pid 6723] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6723] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6727] <... futex resumed>) = 1 [pid 6727] mkdir("./file3", 0777 [pid 6730] <... write resumed>) = 131072 [pid 6726] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6725] <... openat resumed>) = 3 [pid 6728] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6728] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6730] munmap(0x7fbb60600000, 138412032 [pid 6726] <... futex resumed>) = ? [pid 6725] chdir("./file2" [pid 6728] +++ killed by SIGSEGV +++ [pid 5821] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6725] <... chdir resumed>) = 0 [pid 6725] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6725] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... openat resumed>) = 3 [pid 6725] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6726] +++ killed by SIGSEGV +++ [pid 5821] getdents64(3, [pid 6725] <... futex resumed>) = 1 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6726, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6721] <... futex resumed>) = 0 [pid 6725] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6721] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6721] <... futex resumed>) = 0 [pid 6721] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6730] <... munmap resumed>) = 0 [pid 6727] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6725] mkdir("./file3", 0777 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 129.795407][ T6728] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.804957][ T6728] exFAT-fs (loop1): Filesystem has been set read-only [ 129.814686][ T6727] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.823941][ T6727] exFAT-fs (loop0): Filesystem has been set read-only [ 129.836419][ T6725] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5821] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6730] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6727] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] <... restart_syscall resumed>) = 0 [pid 6730] <... openat resumed>) = 4 [pid 6725] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6730] ioctl(4, LOOP_SET_FD, 3 [pid 6725] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6723] <... futex resumed>) = ? [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6727] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6730] <... ioctl resumed>) = 0 [pid 6723] +++ killed by SIGSEGV +++ [pid 6721] <... futex resumed>) = ? [pid 5819] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6723, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6730] close(3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6730] <... close resumed>) = 0 [pid 6725] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./80", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6730] close(4 [pid 5821] <... openat resumed>) = 4 [pid 6730] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6730] mkdir("./file2", 0777 [pid 5821] newfstatat(4, "", [pid 5818] openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6730] <... mkdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 6721] +++ killed by SIGSEGV +++ [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] newfstatat(3, "", [pid 5818] newfstatat(3, "", [pid 6730] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] close(4 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6721, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] getdents64(3, [pid 5818] getdents64(3, [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] rmdir("./83/file2" [pid 5819] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5820] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 129.845819][ T6725] exFAT-fs (loop2): Filesystem has been set read-only [ 129.867484][ T6730] loop4: detected capacity change from 0 to 256 [pid 5821] newfstatat(AT_FDCWD, "./83/binderfs", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] unlink("./83/binderfs" [pid 5820] <... umount2 resumed>) = 0 [pid 5818] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(3, [pid 5818] newfstatat(AT_FDCWD, "./80/file2", [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./82/file2", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6730] <... mount resumed>) = 0 [pid 5821] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./80/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6730] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... close resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./81/file2", [pid 5819] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] rmdir("./83" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./80/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6730] <... openat resumed>) = 3 [pid 5820] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 6730] chdir("./file2" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 5821] mkdir("./84", 0777 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 6730] <... chdir resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6730] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... openat resumed>) = 4 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 6730] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] newfstatat(4, "", [pid 5819] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6730] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(4, [pid 6730] <... futex resumed>) = 1 [pid 6729] <... futex resumed>) = 0 [pid 5821] close(3 [pid 5819] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [ 129.897115][ T6730] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 129.913386][ T6730] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6730] mkdir("./file3", 0777 [pid 6729] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... close resumed>) = 0 [pid 5818] close(4 [pid 6729] <... futex resumed>) = 0 [pid 6729] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] rmdir("./82/file2" [pid 5818] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... rmdir resumed>) = 0 [pid 5818] rmdir("./80/file2" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6731 attached [pid 5820] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./80/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] rmdir("./81/file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(AT_FDCWD, "./80/binderfs", [pid 5820] <... rmdir resumed>) = 0 [pid 5819] unlink("./82/binderfs" [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6731] set_robust_list(0x55555eedf6a0, 24 [pid 5820] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... unlink resumed>) = 0 [pid 5818] unlink("./80/binderfs" [pid 6731] <... set_robust_list resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [pid 5818] <... unlink resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./81/binderfs", [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] close(3 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6731 [pid 5820] unlink("./81/binderfs" [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5820] getdents64(3, [pid 5818] close(3 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] rmdir("./82" [pid 5818] <... close resumed>) = 0 [pid 5820] close(3 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] rmdir("./80" [pid 5820] <... close resumed>) = 0 [pid 5819] mkdir("./83", 0777 [pid 5818] <... rmdir resumed>) = 0 [pid 5820] rmdir("./81" [pid 5819] <... mkdir resumed>) = 0 [pid 5818] mkdir("./81", 0777 [pid 6731] chdir("./84" [pid 5820] <... rmdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... mkdir resumed>) = 0 [pid 6731] <... chdir resumed>) = 0 [pid 6731] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] mkdir("./82", 0777 [pid 5819] <... openat resumed>) = 3 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6731] <... prctl resumed>) = 0 [pid 6731] setpgid(0, 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... openat resumed>) = 3 [pid 6731] <... setpgid resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] close(3 [pid 5818] <... ioctl resumed>) = 0 [pid 6731] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] <... close resumed>) = 0 [pid 5818] close(3 [pid 6731] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 6731] write(3, "1000", 4) = 4 [pid 6731] close(3) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6731] symlink("/dev/binderfs", "./binderfs" [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 6731] <... symlink resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 6733 attached ./strace-static-x86_64: Process 6732 attached [pid 6731] write(1, "executing program\n", 18) = 18 [pid 6733] set_robust_list(0x55555eedf6a0, 24 [pid 6732] set_robust_list(0x55555eedf6a0, 24 [pid 6731] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6731] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6734 attached [pid 6733] <... set_robust_list resumed>) = 0 [pid 6732] <... set_robust_list resumed>) = 0 [pid 6731] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6733 [pid 6733] chdir("./83" [pid 6732] chdir("./81" [pid 6731] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6732 [pid 6733] <... chdir resumed>) = 0 [pid 6732] <... chdir resumed>) = 0 [pid 6731] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6734 executing program [pid 6732] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6732] <... prctl resumed>) = 0 [pid 6731] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6733] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6731] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6734] set_robust_list(0x55555eedf6a0, 24 [pid 6732] setpgid(0, 0 [pid 6731] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6732] <... setpgid resumed>) = 0 [pid 6733] <... prctl resumed>) = 0 [pid 6731] <... mprotect resumed>) = 0 [pid 6733] setpgid(0, 0) = 0 [pid 6733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6732] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6729] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6731] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6729] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6733] <... openat resumed>) = 3 [pid 6731] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6729] <... futex resumed>) = 0 [pid 6731] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6729] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6733] write(3, "1000", 4) = 4 [pid 6729] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6733] close(3) = 0 [pid 6729] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6729] <... mprotect resumed>) = 0 [pid 6733] write(1, "executing program\n", 18) = 18 [pid 6729] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6733] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6733] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6729] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6733] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6729] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 ./strace-static-x86_64: Process 6735 attached [pid 6733] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6732] <... openat resumed>) = 3 [pid 6735] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6733] <... mprotect resumed>) = 0 [pid 6730] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6729] <... clone3 resumed> => {parent_tid=[6735]}, 88) = 6735 ./strace-static-x86_64: Process 6736 attached [pid 6735] <... rseq resumed>) = 0 [pid 6734] <... set_robust_list resumed>) = 0 [pid 6733] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6729] rt_sigprocmask(SIG_SETMASK, [], [pid 6732] write(3, "1000", 4 [pid 6735] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6733] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6730] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6729] <... rt_sigprocmask resumed>) = ? [pid 6734] chdir("./82" [pid 6736] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6735] <... set_robust_list resumed>) = ? [pid 6733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6732] <... write resumed>) = 4 ./strace-static-x86_64: Process 6737 attached [pid 6736] <... rseq resumed>) = 0 [pid 6735] +++ killed by SIGSEGV +++ [pid 6732] close(3 [pid 6737] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6736] set_robust_list(0x7fbb68bde9a0, 24 [pid 6734] <... chdir resumed>) = 0 [pid 6733] <... clone3 resumed> => {parent_tid=[6737]}, 88) = 6737 [pid 6732] <... close resumed>) = 0 [pid 6731] <... clone3 resumed> => {parent_tid=[6736]}, 88) = 6736 [pid 6730] +++ killed by SIGSEGV +++ [pid 6729] +++ killed by SIGSEGV +++ [pid 6737] <... rseq resumed>) = 0 [pid 6733] rt_sigprocmask(SIG_SETMASK, [], [pid 6731] rt_sigprocmask(SIG_SETMASK, [], [pid 6732] symlink("/dev/binderfs", "./binderfs" [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6729, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6737] set_robust_list(0x7fbb68bde9a0, 24 [pid 6733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6737] <... set_robust_list resumed>) = 0 [pid 6733] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] rt_sigprocmask(SIG_SETMASK, [], [pid 6733] <... futex resumed>) = 0 [pid 6732] <... symlink resumed>) = 0 [pid 6737] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6733] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} executing program [pid 6737] memfd_create("syzkaller", 0 [pid 6736] <... set_robust_list resumed>) = 0 [pid 6734] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6732] write(1, "executing program\n", 18 [pid 6731] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6731] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6734] <... prctl resumed>) = 0 [pid 6732] <... write resumed>) = 18 [pid 6731] <... futex resumed>) = 0 [pid 6736] rt_sigprocmask(SIG_SETMASK, [], [pid 6732] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6736] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6731] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6737] <... memfd_create resumed>) = 3 [pid 6737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6736] memfd_create("syzkaller", 0 [pid 6734] setpgid(0, 0 [pid 6737] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6732] <... futex resumed>) = 0 [pid 6734] <... setpgid resumed>) = 0 [pid 6736] <... memfd_create resumed>) = 3 [pid 6732] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6734] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6732] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6736] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6732] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6732] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6736] <... mmap resumed>) = 0x7fbb60600000 [pid 6732] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6732] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6732] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6737] <... write resumed>) = 131072 [pid 6736] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6734] <... openat resumed>) = 3 [pid 6732] <... rt_sigprocmask resumed>[], 8) = 0 [ 129.947691][ T6730] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 129.985531][ T6730] exFAT-fs (loop4): Filesystem has been set read-only [pid 5822] <... restart_syscall resumed>) = 0 [pid 6737] munmap(0x7fbb60600000, 138412032 [pid 6736] <... write resumed>) = 131072 [pid 6734] write(3, "1000", 4 [pid 6732] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6738 attached [pid 6737] <... munmap resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6738] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6732] <... clone3 resumed> => {parent_tid=[6738]}, 88) = 6738 [pid 6738] <... rseq resumed>) = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6736] munmap(0x7fbb60600000, 138412032 [pid 6734] <... write resumed>) = 4 [pid 6732] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6738] set_robust_list(0x7fbb68bde9a0, 24 [pid 6737] <... openat resumed>) = 4 [pid 6736] <... munmap resumed>) = 0 [pid 6734] close(3 [pid 6732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6738] <... set_robust_list resumed>) = 0 [pid 6737] ioctl(4, LOOP_SET_FD, 3 [pid 6736] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6734] <... close resumed>) = 0 [pid 6732] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] newfstatat(3, "", [pid 6738] rt_sigprocmask(SIG_SETMASK, [], [pid 6732] <... futex resumed>) = 0 [pid 6738] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6734] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6734] <... symlink resumed>) = 0 [pid 6732] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6738] memfd_create("syzkaller", 0 [pid 6736] <... openat resumed>) = 4 [pid 6734] write(1, "executing program\n", 18 [pid 5822] getdents64(3, executing program [pid 6736] ioctl(4, LOOP_SET_FD, 3 [pid 6734] <... write resumed>) = 18 [pid 6738] <... memfd_create resumed>) = 3 [pid 6734] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6738] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6738] <... mmap resumed>) = 0x7fbb60600000 [pid 6734] <... futex resumed>) = 0 [pid 6734] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6734] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6734] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6734] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6734] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6734] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... umount2 resumed>) = 0 [pid 6734] <... clone3 resumed> => {parent_tid=[6739]}, 88) = 6739 [pid 6734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6734] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6734] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6739 attached [pid 6739] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6739] set_robust_list(0x7fbb68bde9a0, 24 [pid 6737] <... ioctl resumed>) = 0 [pid 6739] <... set_robust_list resumed>) = 0 [pid 6738] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6736] <... ioctl resumed>) = 0 [pid 5822] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6736] close(3 [pid 6739] rt_sigprocmask(SIG_SETMASK, [], [pid 6736] <... close resumed>) = 0 [pid 6739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6736] close(4 [pid 6739] memfd_create("syzkaller", 0 [pid 6737] close(3 [pid 6736] <... close resumed>) = 0 [pid 6739] <... memfd_create resumed>) = 3 [pid 6737] <... close resumed>) = 0 [pid 6736] mkdir("./file2", 0777 [pid 6738] <... write resumed>) = 131072 [pid 6739] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6737] close(4 [pid 6736] <... mkdir resumed>) = 0 [pid 6739] <... mmap resumed>) = 0x7fbb60600000 [pid 6737] <... close resumed>) = 0 [pid 6736] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6739] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6737] mkdir("./file2", 0777) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6737] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] newfstatat(AT_FDCWD, "./82/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6739] <... write resumed>) = 131072 [pid 6738] munmap(0x7fbb60600000, 138412032 [pid 5822] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6738] <... munmap resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6738] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 130.063009][ T6737] loop1: detected capacity change from 0 to 256 [ 130.073935][ T6736] loop3: detected capacity change from 0 to 256 [pid 6739] munmap(0x7fbb60600000, 138412032) = 0 [pid 6738] <... openat resumed>) = 4 [pid 5822] <... openat resumed>) = 4 [pid 6738] ioctl(4, LOOP_SET_FD, 3 [pid 6739] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6739] ioctl(4, LOOP_SET_FD, 3 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [ 130.125867][ T6736] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.126110][ T6738] loop0: detected capacity change from 0 to 256 [ 130.141569][ T6739] loop2: detected capacity change from 0 to 256 [ 130.160725][ T6737] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./82/file2" [pid 6739] <... ioctl resumed>) = 0 [pid 6739] close(3) = 0 [pid 6739] close(4) = 0 [pid 6739] mkdir("./file2", 0777) = 0 [pid 6739] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... rmdir resumed>) = 0 [pid 6738] <... ioctl resumed>) = 0 [pid 5822] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6738] close(3 [pid 5822] newfstatat(AT_FDCWD, "./82/binderfs", [pid 6738] <... close resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./82/binderfs" [pid 6738] close(4) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 6738] mkdir("./file2", 0777 [pid 6736] <... mount resumed>) = 0 [pid 6736] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6736] chdir("./file2" [pid 6738] <... mkdir resumed>) = 0 [pid 6736] <... chdir resumed>) = 0 [pid 6736] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6736] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 130.175255][ T6736] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 130.195140][ T6739] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.217021][ T6737] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6736] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6731] <... futex resumed>) = 0 [pid 6737] <... mount resumed>) = 0 [pid 6731] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6731] <... futex resumed>) = 1 [pid 6736] <... futex resumed>) = 0 [pid 6731] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6736] mkdir("./file3", 0777 [pid 6737] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] close(3 [pid 6737] <... openat resumed>) = 3 [pid 5822] <... close resumed>) = 0 [pid 6737] chdir("./file2") = 0 [pid 6737] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6737] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6737] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6733] <... futex resumed>) = 0 [pid 6733] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... futex resumed>) = 0 [pid 6733] <... futex resumed>) = 1 [pid 6737] mkdir("./file3", 0777 [pid 5822] rmdir("./82" [pid 6733] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] <... mount resumed>) = 0 [pid 6739] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... rmdir resumed>) = 0 [pid 6739] <... openat resumed>) = 3 [pid 6739] chdir("./file2" [pid 5822] mkdir("./83", 0777 [pid 6739] <... chdir resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [ 130.233306][ T6739] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 130.245631][ T6736] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.259599][ T6737] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.267946][ T6736] exFAT-fs (loop3): Filesystem has been set read-only [pid 6739] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6736] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6739] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6737] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6736] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6731] <... futex resumed>) = -1 EIO (Input/output error) [pid 5822] <... openat resumed>) = 3 [pid 6739] <... futex resumed>) = 1 [pid 6737] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6739] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6738] <... mount resumed>) = 0 [pid 6734] <... futex resumed>) = 0 [pid 6738] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6734] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6739] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6738] <... openat resumed>) = 3 [pid 6734] <... futex resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6734] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6739] mkdir("./file3", 0777 [pid 6738] chdir("./file2" [pid 5822] close(3 [pid 6738] <... chdir resumed>) = 0 [pid 6738] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6736] +++ killed by SIGSEGV +++ [pid 6733] <... futex resumed>) = ? [pid 6731] +++ killed by SIGSEGV +++ [pid 5822] <... close resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6731, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6738] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6732] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6740 attached [pid 6732] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [ 130.281637][ T6738] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.282148][ T6737] exFAT-fs (loop1): Filesystem has been set read-only [ 130.295286][ T6738] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 130.315543][ T6739] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6738] mkdir("./file3", 0777 [pid 6740] set_robust_list(0x55555eedf6a0, 24 [pid 6732] <... futex resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6740 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6740] <... set_robust_list resumed>) = 0 [pid 6732] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6740] chdir("./83" [pid 5821] <... openat resumed>) = 3 [pid 6740] <... chdir resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 6740] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6740] setpgid(0, 0 [pid 5821] getdents64(3, [pid 6740] <... setpgid resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6740] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6737] +++ killed by SIGSEGV +++ [pid 6733] +++ killed by SIGSEGV +++ [pid 5821] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6740] <... openat resumed>) = 3 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6733, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6740] write(3, "1000", 4 [pid 5819] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6738] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6740] <... write resumed>) = 4 [pid 6739] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6738] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6734] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... umount2 resumed>) = 0 [pid 6740] close(3 [pid 6739] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6734] close(3 [pid 6732] <... futex resumed>) = ? [pid 5819] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6738] +++ killed by SIGSEGV +++ [pid 6739] +++ killed by SIGSEGV +++ [pid 6734] +++ killed by SIGSEGV +++ [pid 6732] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6732, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6740] <... close resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6734, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5821] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 6740] symlink("/dev/binderfs", "./binderfs" [pid 5819] newfstatat(3, "", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./84/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6740] <... symlink resumed>) = 0 [pid 5821] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6740] write(1, "executing program\n", 18 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 executing program [pid 5821] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6740] <... write resumed>) = 18 [pid 5821] <... openat resumed>) = 4 [pid 5819] getdents64(3, [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6740] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [ 130.330319][ T6738] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.342228][ T6738] exFAT-fs (loop0): Filesystem has been set read-only [ 130.349920][ T6739] exFAT-fs (loop2): Filesystem has been set read-only [pid 5819] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./81", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6740] <... futex resumed>) = 0 [pid 6740] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6740] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6740] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5820] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 6740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", [pid 5820] newfstatat(3, "", [pid 6740] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 6740] <... mprotect resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6740] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] close(4 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... close resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./83/file2", [pid 5818] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] rmdir("./84/file2" [pid 5820] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6740] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6741 attached [pid 6741] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6740] <... clone3 resumed> => {parent_tid=[6741]}, 88) = 6741 [pid 6741] <... rseq resumed>) = 0 [pid 6740] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... rmdir resumed>) = 0 [pid 6741] set_robust_list(0x7fbb68bde9a0, 24 [pid 6740] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6741] <... set_robust_list resumed>) = 0 [pid 6740] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] rt_sigprocmask(SIG_SETMASK, [], [pid 6740] <... futex resumed>) = 0 [pid 6741] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6740] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6741] memfd_create("syzkaller", 0) = 3 [pid 5821] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = 0 [pid 5819] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = 0 [pid 6741] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6741] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... openat resumed>) = 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6741] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./82/file2", [pid 5818] newfstatat(AT_FDCWD, "./81/file2", [pid 5821] unlink("./84/binderfs" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] newfstatat(4, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./81/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(3, [pid 5820] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] getdents64(4, [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] openat(AT_FDCWD, "./81/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] close(3 [pid 5820] newfstatat(4, "", [pid 5819] getdents64(4, [pid 5818] <... openat resumed>) = 4 [pid 6741] <... write resumed>) = 131072 [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6741] munmap(0x7fbb60600000, 138412032 [pid 5821] rmdir("./84" [pid 5819] close(4 [pid 6741] <... munmap resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... close resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 5821] mkdir("./85", 0777 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] rmdir("./83/file2" [pid 5821] <... mkdir resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(4, [pid 5820] close(4 [pid 6741] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6741] <... openat resumed>) = 4 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(4, [pid 6741] ioctl(4, LOOP_SET_FD, 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] rmdir("./82/file2" [pid 5819] newfstatat(AT_FDCWD, "./83/binderfs", [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./81/file2") = 0 [pid 5820] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./82/binderfs", [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6741] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 5819] unlink("./83/binderfs" [pid 5818] umount2("./81/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6741] close(3) = 0 [pid 6741] close(4 [pid 5820] unlink("./82/binderfs" [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6741] <... close resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] newfstatat(AT_FDCWD, "./81/binderfs", [pid 6741] mkdir("./file2", 0777 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6741] <... mkdir resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 5819] <... close resumed>) = 0 [pid 5818] unlink("./81/binderfs" [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./82") = 0 [pid 5819] rmdir("./83" [pid 5818] <... unlink resumed>) = 0 [pid 5820] mkdir("./83", 0777 [pid 6741] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] getdents64(3, [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 5818] close(3 [pid 5819] mkdir("./84", 0777 [pid 5820] <... close resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] rmdir("./81") = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... openat resumed>) = 3 [pid 5818] mkdir("./82", 0777 [pid 5821] <... close resumed>) = 0 [ 130.430644][ T6741] loop4: detected capacity change from 0 to 256 ./strace-static-x86_64: Process 6742 attached [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... mkdir resumed>) = 0 [pid 6742] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6742] chdir("./83" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6742 ./strace-static-x86_64: Process 6743 attached [pid 6742] <... chdir resumed>) = 0 [pid 6742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6743] set_robust_list(0x55555eedf6a0, 24 [pid 6742] setpgid(0, 0) = 0 [pid 6743] <... set_robust_list resumed>) = 0 [pid 6743] chdir("./85" [pid 6742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6743] <... chdir resumed>) = 0 [pid 6742] <... openat resumed>) = 3 [pid 6743] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6743] setpgid(0, 0) = 0 [pid 6743] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6742] write(3, "1000", 4) = 4 [pid 6742] close(3) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6743 [pid 6742] symlink("/dev/binderfs", "./binderfs"executing program executing program ) = 0 [pid 6743] <... openat resumed>) = 3 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6743] write(3, "1000", 4 [pid 5818] <... openat resumed>) = 3 [pid 5819] close(3 [pid 6743] <... write resumed>) = 4 [pid 6742] write(1, "executing program\n", 18 [pid 6743] close(3 [pid 6742] <... write resumed>) = 18 [pid 6743] <... close resumed>) = 0 [pid 6742] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6743] symlink("/dev/binderfs", "./binderfs" [pid 6742] <... futex resumed>) = 0 [pid 6743] <... symlink resumed>) = 0 [pid 6742] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6743] write(1, "executing program\n", 18 [pid 6742] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6743] <... write resumed>) = 18 [pid 6742] <... mprotect resumed>) = 0 [pid 6743] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6743] <... futex resumed>) = 0 [pid 6742] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6743] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6744 attached [pid 6743] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6743] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6742] <... clone3 resumed> => {parent_tid=[6744]}, 88) = 6744 [pid 6743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6742] rt_sigprocmask(SIG_SETMASK, [], [pid 6744] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6743] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6742] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 6744] <... rseq resumed>) = 0 [pid 6743] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6742] <... futex resumed>) = 0 [pid 6744] set_robust_list(0x7fbb68bde9a0, 24 [pid 6743] <... mprotect resumed>) = 0 [pid 6742] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] close(3 [pid 6744] <... set_robust_list resumed>) = 0 [pid 6743] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6744] rt_sigprocmask(SIG_SETMASK, [], [pid 6743] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... close resumed>) = 0 [pid 6744] memfd_create("syzkaller", 0 [pid 6743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6746 attached ./strace-static-x86_64: Process 6745 attached [pid 6744] <... memfd_create resumed>) = 3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6745] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6744] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6743] <... clone3 resumed> => {parent_tid=[6745]}, 88) = 6745 [pid 6743] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6747 attached [pid 6746] set_robust_list(0x55555eedf6a0, 24 [pid 6745] <... rseq resumed>) = 0 [pid 6744] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6746 [pid 6743] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6747 [pid 6745] set_robust_list(0x7fbb68bde9a0, 24 [pid 6743] <... futex resumed>) = 0 [pid 6745] <... set_robust_list resumed>) = 0 [pid 6745] rt_sigprocmask(SIG_SETMASK, [], [pid 6743] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6747] set_robust_list(0x55555eedf6a0, 24 [pid 6746] <... set_robust_list resumed>) = 0 [pid 6745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6747] <... set_robust_list resumed>) = 0 [pid 6747] chdir("./82" [pid 6746] chdir("./84" [pid 6745] memfd_create("syzkaller", 0 [pid 6744] <... write resumed>) = 131072 [pid 6747] <... chdir resumed>) = 0 [pid 6746] <... chdir resumed>) = 0 [pid 6747] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6745] <... memfd_create resumed>) = 3 [pid 6747] <... prctl resumed>) = 0 [pid 6746] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6747] setpgid(0, 0 [pid 6746] <... prctl resumed>) = 0 [pid 6745] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6741] <... mount resumed>) = 0 [pid 6747] <... setpgid resumed>) = 0 [pid 6746] setpgid(0, 0 [pid 6741] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6747] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6746] <... setpgid resumed>) = 0 [pid 6745] <... mmap resumed>) = 0x7fbb60600000 [pid 6741] <... openat resumed>) = 3 [pid 6744] munmap(0x7fbb60600000, 138412032 [pid 6747] <... openat resumed>) = 3 [pid 6741] chdir("./file2" [pid 6747] write(3, "1000", 4 [pid 6746] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6744] <... munmap resumed>) = 0 [pid 6741] <... chdir resumed>) = 0 [pid 6747] <... write resumed>) = 4 [pid 6747] close(3 [pid 6746] <... openat resumed>) = 3 [pid 6741] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6747] <... close resumed>) = 0 [pid 6746] write(3, "1000", 4 [pid 6744] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6741] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6744] <... openat resumed>) = 4 [ 130.470485][ T6741] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.488758][ T6741] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6741] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6747] symlink("/dev/binderfs", "./binderfs" [pid 6746] <... write resumed>) = 4 [pid 6745] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6744] ioctl(4, LOOP_SET_FD, 3 [pid 6741] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6740] <... futex resumed>) = 0 [pid 6746] close(3 [pid 6745] <... write resumed>) = 131072 [pid 6741] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6740] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6741] mkdir("./file3", 0777 [pid 6746] <... close resumed>) = 0 [pid 6740] <... futex resumed>) = 0 [pid 6747] <... symlink resumed>) = 0 [pid 6746] symlink("/dev/binderfs", "./binderfs" [pid 6744] <... ioctl resumed>) = 0 [pid 6740] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6745] munmap(0x7fbb60600000, 138412032) = 0 [pid 6745] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6745] ioctl(4, LOOP_SET_FD, 3 [pid 6747] write(1, "executing program\n", 18 [pid 6744] close(3executing program executing program [pid 6747] <... write resumed>) = 18 [pid 6746] <... symlink resumed>) = 0 [pid 6744] <... close resumed>) = 0 [pid 6747] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6747] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6744] close(4 [pid 6747] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6746] write(1, "executing program\n", 18 [pid 6744] <... close resumed>) = 0 [pid 6747] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6744] mkdir("./file2", 0777 [pid 6746] <... write resumed>) = 18 [pid 6746] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6746] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6744] <... mkdir resumed>) = 0 [pid 6746] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6746] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6747] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6746] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6744] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6747] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6746] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6747] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6746] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6747] <... mprotect resumed>) = 0 [pid 6746] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6747] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6748 attached [], 8) = 0 [pid 6746] <... clone3 resumed> => {parent_tid=[6748]}, 88) = 6748 [pid 6747] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6746] rt_sigprocmask(SIG_SETMASK, [], [pid 6745] <... ioctl resumed>) = 0 [pid 6746] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6745] close(3) = 0 [pid 6745] close(4) = 0 [pid 6747] <... clone3 resumed> => {parent_tid=[6749]}, 88) = 6749 [pid 6746] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6745] mkdir("./file2", 0777 [pid 6747] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6747] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6749 attached [ 130.550101][ T6744] loop2: detected capacity change from 0 to 256 [ 130.551837][ T6741] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.569423][ T6745] loop3: detected capacity change from 0 to 256 [pid 6748] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6747] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6746] <... futex resumed>) = 0 [pid 6745] <... mkdir resumed>) = 0 [pid 6749] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6748] <... rseq resumed>) = 0 [pid 6746] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6745] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6749] <... rseq resumed>) = 0 [pid 6748] set_robust_list(0x7fbb68bde9a0, 24 [pid 6749] set_robust_list(0x7fbb68bde9a0, 24 [pid 6748] <... set_robust_list resumed>) = 0 [pid 6749] <... set_robust_list resumed>) = 0 [pid 6748] rt_sigprocmask(SIG_SETMASK, [], [pid 6749] rt_sigprocmask(SIG_SETMASK, [], [pid 6748] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6749] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6749] memfd_create("syzkaller", 0 [pid 6748] memfd_create("syzkaller", 0 [pid 6749] <... memfd_create resumed>) = 3 [pid 6748] <... memfd_create resumed>) = 3 [pid 6749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6748] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6740] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6740] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6740] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6748] <... mmap resumed>) = 0x7fbb60600000 [pid 6740] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6740] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6750]}, 88) = 6750 [pid 6740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6740] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6740] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6750 attached [pid 6750] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6748] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6750] <... rseq resumed>) = 0 [pid 6750] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6749] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6741] <... mkdir resumed>) = -1 EIO (Input/output error) [ 130.599840][ T6741] exFAT-fs (loop4): Filesystem has been set read-only [ 130.616613][ T6744] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6750] openat(AT_FDCWD, ".", O_RDONLY [pid 6741] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6749] <... write resumed>) = 131072 [pid 6748] <... write resumed>) = 131072 [pid 6749] munmap(0x7fbb60600000, 138412032 [pid 6748] munmap(0x7fbb60600000, 138412032 [pid 6740] <... futex resumed>) = ? [pid 6741] +++ killed by SIGSEGV +++ [pid 6750] <... openat resumed>) = ? [pid 6750] +++ killed by SIGSEGV +++ [pid 6749] <... munmap resumed>) = 0 [pid 6748] <... munmap resumed>) = 0 [pid 6740] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6740, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6749] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6749] <... openat resumed>) = 4 [pid 6749] ioctl(4, LOOP_SET_FD, 3 [pid 6748] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... restart_syscall resumed>) = 0 [pid 6748] <... openat resumed>) = 4 [pid 6748] ioctl(4, LOOP_SET_FD, 3 [pid 5822] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6749] <... ioctl resumed>) = 0 [pid 6744] <... mount resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6749] close(3 [pid 5822] newfstatat(3, "", [pid 6749] <... close resumed>) = 0 [pid 6749] close(4) = 0 [pid 6749] mkdir("./file2", 0777 [pid 6744] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6749] <... mkdir resumed>) = 0 [pid 6745] <... mount resumed>) = 0 [pid 6744] <... openat resumed>) = 3 [pid 5822] getdents64(3, [pid 6749] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6745] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6744] chdir("./file2" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6745] <... openat resumed>) = 3 [pid 6744] <... chdir resumed>) = 0 [pid 6745] chdir("./file2" [pid 6744] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6745] <... chdir resumed>) = 0 [pid 6744] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6745] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6744] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6745] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6744] <... futex resumed>) = 1 [pid 6745] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6745] <... futex resumed>) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6742] <... futex resumed>) = 0 [pid 6745] mkdir("./file3", 0777 [pid 6743] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6742] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6744] <... futex resumed>) = 0 [pid 6743] <... futex resumed>) = 0 [pid 6742] <... futex resumed>) = 1 [pid 6744] mkdir("./file3", 0777 [pid 6743] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 130.644573][ T6745] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.665560][ T6744] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 130.676164][ T6749] loop0: detected capacity change from 0 to 256 [ 130.677619][ T6745] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 130.683221][ T6748] loop1: detected capacity change from 0 to 256 [pid 6742] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] <... ioctl resumed>) = 0 [pid 6748] close(3 [pid 6744] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6744] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6742] <... futex resumed>) = ? [pid 5822] <... umount2 resumed>) = 0 [pid 6748] <... close resumed>) = 0 [pid 6744] +++ killed by SIGSEGV +++ [pid 6742] +++ killed by SIGSEGV +++ [ 130.708278][ T6744] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.710927][ T6749] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.717311][ T6745] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.739544][ T6744] exFAT-fs (loop2): Filesystem has been set read-only [pid 6748] close(4 [pid 5822] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6742, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6748] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6748] mkdir("./file2", 0777 [pid 5822] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6748] <... mkdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6748] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... openat resumed>) = 4 [pid 6743] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] newfstatat(4, "", [pid 6743] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6743] <... futex resumed>) = 0 [pid 5822] getdents64(4, [pid 6743] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6743] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] getdents64(4, [pid 6743] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6743] <... mprotect resumed>) = 0 [pid 5822] close(4 [pid 6743] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 6743] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] rmdir("./83/file2" [pid 6743] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6743] <... clone3 resumed> => {parent_tid=[6751]}, 88) = 6751 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6743] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] newfstatat(AT_FDCWD, "./83/binderfs", [pid 6743] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6751 attached [pid 6743] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] unlink("./83/binderfs" [pid 6743] <... futex resumed>) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6743] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] getdents64(3, [pid 5820] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5822] close(3 [pid 5820] newfstatat(3, "", [pid 5822] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] rmdir("./83") = 0 [pid 5822] mkdir("./84", 0777) = 0 [pid 5820] getdents64(3, [pid 6751] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6751] set_robust_list(0x7fbb68bbd9a0, 24 [pid 5822] <... openat resumed>) = 3 [pid 6751] <... set_robust_list resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6751] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... ioctl resumed>) = 0 [pid 6751] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] close(3 [pid 6751] openat(AT_FDCWD, ".", O_RDONLY [pid 5822] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6751] <... openat resumed>) = 4 [pid 6751] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6751] <... futex resumed>) = 1 [pid 6743] <... futex resumed>) = 0 [pid 6751] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6743] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6751] <... ioctl resumed>) = 0 [pid 6743] <... futex resumed>) = 0 [pid 6743] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6751] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6743] <... futex resumed>) = 0 [pid 6751] <... futex resumed>) = 1 [pid 6751] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6752 attached [pid 6745] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6745] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6752] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6751] <... futex resumed>) = ? [pid 6752] chdir("./84" [pid 6751] +++ killed by SIGSEGV +++ [ 130.754640][ T6745] exFAT-fs (loop3): Filesystem has been set read-only [ 130.776067][ T6749] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6745] +++ killed by SIGSEGV +++ [pid 6743] +++ killed by SIGSEGV +++ [pid 6752] <... chdir resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6752 [pid 6752] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6752] setpgid(0, 0) = 0 [pid 6752] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6743, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6752] write(3, "1000", 4 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6752] <... write resumed>) = 4 [pid 6752] close(3) = 0 [pid 6752] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6752] write(1, "executing program\n", 18executing program ) = 18 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6752] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6749] <... mount resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6752] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6752] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6752] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6749] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] getdents64(3, [pid 5820] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6752] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6749] <... openat resumed>) = 3 [pid 6752] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6749] chdir("./file2" [pid 5821] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6752] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] newfstatat(AT_FDCWD, "./83/file2", [pid 6749] <... chdir resumed>) = 0 [pid 6752] <... mprotect resumed>) = 0 [pid 6749] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6752] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6749] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6749] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6749] <... futex resumed>) = 1 [pid 6747] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6749] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6747] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6752] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6749] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6747] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 6752] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6749] mkdir("./file3", 0777 [pid 6747] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] newfstatat(4, "", ./strace-static-x86_64: Process 6753 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6752] <... clone3 resumed> => {parent_tid=[6753]}, 88) = 6753 [pid 6752] rt_sigprocmask(SIG_SETMASK, [], [pid 6753] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6752] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6753] <... rseq resumed>) = 0 [pid 6752] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6753] set_robust_list(0x7fbb68bde9a0, 24 [pid 6752] <... futex resumed>) = 0 [pid 6753] <... set_robust_list resumed>) = 0 [pid 6752] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6753] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... umount2 resumed>) = 0 [pid 6753] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] getdents64(4, [pid 6753] memfd_create("syzkaller", 0) = 3 [pid 6753] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6753] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6748] <... mount resumed>) = 0 [pid 5821] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 5821] newfstatat(AT_FDCWD, "./85/file2", [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 6748] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... close resumed>) = 0 [pid 6753] munmap(0x7fbb60600000, 138412032 [pid 6748] <... openat resumed>) = 3 [pid 5821] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./83/file2" [pid 6753] <... munmap resumed>) = 0 [pid 6748] chdir("./file2" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6748] <... chdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... rmdir resumed>) = 0 [pid 6748] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6753] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6748] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... openat resumed>) = 4 [pid 5820] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6753] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 130.801060][ T6748] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.818501][ T6748] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 130.841235][ T6749] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6753] ioctl(4, LOOP_SET_FD, 3 [pid 6748] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(AT_FDCWD, "./83/binderfs", [pid 6748] <... futex resumed>) = 1 [pid 6746] <... futex resumed>) = 0 [pid 6746] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6746] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6748] mkdir("./file3", 0777 [pid 6753] <... ioctl resumed>) = 0 [pid 6749] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6753] close(3 [pid 6749] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6748] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6747] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] unlink("./83/binderfs" [pid 6747] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(4, [pid 5820] <... unlink resumed>) = 0 [pid 6747] <... futex resumed>) = ? [pid 6753] <... close resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(3, [pid 6749] +++ killed by SIGSEGV +++ [pid 5821] close(4 [pid 6747] +++ killed by SIGSEGV +++ [pid 6753] close(4 [pid 6748] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6753] <... close resumed>) = 0 [pid 6746] <... futex resumed>) = ? [pid 5821] rmdir("./85/file2" [pid 5820] close(3 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6747, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6753] mkdir("./file2", 0777 [pid 6748] +++ killed by SIGSEGV +++ [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6753] <... mkdir resumed>) = 0 [pid 5821] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./83" [pid 6753] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6746] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5820] mkdir("./84", 0777 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6746, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] <... restart_syscall resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] unlink("./85/binderfs" [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... restart_syscall resumed>) = 0 [ 130.860422][ T6753] loop4: detected capacity change from 0 to 256 [ 130.861841][ T6749] exFAT-fs (loop0): Filesystem has been set read-only [ 130.871564][ T6748] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.883117][ T6748] exFAT-fs (loop1): Filesystem has been set read-only [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./85" [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] umount2("./82", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6753] <... mount resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 6753] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] close(3 [pid 5821] mkdir("./86", 0777 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6753] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 5819] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(3, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6753] chdir("./file2" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6753] <... chdir resumed>) = 0 [pid 6753] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... mkdir resumed>) = 0 [pid 6753] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(3, [pid 5819] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6753] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] getdents64(3, [pid 6753] <... futex resumed>) = 1 [pid 6753] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] <... openat resumed>) = 3 [pid 6752] <... futex resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = 0 [pid 6752] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6754 attached [pid 6752] <... futex resumed>) = 1 [pid 5821] <... ioctl resumed>) = 0 [ 130.917026][ T6753] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 130.929908][ T6753] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6754] set_robust_list(0x55555eedf6a0, 24 [pid 6753] <... futex resumed>) = 0 [pid 6752] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6753] mkdir("./file3", 0777 [pid 6754] <... set_robust_list resumed>) = 0 [pid 5821] close(3 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6754 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6754] chdir("./84" [pid 5819] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./82/file2", [pid 6754] <... chdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6754] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] newfstatat(AT_FDCWD, "./84/file2", [pid 5818] umount2("./82/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6754] <... prctl resumed>) = 0 [pid 6753] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6754] setpgid(0, 0 [pid 6753] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./82/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6754] <... setpgid resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 4 [pid 6754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(4, "", [pid 6754] <... openat resumed>) = 3 [pid 6752] <... futex resumed>) = ? [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6755 attached [pid 6754] write(3, "1000", 4 [pid 6753] +++ killed by SIGSEGV +++ [pid 6752] +++ killed by SIGSEGV +++ [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6755] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6755 [pid 6755] <... set_robust_list resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6752, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6755] chdir("./86" [pid 5822] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(4, "", [pid 6754] <... write resumed>) = 4 [pid 5818] getdents64(4, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6754] close(3 [pid 5822] getdents64(3, [pid 5818] getdents64(4, [pid 6754] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(4, [pid 5822] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6754] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] close(4 [pid 6755] <... chdir resumed>) = 0 executing program [pid 6754] <... symlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] <... close resumed>) = 0 [pid 6754] write(1, "executing program\n", 18 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] rmdir("./82/file2" [pid 6754] <... write resumed>) = 18 [pid 5819] close(4 [pid 6755] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6755] <... prctl resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... rmdir resumed>) = 0 [pid 6755] setpgid(0, 0 [pid 6754] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] newfstatat(AT_FDCWD, "./84/file2", [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./82/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6755] <... setpgid resumed>) = 0 [pid 6754] <... futex resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./84/file2" [pid 6755] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6754] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6755] <... openat resumed>) = 3 [pid 6754] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 130.977477][ T6753] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 130.986903][ T6753] exFAT-fs (loop4): Filesystem has been set read-only [pid 5819] <... rmdir resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./82/binderfs", [pid 6755] write(3, "1000", 4 [pid 6754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6755] <... write resumed>) = 4 [pid 6754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6755] close(3 [pid 6754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] newfstatat(4, "", [pid 5819] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6755] <... close resumed>) = 0 [pid 6754] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] unlink("./82/binderfs" [pid 6755] symlink("/dev/binderfs", "./binderfs" [pid 6754] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 5822] getdents64(4, [pid 6755] <... symlink resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... unlink resumed>) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4 [pid 6754] <... mprotect resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5818] getdents64(3, [pid 6755] write(1, "executing program\n", 18 [pid 5822] <... close resumed>) = 0 [pid 6755] <... write resumed>) = 18 [pid 6754] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6755] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rmdir("./84/file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6754] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] close(3 [pid 5819] unlink("./84/binderfs" [pid 6755] <... futex resumed>) = 0 [pid 6754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6755] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] rmdir("./82" [pid 6755] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6755] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6755] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] newfstatat(AT_FDCWD, "./84/binderfs", [pid 6755] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6755] <... mprotect resumed>) = 0 [pid 5822] unlink("./84/binderfs"./strace-static-x86_64: Process 6756 attached [pid 6755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] getdents64(3, [pid 5818] <... rmdir resumed>) = 0 [pid 6756] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6754] <... clone3 resumed> => {parent_tid=[6756]}, 88) = 6756 [pid 6756] <... rseq resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] mkdir("./83", 0777 [pid 6756] set_robust_list(0x7fbb68bde9a0, 24 [pid 6754] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] close(3 [pid 6756] <... set_robust_list resumed>) = 0 [pid 6756] rt_sigprocmask(SIG_SETMASK, [], [pid 6755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] getdents64(3, [pid 6756] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] rmdir("./84" [pid 5818] <... mkdir resumed>) = 0 [pid 6755] <... clone3 resumed> => {parent_tid=[6757]}, 88) = 6757 [pid 5822] close(3 [pid 6755] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... close resumed>) = 0 [pid 6755] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] rmdir("./84" [pid 6755] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... rmdir resumed>) = 0 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] mkdir("./85", 0777./strace-static-x86_64: Process 6757 attached [pid 6756] memfd_create("syzkaller", 0 [pid 6754] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6757] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6754] <... futex resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 6754] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6757] <... rseq resumed>) = 0 [pid 6756] <... memfd_create resumed>) = 3 [pid 5819] mkdir("./85", 0777 [pid 5818] <... openat resumed>) = 3 [pid 6757] set_robust_list(0x7fbb68bde9a0, 24 [pid 6756] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... mkdir resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6757] <... set_robust_list resumed>) = 0 [pid 6756] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... ioctl resumed>) = 0 [pid 6757] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... openat resumed>) = 3 [pid 6757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6757] memfd_create("syzkaller", 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6756] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] <... openat resumed>) = 3 [pid 5818] close(3 [pid 6757] <... memfd_create resumed>) = 3 [pid 6757] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] close(3 [pid 5818] <... close resumed>) = 0 [pid 6757] <... mmap resumed>) = 0x7fbb60600000 [pid 6756] <... write resumed>) = 131072 [pid 5822] <... close resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6758 attached [pid 6757] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6756] munmap(0x7fbb60600000, 138412032 [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 6756] <... munmap resumed>) = 0 [pid 6756] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6759 [pid 5819] <... close resumed>) = 0 [pid 6758] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6758 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6759 attached [pid 6756] <... openat resumed>) = 4 [pid 6759] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 6760 attached ) = 0 [pid 6759] chdir("./85" [pid 6758] <... set_robust_list resumed>) = 0 [pid 6757] <... write resumed>) = 131072 [pid 6756] ioctl(4, LOOP_SET_FD, 3 [pid 6759] <... chdir resumed>) = 0 [pid 6760] set_robust_list(0x55555eedf6a0, 24 [pid 6759] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6758] chdir("./83" [pid 6760] <... set_robust_list resumed>) = 0 [pid 6759] <... prctl resumed>) = 0 [pid 6760] chdir("./85" [pid 6759] setpgid(0, 0 [pid 6760] <... chdir resumed>) = 0 [pid 6759] <... setpgid resumed>) = 0 [pid 6760] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6759] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6760] <... prctl resumed>) = 0 [pid 6759] <... openat resumed>) = 3 [pid 6758] <... chdir resumed>) = 0 [pid 6760] setpgid(0, 0) = 0 [pid 6759] write(3, "1000", 4 [pid 6760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6759] <... write resumed>) = 4 [pid 6760] <... openat resumed>) = 3 [pid 6759] close(3 [pid 6758] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6757] munmap(0x7fbb60600000, 138412032 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6760 [pid 6759] <... close resumed>) = 0 [pid 6759] symlink("/dev/binderfs", "./binderfs" [pid 6760] write(3, "1000", 4 [pid 6759] <... symlink resumed>) = 0 [pid 6758] <... prctl resumed>) = 0 [pid 6757] <... munmap resumed>) = 0 [pid 6760] <... write resumed>) = 4 [pid 6758] setpgid(0, 0 [pid 6757] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6758] <... setpgid resumed>) = 0 [pid 6760] close(3 [pid 6758] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6757] <... openat resumed>) = 4 [pid 6760] <... close resumed>) = 0 executing program [pid 6759] write(1, "executing program\n", 18 [pid 6760] symlink("/dev/binderfs", "./binderfs" [pid 6759] <... write resumed>) = 18 [pid 6760] <... symlink resumed>) = 0 [pid 6759] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6759] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6759] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 executing program [pid 6760] write(1, "executing program\n", 18 [pid 6759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6757] ioctl(4, LOOP_SET_FD, 3 [pid 6759] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6758] <... openat resumed>) = 3 [pid 6756] <... ioctl resumed>) = 0 [pid 6760] <... write resumed>) = 18 [pid 6759] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6760] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] write(3, "1000", 4 [pid 6756] close(3 [pid 6759] <... mprotect resumed>) = 0 [pid 6760] <... futex resumed>) = 0 [pid 6759] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6760] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6759] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6758] <... write resumed>) = 4 [pid 6756] <... close resumed>) = 0 [pid 6760] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6759] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6758] close(3 [pid 6756] close(4./strace-static-x86_64: Process 6761 attached [pid 6760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6758] <... close resumed>) = 0 [pid 6756] <... close resumed>) = 0 [pid 6760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6758] symlink("/dev/binderfs", "./binderfs" [pid 6760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6759] <... clone3 resumed> => {parent_tid=[6761]}, 88) = 6761 [pid 6756] mkdir("./file2", 0777 [pid 6761] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6760] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6759] rt_sigprocmask(SIG_SETMASK, [], [pid 6758] <... symlink resumed>) = 0 [pid 6761] <... rseq resumed>) = 0 [pid 6756] <... mkdir resumed>) = 0 [pid 6761] set_robust_list(0x7fbb68bde9a0, 24 [pid 6760] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE executing program [pid 6759] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6758] write(1, "executing program\n", 18 [pid 6761] <... set_robust_list resumed>) = 0 [pid 6760] <... mprotect resumed>) = 0 [pid 6759] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6758] <... write resumed>) = 18 [pid 6756] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6761] rt_sigprocmask(SIG_SETMASK, [], [pid 6760] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6759] <... futex resumed>) = 0 [pid 6758] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6757] <... ioctl resumed>) = 0 [pid 6761] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6760] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6759] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6758] <... futex resumed>) = 0 [pid 6757] close(3 [pid 6761] memfd_create("syzkaller", 0 [pid 6760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6758] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6757] <... close resumed>) = 0 ./strace-static-x86_64: Process 6762 attached [pid 6761] <... memfd_create resumed>) = 3 [pid 6758] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6757] close(4 [pid 6762] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6758] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6757] <... close resumed>) = 0 [pid 6758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6757] mkdir("./file2", 0777 [pid 6758] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6762] <... rseq resumed>) = 0 [pid 6761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6758] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6762] set_robust_list(0x7fbb68bde9a0, 24 [pid 6761] <... mmap resumed>) = 0x7fbb60600000 [pid 6760] <... clone3 resumed> => {parent_tid=[6762]}, 88) = 6762 [pid 6758] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6762] <... set_robust_list resumed>) = 0 [pid 6761] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6760] rt_sigprocmask(SIG_SETMASK, [], [pid 6762] rt_sigprocmask(SIG_SETMASK, [], [pid 6758] <... mprotect resumed>) = 0 [pid 6762] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6757] <... mkdir resumed>) = 0 [pid 6758] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6762] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6758] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6760] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] <... futex resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 6762] memfd_create("syzkaller", 0 [pid 6760] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6762] <... memfd_create resumed>) = 3 [pid 6761] <... write resumed>) = 131072 [pid 6758] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6757] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""./strace-static-x86_64: Process 6763 attached [pid 6762] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6763] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6762] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6758] <... clone3 resumed> => {parent_tid=[6763]}, 88) = 6763 [pid 6763] <... rseq resumed>) = 0 [pid 6758] rt_sigprocmask(SIG_SETMASK, [], [pid 6763] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6763] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6761] munmap(0x7fbb60600000, 138412032 [pid 6758] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] memfd_create("syzkaller", 0 [pid 6761] <... munmap resumed>) = 0 [ 131.107113][ T6756] loop2: detected capacity change from 0 to 256 [ 131.131867][ T6757] loop3: detected capacity change from 0 to 256 [pid 6762] <... write resumed>) = 131072 [pid 6761] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6761] ioctl(4, LOOP_SET_FD, 3 [pid 6763] <... memfd_create resumed>) = 3 [pid 6762] munmap(0x7fbb60600000, 138412032 [pid 6758] <... futex resumed>) = 0 [pid 6758] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6763] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6762] <... munmap resumed>) = 0 [pid 6763] <... mmap resumed>) = 0x7fbb60600000 [pid 6762] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6762] ioctl(4, LOOP_SET_FD, 3 [pid 6763] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6762] <... ioctl resumed>) = 0 [pid 6763] <... write resumed>) = 131072 [pid 6761] <... ioctl resumed>) = 0 [pid 6762] close(3) = 0 [pid 6762] close(4) = 0 [pid 6761] close(3 [pid 6762] mkdir("./file2", 0777 [pid 6761] <... close resumed>) = 0 [pid 6762] <... mkdir resumed>) = 0 [pid 6761] close(4 [pid 6762] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6761] <... close resumed>) = 0 [ 131.175594][ T6756] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.180450][ T6761] loop4: detected capacity change from 0 to 256 [ 131.198784][ T6762] loop1: detected capacity change from 0 to 256 [ 131.207571][ T6756] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6761] mkdir("./file2", 0777) = 0 [pid 6761] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6756] <... mount resumed>) = 0 [pid 6763] munmap(0x7fbb60600000, 138412032 [pid 6756] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [ 131.213737][ T6757] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.235981][ T6757] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 131.251950][ T6761] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.265735][ T6763] loop0: detected capacity change from 0 to 256 [pid 6763] <... munmap resumed>) = 0 [pid 6757] <... mount resumed>) = 0 [pid 6756] chdir("./file2" [pid 6763] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6756] <... chdir resumed>) = 0 [pid 6763] ioctl(4, LOOP_SET_FD, 3 [pid 6756] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6763] <... ioctl resumed>) = 0 [pid 6757] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6756] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6763] close(3) = 0 [pid 6763] close(4 [pid 6757] <... openat resumed>) = 3 [pid 6763] <... close resumed>) = 0 [pid 6757] chdir("./file2" [pid 6763] mkdir("./file2", 0777 [pid 6757] <... chdir resumed>) = 0 [pid 6757] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6756] <... futex resumed>) = 1 [pid 6757] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6756] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] <... futex resumed>) = 0 [pid 6754] <... futex resumed>) = 0 [pid 6763] <... mkdir resumed>) = 0 [pid 6757] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6755] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6754] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6755] <... futex resumed>) = 0 [pid 6755] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6756] <... futex resumed>) = 0 [pid 6754] <... futex resumed>) = 1 [pid 6756] mkdir("./file3", 0777 [pid 6754] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6763] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 131.266462][ T6762] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.290410][ T6761] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 131.302697][ T6756] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 131.314271][ T6757] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6757] mkdir("./file3", 0777 [pid 6761] <... mount resumed>) = 0 [pid 6761] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6761] chdir("./file2") = 0 [pid 6761] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6761] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6761] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6759] <... futex resumed>) = 0 [pid 6756] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6759] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6756] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6761] <... futex resumed>) = 0 [pid 6759] <... futex resumed>) = 1 [pid 6754] <... futex resumed>) = ? [pid 6761] mkdir("./file3", 0777 [pid 6759] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6755] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6755] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 131.315095][ T6762] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 131.334072][ T6756] exFAT-fs (loop2): Filesystem has been set read-only [ 131.345715][ T6763] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.360496][ T6761] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6757] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6755] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6756] +++ killed by SIGSEGV +++ [pid 6754] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6754, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6755] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6762] <... mount resumed>) = 0 [pid 6762] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6755] <... mprotect resumed>) = 0 [pid 6762] <... openat resumed>) = 3 [pid 6755] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... restart_syscall resumed>) = 0 [pid 6762] chdir("./file2" [pid 6757] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6755] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6762] <... chdir resumed>) = 0 [pid 6762] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5820] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6759] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6755] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6759] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6759] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6759] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] newfstatat(3, "", [pid 6761] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6759] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6762] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6761] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6759] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5820] getdents64(3, [pid 6762] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6759] <... mprotect resumed>) = ? [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6762] <... futex resumed>) = 1 [pid 5820] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6762] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6761] +++ killed by SIGSEGV +++ [pid 6760] <... futex resumed>) = 0 [pid 6759] +++ killed by SIGSEGV +++ [pid 6760] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6759, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6762] <... futex resumed>) = 0 [pid 6760] <... futex resumed>) = 1 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... umount2 resumed>) = 0 [pid 6762] mkdir("./file3", 0777 [pid 6760] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 6764 attached [pid 6755] <... clone3 resumed> ) = ? [pid 5820] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6764] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./84/file2", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 131.370795][ T6757] exFAT-fs (loop3): Filesystem has been set read-only [ 131.378169][ T6761] exFAT-fs (loop4): Filesystem has been set read-only [ 131.404645][ T6763] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5822] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6763] <... mount resumed>) = 0 [pid 6757] +++ killed by SIGSEGV +++ [pid 6755] +++ killed by SIGSEGV +++ [pid 5822] <... openat resumed>) = 3 [pid 6763] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6755, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6763] <... openat resumed>) = 3 [pid 6763] chdir("./file2" [pid 5822] newfstatat(3, "", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6762] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6763] <... chdir resumed>) = 0 [pid 6762] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6763] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... openat resumed>) = 4 [pid 6763] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6760] <... futex resumed>) = ? [pid 5822] getdents64(3, [pid 6763] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6762] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] newfstatat(4, "", [pid 6763] <... futex resumed>) = 1 [pid 6758] <... futex resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6763] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6758] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 6763] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6758] <... futex resumed>) = 0 [pid 6763] mkdir("./file3", 0777 [pid 6758] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6760] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5820] getdents64(4, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6760, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] close(4 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] newfstatat(AT_FDCWD, "./85/file2", [pid 5821] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] rmdir("./84/file2" [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [pid 5819] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... openat resumed>) = 4 [pid 5821] newfstatat(AT_FDCWD, "./86/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] getdents64(4, [pid 5821] <... openat resumed>) = 4 [pid 5819] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6763] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] newfstatat(4, "", [pid 5820] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 6763] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(4, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(3, "", [pid 6758] <... futex resumed>) = ? [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6763] +++ killed by SIGSEGV +++ [pid 5822] close(4 [pid 5821] getdents64(4, [pid 5820] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5822] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 6758] +++ killed by SIGSEGV +++ [pid 5822] rmdir("./85/file2" [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6758, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] <... rmdir resumed>) = 0 [pid 5821] getdents64(4, [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5822] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] unlink("./84/binderfs" [pid 5819] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] close(4 [pid 5820] <... unlink resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] getdents64(3, [pid 5822] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5821] rmdir("./86/file2" [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] close(3 [pid 5819] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] unlink("./85/binderfs") = 0 [pid 5821] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] getdents64(3, [pid 5820] rmdir("./84" [pid 5819] newfstatat(AT_FDCWD, "./85/file2", [pid 5818] umount2("./83", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 131.439699][ T6762] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 131.448980][ T6762] exFAT-fs (loop1): Filesystem has been set read-only [ 131.465326][ T6763] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 131.476134][ T6763] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] close(3 [pid 5821] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5820] mkdir("./85", 0777 [pid 5822] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] rmdir("./85" [pid 5821] unlink("./86/binderfs" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 3 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(3, "", [pid 5822] mkdir("./86", 0777 [pid 5821] getdents64(3, [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... openat resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] newfstatat(4, "", [pid 5821] close(3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... close resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] getdents64(4, [pid 5821] rmdir("./86" [pid 5822] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] close(3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5821] mkdir("./87", 0777) = 0 [pid 5822] close(3 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(4, [pid 5818] <... umount2 resumed>) = 0 [pid 5821] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6765 attached [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... close resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(4) = 0 [pid 5818] newfstatat(AT_FDCWD, "./83/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./85/file2" [pid 5821] close(3 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] umount2("./83/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6765] set_robust_list(0x55555eedf6a0, 24 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... close resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6765 [pid 6765] <... set_robust_list resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./83/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6767 attached ./strace-static-x86_64: Process 6766 attached [pid 6765] chdir("./85" [pid 6766] set_robust_list(0x55555eedf6a0, 24 [pid 6765] <... chdir resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 6766] <... set_robust_list resumed>) = 0 [pid 6765] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6766] chdir("./86" [pid 6765] <... prctl resumed>) = 0 [pid 5819] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6766] <... chdir resumed>) = 0 [pid 6765] setpgid(0, 0 [pid 6766] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6765] <... setpgid resumed>) = 0 [pid 6766] <... prctl resumed>) = 0 [pid 6767] set_robust_list(0x55555eedf6a0, 24 [pid 6766] setpgid(0, 0 [pid 6765] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(4, [pid 6767] <... set_robust_list resumed>) = 0 [pid 6767] chdir("./87" [pid 6765] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6767] <... chdir resumed>) = 0 [pid 6766] <... setpgid resumed>) = 0 [pid 6765] write(3, "1000", 4 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6766 [pid 5818] getdents64(4, [pid 6767] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6767 [pid 5819] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6767] <... prctl resumed>) = 0 [pid 6766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6765] <... write resumed>) = 4 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] close(4 [pid 6767] setpgid(0, 0 [pid 6765] close(3 [pid 5818] <... close resumed>) = 0 [pid 6767] <... setpgid resumed>) = 0 [pid 6765] <... close resumed>) = 0 [pid 5819] unlink("./85/binderfs" [pid 5818] rmdir("./83/file2" [pid 6767] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6766] <... openat resumed>) = 3 [pid 6765] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6767] <... openat resumed>) = 3 [pid 5818] umount2("./83/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6767] write(3, "1000", 4 [pid 6766] write(3, "1000", 4 [pid 6765] <... symlink resumed>) = 0 [pid 5819] getdents64(3, [pid 6767] <... write resumed>) = 4 [pid 6766] <... write resumed>) = 4 [pid 6765] write(1, "executing program\n", 18 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(AT_FDCWD, "./83/binderfs", [pid 6767] close(3executing program [pid 5819] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6767] <... close resumed>) = 0 [pid 6766] close(3 [pid 6765] <... write resumed>) = 18 [pid 5819] <... close resumed>) = 0 [pid 6765] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] <... close resumed>) = 0 [pid 6765] <... futex resumed>) = 0 [pid 6766] symlink("/dev/binderfs", "./binderfs" [pid 6765] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6767] symlink("/dev/binderfs", "./binderfs" [pid 6765] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] rmdir("./85" [pid 5818] unlink("./83/binderfs" [pid 6766] <... symlink resumed>) = 0 [pid 6767] <... symlink resumed>) = 0 [pid 6765] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... rmdir resumed>) = 0 executing program [pid 6767] write(1, "executing program\n", 18executing program [pid 6765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5819] mkdir("./86", 0777 [pid 6767] <... write resumed>) = 18 [pid 6765] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6767] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... mkdir resumed>) = 0 [pid 6766] write(1, "executing program\n", 18 [pid 6765] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6766] <... write resumed>) = 18 [pid 6767] <... futex resumed>) = 0 [pid 5818] getdents64(3, [pid 6766] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6765] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6766] <... futex resumed>) = 0 [pid 6767] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6766] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6765] <... mprotect resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6767] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6766] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6765] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] close(3 [pid 6767] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 6767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] rmdir("./83" [pid 6766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6765] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6765] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6768 attached [pid 6767] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6766] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... ioctl resumed>) = 0 [pid 6766] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6765] <... clone3 resumed> => {parent_tid=[6768]}, 88) = 6768 [pid 6767] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6766] <... mprotect resumed>) = 0 [pid 6765] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] close(3 [pid 6768] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6767] <... mprotect resumed>) = 0 [pid 6766] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6765] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... close resumed>) = 0 [pid 6768] <... rseq resumed>) = 0 [pid 6767] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] mkdir("./84", 0777 [pid 6767] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6769 attached [pid 6769] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6767] <... clone3 resumed> => {parent_tid=[6769]}, 88) = 6769 [pid 6769] <... rseq resumed>) = 0 [pid 6768] set_robust_list(0x7fbb68bde9a0, 24 [pid 6767] rt_sigprocmask(SIG_SETMASK, [], [pid 6765] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6769] set_robust_list(0x7fbb68bde9a0, 24 [pid 6768] <... set_robust_list resumed>) = 0 [pid 6767] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6766] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6765] <... futex resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6770 attached [pid 6769] <... set_robust_list resumed>) = 0 [pid 6768] rt_sigprocmask(SIG_SETMASK, [], [pid 6767] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6765] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6771 attached [pid 6768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6771] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6770] set_robust_list(0x55555eedf6a0, 24 [pid 6769] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] memfd_create("syzkaller", 0 [pid 6767] <... futex resumed>) = 0 [pid 6766] <... clone3 resumed> => {parent_tid=[6771]}, 88) = 6771 [pid 5818] <... ioctl resumed>) = 0 [pid 6771] <... rseq resumed>) = 0 [pid 6770] <... set_robust_list resumed>) = 0 [pid 6769] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6768] <... memfd_create resumed>) = 3 [pid 6767] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6766] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] close(3 [pid 6771] set_robust_list(0x7fbb68bde9a0, 24 [pid 6770] chdir("./86" [pid 6769] memfd_create("syzkaller", 0 [pid 6768] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... close resumed>) = 0 [pid 6771] <... set_robust_list resumed>) = 0 [pid 6770] <... chdir resumed>) = 0 [pid 6766] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6770 [pid 6771] rt_sigprocmask(SIG_SETMASK, [], [pid 6768] <... mmap resumed>) = 0x7fbb60600000 [pid 6766] <... futex resumed>) = 0 [pid 6771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6769] <... memfd_create resumed>) = 3 [pid 6766] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6770] <... prctl resumed>) = 0 [pid 6769] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6771] memfd_create("syzkaller", 0 [pid 6770] setpgid(0, 0 [pid 6769] <... mmap resumed>) = 0x7fbb60600000 [pid 6770] <... setpgid resumed>) = 0 [pid 6769] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6768] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6770] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6771] <... memfd_create resumed>) = 3 [pid 6770] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6772 attached [pid 6771] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6770] write(3, "1000", 4) = 4 [pid 6770] close(3) = 0 [pid 6770] symlink("/dev/binderfs", "./binderfs" [pid 6771] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6770] <... symlink resumed>) = 0 [pid 6769] <... write resumed>) = 131072 [pid 6768] <... write resumed>) = 131072 executing program [pid 6770] write(1, "executing program\n", 18 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6772 [pid 6770] <... write resumed>) = 18 [pid 6770] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6770] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6770] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6769] munmap(0x7fbb60600000, 138412032 [pid 6770] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6769] <... munmap resumed>) = 0 [pid 6770] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6770] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6769] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6770] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6770] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6769] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6773 attached [pid 6772] set_robust_list(0x55555eedf6a0, 24 [pid 6768] munmap(0x7fbb60600000, 138412032 [pid 6772] <... set_robust_list resumed>) = 0 [pid 6771] <... write resumed>) = 131072 [pid 6768] <... munmap resumed>) = 0 [pid 6773] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6772] chdir("./84" [pid 6771] munmap(0x7fbb60600000, 138412032 [pid 6768] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6773] <... rseq resumed>) = 0 [pid 6770] <... clone3 resumed> => {parent_tid=[6773]}, 88) = 6773 [pid 6768] <... openat resumed>) = 4 [pid 6773] set_robust_list(0x7fbb68bde9a0, 24 [pid 6771] <... munmap resumed>) = 0 [pid 6770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6773] <... set_robust_list resumed>) = 0 [pid 6770] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] rt_sigprocmask(SIG_SETMASK, [], [pid 6770] <... futex resumed>) = 0 [pid 6773] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6770] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6773] memfd_create("syzkaller", 0 [pid 6772] <... chdir resumed>) = 0 [pid 6771] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6768] ioctl(4, LOOP_SET_FD, 3 [pid 6772] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6773] <... memfd_create resumed>) = 3 [pid 6772] <... prctl resumed>) = 0 [pid 6771] <... openat resumed>) = 4 [pid 6773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6773] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6773] munmap(0x7fbb60600000, 138412032) = 0 [pid 6772] setpgid(0, 0 [pid 6771] ioctl(4, LOOP_SET_FD, 3 [pid 6772] <... setpgid resumed>) = 0 [pid 6773] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6773] ioctl(4, LOOP_SET_FD, 3 [pid 6769] <... ioctl resumed>) = 0 [pid 6772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6769] close(3 [pid 6772] write(3, "1000", 4 [pid 6769] <... close resumed>) = 0 [pid 6769] close(4) = 0 [pid 6769] mkdir("./file2", 0777 [pid 6772] <... write resumed>) = 4 [pid 6769] <... mkdir resumed>) = 0 [pid 6769] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6772] close(3) = 0 [pid 6768] <... ioctl resumed>) = 0 [pid 6772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6768] close(3executing program [pid 6772] write(1, "executing program\n", 18 [pid 6768] <... close resumed>) = 0 [pid 6772] <... write resumed>) = 18 [pid 6768] close(4 [pid 6772] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... close resumed>) = 0 [pid 6773] <... ioctl resumed>) = 0 [pid 6772] <... futex resumed>) = 0 [pid 6771] <... ioctl resumed>) = 0 [pid 6768] mkdir("./file2", 0777 [pid 6772] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6768] <... mkdir resumed>) = 0 [pid 6772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6768] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6773] close(3 [pid 6772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6771] close(3 [pid 6773] <... close resumed>) = 0 [pid 6772] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6771] <... close resumed>) = 0 [pid 6772] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6771] close(4 [pid 6772] <... mprotect resumed>) = 0 [pid 6771] <... close resumed>) = 0 [pid 6773] close(4) = 0 [pid 6772] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6771] mkdir("./file2", 0777 [pid 6773] mkdir("./file2", 0777 [pid 6772] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6771] <... mkdir resumed>) = 0 [pid 6773] <... mkdir resumed>) = 0 [ 131.656039][ T6769] loop3: detected capacity change from 0 to 256 [ 131.669643][ T6768] loop2: detected capacity change from 0 to 256 [ 131.678291][ T6771] loop4: detected capacity change from 0 to 256 [ 131.682007][ T6773] loop1: detected capacity change from 0 to 256 [pid 6772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6774 attached [pid 6771] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6772] <... clone3 resumed> => {parent_tid=[6774]}, 88) = 6774 [pid 6773] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6774] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6772] rt_sigprocmask(SIG_SETMASK, [], [pid 6774] set_robust_list(0x7fbb68bde9a0, 24 [pid 6772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6774] <... set_robust_list resumed>) = 0 [ 131.732704][ T6769] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.732961][ T6768] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6772] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] rt_sigprocmask(SIG_SETMASK, [], [pid 6772] <... futex resumed>) = 0 [pid 6774] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6772] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6774] memfd_create("syzkaller", 0) = 3 [pid 6774] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 131.773080][ T6769] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 131.810877][ T6768] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6774] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6774] munmap(0x7fbb60600000, 138412032 [pid 6769] <... mount resumed>) = 0 [pid 6774] <... munmap resumed>) = 0 [pid 6774] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6769] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6768] <... mount resumed>) = 0 [pid 6773] <... mount resumed>) = 0 [pid 6769] <... openat resumed>) = 3 [pid 6773] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6769] chdir("./file2") = 0 [pid 6769] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6773] <... openat resumed>) = 3 [pid 6769] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6773] chdir("./file2" [pid 6769] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... chdir resumed>) = 0 [pid 6769] <... futex resumed>) = 1 [pid 6767] <... futex resumed>) = 0 [pid 6769] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6767] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6769] <... futex resumed>) = 0 [pid 6767] <... futex resumed>) = 1 [pid 6769] mkdir("./file3", 0777 [pid 6774] <... openat resumed>) = 4 [pid 6768] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6774] ioctl(4, LOOP_SET_FD, 3 [pid 6768] <... openat resumed>) = 3 [pid 6767] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6773] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6773] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6773] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6770] <... futex resumed>) = 0 [pid 6770] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6773] <... futex resumed>) = 0 [pid 6770] <... futex resumed>) = 1 [ 131.825394][ T6773] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.834466][ T6771] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.840165][ T6773] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 131.850507][ T6771] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 131.868991][ T6774] loop0: detected capacity change from 0 to 256 [pid 6773] mkdir("./file3", 0777 [pid 6770] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... ioctl resumed>) = 0 [pid 6768] chdir("./file2" [pid 6771] <... mount resumed>) = 0 [pid 6771] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6771] chdir("./file2") = 0 [pid 6771] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6771] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6771] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6774] close(3 [pid 6773] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6768] <... chdir resumed>) = 0 [pid 6766] <... futex resumed>) = 0 [pid 6774] <... close resumed>) = 0 [pid 6773] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6768] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6766] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6768] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6774] close(4 [pid 6766] <... futex resumed>) = 1 [pid 6768] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6766] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] <... close resumed>) = 0 [pid 6771] <... futex resumed>) = 0 [pid 6768] <... futex resumed>) = 1 [pid 6774] mkdir("./file2", 0777 [pid 6765] <... futex resumed>) = 0 [pid 6771] mkdir("./file3", 0777 [pid 6770] <... futex resumed>) = ? [pid 6768] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6765] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6774] <... mkdir resumed>) = 0 [pid 6768] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6765] <... futex resumed>) = 0 [pid 6767] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6767] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6767] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6773] +++ killed by SIGSEGV +++ [pid 6770] +++ killed by SIGSEGV +++ [pid 6767] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6765] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6774] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6768] mkdir("./file3", 0777 [pid 6767] <... mprotect resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6770, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [ 131.874738][ T6773] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 131.885424][ T6769] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 131.889905][ T6773] exFAT-fs (loop1): Filesystem has been set read-only [ 131.898423][ T6769] exFAT-fs (loop3): Filesystem has been set read-only [ 131.912377][ T6771] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6767] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6767] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6771] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6769] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6767] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6769] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6767] <... clone3 resumed> ) = ? [pid 5819] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6769] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6775 attached [pid 5819] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6775] +++ killed by SIGSEGV +++ [pid 6767] +++ killed by SIGSEGV +++ [pid 5819] <... openat resumed>) = 3 [pid 5819] newfstatat(3, "", [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6767, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6774] <... mount resumed>) = 0 [pid 6771] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6768] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6766] <... futex resumed>) = ? [pid 6765] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6774] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6768] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6765] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6774] <... openat resumed>) = 3 [pid 6765] <... futex resumed>) = ? [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6774] chdir("./file2" [pid 5821] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./86/file2", [pid 6774] <... chdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6774] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6774] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(3, "", [pid 5819] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6768] +++ killed by SIGSEGV +++ [pid 6765] +++ killed by SIGSEGV +++ [pid 6774] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 4 [pid 6774] <... futex resumed>) = 1 [pid 6772] <... futex resumed>) = 0 [pid 5821] getdents64(3, [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6765, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5819] newfstatat(4, "", [pid 6774] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6772] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6774] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6772] <... futex resumed>) = 0 [pid 5821] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 6774] mkdir("./file3", 0777 [pid 6772] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6771] +++ killed by SIGSEGV +++ [pid 6766] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6766, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] restart_syscall(<... resuming interrupted clone ...> [ 131.925495][ T6768] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 131.936931][ T6771] exFAT-fs (loop4): Filesystem has been set read-only [ 131.941969][ T6774] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 131.951530][ T6768] exFAT-fs (loop2): Filesystem has been set read-only [ 131.965440][ T6774] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] getdents64(4, [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6774] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] newfstatat(AT_FDCWD, "./87/file2", [pid 5819] close(4 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6774] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... close resumed>) = 0 [pid 6772] <... futex resumed>) = ? [pid 5821] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./86/file2" [pid 6774] +++ killed by SIGSEGV +++ [pid 5822] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 4 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] newfstatat(4, "", [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, [pid 5821] getdents64(4, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, [pid 6772] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = 0 [pid 5819] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6772, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5821] <... close resumed>) = 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5821] rmdir("./87/file2") = 0 [pid 5820] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5818] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./85/file2", [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./86/file2", [pid 5821] unlink("./87/binderfs" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./86/binderfs" [pid 5818] umount2("./84", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [ 131.990123][ T6774] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.000061][ T6774] exFAT-fs (loop0): Filesystem has been set read-only [pid 5818] openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(3, [pid 5820] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 5822] <... openat resumed>) = 4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5819] close(3 [pid 5818] newfstatat(3, "", [pid 5822] newfstatat(4, "", [pid 5821] close(3 [pid 5820] newfstatat(4, "", [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] rmdir("./86" [pid 5818] getdents64(3, [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] rmdir("./87" [pid 5820] getdents64(4, [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] getdents64(4, [pid 5818] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] mkdir("./87", 0777 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./86/file2" [pid 5821] mkdir("./88", 0777 [pid 5820] getdents64(4, [pid 5818] <... umount2 resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... mkdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] rmdir("./85/file2" [pid 5819] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5821] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./84/file2", [pid 5822] unlink("./86/binderfs" [pid 5821] <... ioctl resumed>) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 5821] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./85/binderfs", [pid 5818] umount2("./84/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] openat(AT_FDCWD, "./84/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] unlink("./85/binderfs" [pid 5818] <... openat resumed>) = 4 [pid 5820] <... unlink resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 5820] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(4, [pid 5820] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... close resumed>) = 0 [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6776 attached [pid 5822] close(3 [pid 5820] rmdir("./85" [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] getdents64(4, [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./86"./strace-static-x86_64: Process 6777 attached ) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6777] set_robust_list(0x55555eedf6a0, 24 [pid 6776] set_robust_list(0x55555eedf6a0, 24 [pid 5822] mkdir("./87", 0777 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6776 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6777 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./84/file2" [pid 6777] <... set_robust_list resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] mkdir("./86", 0777 [pid 5818] <... rmdir resumed>) = 0 [pid 6777] chdir("./87" [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... mkdir resumed>) = 0 [pid 6777] <... chdir resumed>) = 0 [pid 6777] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6776] <... set_robust_list resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6776] chdir("./88" [pid 5818] umount2("./84/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6777] <... prctl resumed>) = 0 [pid 6776] <... chdir resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6777] setpgid(0, 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] close(3 [pid 6776] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... openat resumed>) = 3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6776] <... prctl resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6776] setpgid(0, 0 [pid 5820] <... ioctl resumed>) = 0 [pid 6776] <... setpgid resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] close(3 [pid 5818] newfstatat(AT_FDCWD, "./84/binderfs", [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6776] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6778 attached [pid 6777] <... setpgid resumed>) = 0 [pid 6776] <... openat resumed>) = 3 [pid 5820] <... close resumed>) = 0 [pid 5818] unlink("./84/binderfs" [pid 6776] write(3, "1000", 4 [pid 5818] <... unlink resumed>) = 0 [pid 6776] <... write resumed>) = 4 [pid 5818] getdents64(3, [pid 6776] close(3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6776] <... close resumed>) = 0 [pid 5818] close(3 [pid 6776] symlink("/dev/binderfs", "./binderfs" [pid 6778] set_robust_list(0x55555eedf6a0, 24 [pid 6777] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6778 [pid 6778] <... set_robust_list resumed>) = 0 [pid 6777] <... openat resumed>) = 3 [pid 6776] <... symlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6778] chdir("./87" [pid 6777] write(3, "1000", 4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program [pid 6778] <... chdir resumed>) = 0 [pid 6777] <... write resumed>) = 4 [pid 6776] write(1, "executing program\n", 18./strace-static-x86_64: Process 6779 attached [pid 6778] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6777] close(3 [pid 6778] <... prctl resumed>) = 0 [pid 6777] <... close resumed>) = 0 [pid 6778] setpgid(0, 0 [pid 6777] symlink("/dev/binderfs", "./binderfs" [pid 6776] <... write resumed>) = 18 [pid 5818] rmdir("./84" [pid 6779] set_robust_list(0x55555eedf6a0, 24 [pid 6778] <... setpgid resumed>) = 0 [pid 6777] <... symlink resumed>) = 0 [pid 6776] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000executing program [pid 5818] <... rmdir resumed>) = 0 [pid 6779] <... set_robust_list resumed>) = 0 [pid 6778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6777] write(1, "executing program\n", 18 [pid 6776] <... futex resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6779 [pid 6779] chdir("./86" [pid 6778] <... openat resumed>) = 3 [pid 6777] <... write resumed>) = 18 [pid 6776] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] mkdir("./85", 0777 [pid 6779] <... chdir resumed>) = 0 [pid 6778] write(3, "1000", 4 [pid 6777] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6776] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6779] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6778] <... write resumed>) = 4 [pid 6777] <... futex resumed>) = 0 [pid 6776] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6779] <... prctl resumed>) = 0 [pid 6778] close(3 [pid 6777] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6777] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6779] setpgid(0, 0 [pid 6778] <... close resumed>) = 0 [pid 6777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6776] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6777] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6776] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6779] <... setpgid resumed>) = 0 [pid 6778] symlink("/dev/binderfs", "./binderfs" [pid 6777] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6776] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... openat resumed>) = 3 [pid 6777] <... mprotect resumed>) = 0 [pid 6776] <... mprotect resumed>) = 0 [pid 6779] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6778] <... symlink resumed>) = 0 [pid 6777] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 6779] <... openat resumed>) = 3 [pid 6778] write(1, "executing program\n", 18 [pid 6777] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6776] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6778] <... write resumed>) = 18 [pid 5818] <... ioctl resumed>) = 0 [pid 5818] close(3./strace-static-x86_64: Process 6780 attached [pid 6778] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... close resumed>) = 0 [pid 6780] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6779] write(3, "1000", 4 [pid 6778] <... futex resumed>) = 0 [pid 6777] <... clone3 resumed> => {parent_tid=[6780]}, 88) = 6780 [pid 6780] <... rseq resumed>) = 0 [pid 6779] <... write resumed>) = 4 [pid 6778] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6777] rt_sigprocmask(SIG_SETMASK, [], [pid 6780] set_robust_list(0x7fbb68bde9a0, 24 [pid 6779] close(3 [pid 6778] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6780] <... set_robust_list resumed>) = 0 [pid 6778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6777] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] rt_sigprocmask(SIG_SETMASK, [], [pid 6779] <... close resumed>) = 0 [pid 6778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6777] <... futex resumed>) = 0 [pid 6780] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6780] memfd_create("syzkaller", 0 [pid 6778] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6776] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6780] <... memfd_create resumed>) = 3 [pid 6778] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6777] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6776] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6782 attached ./strace-static-x86_64: Process 6781 attached [pid 6780] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6779] symlink("/dev/binderfs", "./binderfs" [pid 6778] <... mprotect resumed>) = 0 [pid 6780] <... mmap resumed>) = 0x7fbb60600000 [pid 6778] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6776] <... clone3 resumed> => {parent_tid=[6781]}, 88) = 6781 [pid 6778] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6776] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6782 [pid 6782] set_robust_list(0x55555eedf6a0, 24 [pid 6781] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6779] <... symlink resumed>) = 0 [pid 6778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6776] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6782] <... set_robust_list resumed>) = 0 [pid 6781] <... rseq resumed>) = 0 [pid 6776] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6783 attached [pid 6782] chdir("./85" [pid 6781] set_robust_list(0x7fbb68bde9a0, 24 [pid 6779] write(1, "executing program\n", 18executing program [pid 6776] <... futex resumed>) = 0 [pid 6783] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6782] <... chdir resumed>) = 0 [pid 6781] <... set_robust_list resumed>) = 0 [pid 6780] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6779] <... write resumed>) = 18 [pid 6776] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6783] <... rseq resumed>) = 0 [pid 6783] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6783] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6783] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6779] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6781] rt_sigprocmask(SIG_SETMASK, [], [pid 6780] <... write resumed>) = 131072 [pid 6779] <... futex resumed>) = 0 [pid 6778] <... clone3 resumed> => {parent_tid=[6783]}, 88) = 6783 [pid 6782] <... prctl resumed>) = 0 [pid 6781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6779] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6778] rt_sigprocmask(SIG_SETMASK, [], [pid 6782] setpgid(0, 0 [pid 6781] memfd_create("syzkaller", 0 [pid 6779] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6782] <... setpgid resumed>) = 0 [pid 6781] <... memfd_create resumed>) = 3 [pid 6780] munmap(0x7fbb60600000, 138412032 [pid 6779] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6778] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6782] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6781] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6778] <... futex resumed>) = 1 [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6778] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6783] <... futex resumed>) = 0 [pid 6779] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6779] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6783] memfd_create("syzkaller", 0 [pid 6782] <... openat resumed>) = 3 [pid 6781] <... mmap resumed>) = 0x7fbb60600000 [pid 6780] <... munmap resumed>) = 0 [pid 6779] <... mprotect resumed>) = 0 [pid 6783] <... memfd_create resumed>) = 3 [pid 6779] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6783] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6782] write(3, "1000", 4 [pid 6781] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6780] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6779] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6782] <... write resumed>) = 4 [pid 6779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6782] close(3 [pid 6780] <... openat resumed>) = 4 [pid 6782] <... close resumed>) = 0 [pid 6782] symlink("/dev/binderfs", "./binderfs" [pid 6780] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 6784 attached [pid 6784] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6784] set_robust_list(0x7fbb68bde9a0, 24 [pid 6783] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6784] <... set_robust_list resumed>) = 0 [pid 6784] rt_sigprocmask(SIG_SETMASK, [], [pid 6783] <... write resumed>) = 131072 [pid 6781] <... write resumed>) = 131072 [pid 6784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6784] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] munmap(0x7fbb60600000, 138412032 [pid 6779] <... clone3 resumed> => {parent_tid=[6784]}, 88) = 6784 [pid 6779] rt_sigprocmask(SIG_SETMASK, [], [pid 6782] <... symlink resumed>) = 0 [pid 6781] munmap(0x7fbb60600000, 138412032 [pid 6779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6779] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6783] <... munmap resumed>) = 0 [pid 6784] <... futex resumed>) = 0 executing program [pid 6782] write(1, "executing program\n", 18 [pid 6781] <... munmap resumed>) = 0 [pid 6780] <... ioctl resumed>) = 0 [pid 6779] <... futex resumed>) = 1 [pid 6783] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6784] memfd_create("syzkaller", 0 [pid 6782] <... write resumed>) = 18 [pid 6781] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6780] close(3 [pid 6779] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6784] <... memfd_create resumed>) = 3 [pid 6783] <... openat resumed>) = 4 [pid 6782] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] <... openat resumed>) = 4 [pid 6780] <... close resumed>) = 0 [pid 6783] ioctl(4, LOOP_SET_FD, 3 [pid 6781] ioctl(4, LOOP_SET_FD, 3 [pid 6784] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6782] <... futex resumed>) = 0 [pid 6780] close(4 [pid 6784] <... mmap resumed>) = 0x7fbb60600000 [pid 6782] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6784] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6782] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6780] <... close resumed>) = 0 [pid 6783] <... ioctl resumed>) = 0 [pid 6782] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6781] <... ioctl resumed>) = 0 [pid 6783] close(3 [pid 6782] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6780] mkdir("./file2", 0777 [pid 6784] <... write resumed>) = 131072 [pid 6783] <... close resumed>) = 0 [pid 6782] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6781] close(3 [pid 6780] <... mkdir resumed>) = 0 [pid 6783] close(4 [pid 6782] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6781] <... close resumed>) = 0 [pid 6783] <... close resumed>) = 0 [pid 6782] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6781] close(4 [pid 6780] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6782] <... mprotect resumed>) = 0 [pid 6781] <... close resumed>) = 0 [pid 6784] munmap(0x7fbb60600000, 138412032 [pid 6782] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6781] mkdir("./file2", 0777 [pid 6784] <... munmap resumed>) = 0 [pid 6782] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6781] <... mkdir resumed>) = 0 [pid 6784] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6783] mkdir("./file2", 0777 [ 132.230663][ T6780] loop1: detected capacity change from 0 to 256 [ 132.255287][ T6781] loop3: detected capacity change from 0 to 256 [ 132.261762][ T6783] loop4: detected capacity change from 0 to 256 [pid 6782] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6785 attached [pid 6784] <... openat resumed>) = 4 [pid 6783] <... mkdir resumed>) = 0 [pid 6781] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6785] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6784] ioctl(4, LOOP_SET_FD, 3 [pid 6782] <... clone3 resumed> => {parent_tid=[6785]}, 88) = 6785 [pid 6785] <... rseq resumed>) = 0 [pid 6785] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6785] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6785] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6783] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6782] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] <... futex resumed>) = 0 [pid 6782] <... futex resumed>) = 1 [pid 6784] <... ioctl resumed>) = 0 [pid 6780] <... mount resumed>) = 0 [pid 6784] close(3 [pid 6780] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6785] memfd_create("syzkaller", 0 [pid 6784] <... close resumed>) = 0 [pid 6780] <... openat resumed>) = 3 [pid 6784] close(4 [pid 6780] chdir("./file2" [pid 6784] <... close resumed>) = 0 [pid 6780] <... chdir resumed>) = 0 [ 132.297109][ T6780] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.311298][ T6780] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.323840][ T6784] loop2: detected capacity change from 0 to 256 [pid 6784] mkdir("./file2", 0777 [pid 6780] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6785] <... memfd_create resumed>) = 3 [pid 6784] <... mkdir resumed>) = 0 [pid 6780] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6780] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6777] <... futex resumed>) = 0 [pid 6785] <... mmap resumed>) = 0x7fbb60600000 [pid 6780] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6777] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6780] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6777] <... futex resumed>) = 0 [pid 6780] mkdir("./file3", 0777 [pid 6777] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6785] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6782] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6785] <... write resumed>) = 131072 [pid 6785] munmap(0x7fbb60600000, 138412032) = 0 [ 132.346436][ T6780] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.354895][ T6781] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.371682][ T6780] exFAT-fs (loop1): Filesystem has been set read-only [ 132.376954][ T6783] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6777] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6777] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6777] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6777] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6777] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6777] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6786]}, 88) = 6786 [pid 6777] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6777] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6785] ioctl(4, LOOP_SET_FD, 3 [pid 6777] <... futex resumed>) = 0 [pid 6777] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6785] <... ioctl resumed>) = 0 [pid 6780] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6780] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6785] close(3 [pid 6781] <... mount resumed>) = 0 [pid 6785] <... close resumed>) = 0 [pid 6780] +++ killed by SIGSEGV +++ [pid 6785] close(4 [pid 6781] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6786 attached [pid 6785] <... close resumed>) = 0 [pid 6786] +++ killed by SIGSEGV +++ [pid 6785] mkdir("./file2", 0777 [pid 6781] <... openat resumed>) = 3 [pid 6777] <... futex resumed>) = ? [pid 6785] <... mkdir resumed>) = 0 [pid 6781] chdir("./file2" [pid 6777] +++ killed by SIGSEGV +++ [pid 6781] <... chdir resumed>) = 0 [pid 6785] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6781] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6777, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6781] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6783] <... mount resumed>) = 0 [ 132.380079][ T6781] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.400980][ T6785] loop0: detected capacity change from 0 to 256 [ 132.401621][ T6784] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.408979][ T6783] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.431282][ T6784] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6784] <... mount resumed>) = 0 [pid 6783] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6781] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6784] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6784] chdir("./file2") = 0 [pid 6784] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6784] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6779] <... futex resumed>) = 0 [pid 6779] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6784] mkdir("./file3", 0777 [pid 6783] <... openat resumed>) = 3 [pid 6781] <... futex resumed>) = 1 [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] mkdir("./file3", 0777 [pid 6783] chdir("./file2" [pid 6776] <... futex resumed>) = 0 [pid 6776] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6783] <... chdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5819] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6783] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./87/file2", [pid 6783] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6783] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6783] <... futex resumed>) = 1 [pid 6778] <... futex resumed>) = 0 [pid 5819] getdents64(4, [pid 6778] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6778] <... futex resumed>) = 0 [pid 5819] close(4 [pid 6778] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./87/file2" [pid 6783] mkdir("./file3", 0777 [pid 5819] <... rmdir resumed>) = 0 [pid 6785] <... mount resumed>) = 0 [pid 5819] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 132.454440][ T6785] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.465525][ T6784] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.467879][ T6785] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.493230][ T6783] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6785] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./87/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./87") = 0 [pid 5819] mkdir("./88", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [pid 6785] chdir("./file2" [pid 5819] <... close resumed>) = 0 [pid 6785] <... chdir resumed>) = 0 [pid 6779] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6785] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6779] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6779] <... futex resumed>) = 0 [pid 6785] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6783] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6781] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6779] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6785] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6779] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6785] <... futex resumed>) = 1 [pid 6782] <... futex resumed>) = 0 [pid 6779] <... mprotect resumed>) = 0 [pid 6785] mkdir("./file3", 0777 [pid 6782] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6779] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6787 attached [pid 6783] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6782] <... futex resumed>) = 0 [pid 6781] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6776] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6779] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6779] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6788 attached => {parent_tid=[6788]}, 88) = 6788 [pid 6779] rt_sigprocmask(SIG_SETMASK, [], [pid 6787] set_robust_list(0x55555eedf6a0, 24 [pid 6779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6787 [pid 6779] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6779] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6788] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6787] <... set_robust_list resumed>) = 0 [pid 6788] <... rseq resumed>) = 0 [pid 6787] chdir("./88" [pid 6788] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6787] <... chdir resumed>) = 0 [pid 6788] <... set_robust_list resumed>) = 0 [pid 6787] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6788] rt_sigprocmask(SIG_SETMASK, [], [pid 6787] <... prctl resumed>) = 0 [pid 6788] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6787] setpgid(0, 0 [pid 6788] openat(AT_FDCWD, ".", O_RDONLY [pid 6787] <... setpgid resumed>) = 0 [pid 6784] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6788] <... openat resumed>) = 4 [pid 6787] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6784] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6778] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6787] <... openat resumed>) = 3 [pid 6779] <... futex resumed>) = ? [pid 6778] ???( [pid 6788] +++ killed by SIGSEGV +++ [pid 6787] write(3, "1000", 4 [pid 6784] +++ killed by SIGSEGV +++ [pid 6782] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6787] <... write resumed>) = 4 [pid 6787] close(3) = 0 [pid 6779] +++ killed by SIGSEGV +++ [pid 6787] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6779, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6787] write(1, "executing program\n", 18 [pid 6778] <... ??? resumed>) = ? [pid 6787] <... write resumed>) = 18 [pid 6787] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6781] +++ killed by SIGSEGV +++ [pid 6776] +++ killed by SIGSEGV +++ [pid 6787] <... futex resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6776, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6787] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6787] <... rt_sigaction resumed>NULL, 8) = 0 [ 132.502475][ T6781] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.511280][ T6784] exFAT-fs (loop2): Filesystem has been set read-only [ 132.513780][ T6783] exFAT-fs (loop4): Filesystem has been set read-only [ 132.526440][ T6781] exFAT-fs (loop3): Filesystem has been set read-only [ 132.536547][ T6785] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6787] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6785] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6783] +++ killed by SIGSEGV +++ [pid 6778] +++ killed by SIGSEGV +++ [pid 5821] <... restart_syscall resumed>) = 0 [pid 6787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6787] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6778, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6787] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6785] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6787] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6787] <... mprotect resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6787] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... openat resumed>) = 3 [pid 5821] newfstatat(3, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6787] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(3, [pid 6787] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6789 attached [pid 5822] <... openat resumed>) = 3 [pid 6789] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6787] <... clone3 resumed> => {parent_tid=[6789]}, 88) = 6789 [pid 6789] <... rseq resumed>) = 0 [pid 6787] rt_sigprocmask(SIG_SETMASK, [], [pid 6789] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6787] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] rt_sigprocmask(SIG_SETMASK, [], [pid 6787] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6787] <... futex resumed>) = 0 [pid 6789] memfd_create("syzkaller", 0 [pid 5822] newfstatat(3, "", [pid 5820] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6787] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6789] <... memfd_create resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6782] <... futex resumed>) = ? [pid 5822] getdents64(3, [pid 5821] <... umount2 resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6789] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6789] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(AT_FDCWD, "./88/file2", [pid 5820] <... openat resumed>) = 3 [pid 6789] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(3, "", [pid 5822] <... umount2 resumed>) = 0 [pid 5821] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] newfstatat(AT_FDCWD, "./87/file2", [pid 5821] <... openat resumed>) = 4 [pid 5820] getdents64(3, [pid 5821] newfstatat(4, "", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6789] <... write resumed>) = 131072 [pid 5822] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./88/file2") = 0 [pid 5821] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./88/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 6789] munmap(0x7fbb60600000, 138412032 [pid 5821] rmdir("./88" [pid 6789] <... munmap resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5821] mkdir("./89", 0777 [pid 5822] newfstatat(4, "", [pid 5821] <... mkdir resumed>) = 0 [pid 5820] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6789] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] getdents64(4, [pid 5821] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6789] <... openat resumed>) = 4 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] newfstatat(AT_FDCWD, "./86/file2", [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6789] ioctl(4, LOOP_SET_FD, 3 [pid 5821] close(3 [pid 6785] +++ killed by SIGSEGV +++ [pid 6782] +++ killed by SIGSEGV +++ [pid 5822] getdents64(4, [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6782, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5822] close(4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] rmdir("./87/file2" [pid 5820] <... openat resumed>) = 4 [pid 5818] umount2("./85", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 5818] <... openat resumed>) = 3 [pid 5822] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] newfstatat(3, "", [pid 6789] <... ioctl resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] getdents64(4, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] unlink("./87/binderfs" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] getdents64(3, [pid 5822] <... unlink resumed>) = 0 [pid 5820] close(4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 6790 attached [pid 6789] close(3 [pid 5822] getdents64(3, [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6790 [pid 5820] <... close resumed>) = 0 [pid 5818] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6790] set_robust_list(0x55555eedf6a0, 24 [pid 6789] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] rmdir("./86/file2" [pid 5818] <... umount2 resumed>) = 0 [pid 6790] <... set_robust_list resumed>) = 0 [pid 6789] close(4 [pid 5822] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6790] chdir("./89" [pid 6789] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6789] mkdir("./file2", 0777 [pid 5822] rmdir("./87" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./85/file2", [pid 6789] <... mkdir resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] mkdir("./88", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./85/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... mkdir resumed>) = 0 [pid 5820] unlink("./86/binderfs" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... unlink resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./85/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... openat resumed>) = 3 [pid 5820] getdents64(3, [pid 5818] <... openat resumed>) = 4 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(4, "", [pid 5822] <... ioctl resumed>) = 0 [pid 5820] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] close(3 [pid 5820] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5822] <... close resumed>) = 0 [pid 5820] rmdir("./86" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... rmdir resumed>) = 0 [pid 5818] getdents64(4, ./strace-static-x86_64: Process 6791 attached [pid 6790] <... chdir resumed>) = 0 [pid 6789] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] mkdir("./87", 0777 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6791] set_robust_list(0x55555eedf6a0, 24 [pid 6790] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6791 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] close(4 [pid 6791] <... set_robust_list resumed>) = 0 [pid 6790] <... prctl resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... close resumed>) = 0 [ 132.553713][ T6785] exFAT-fs (loop0): Filesystem has been set read-only [ 132.592582][ T6789] loop1: detected capacity change from 0 to 256 [pid 6791] chdir("./88" [pid 6790] setpgid(0, 0 [pid 5820] <... openat resumed>) = 3 [pid 5818] rmdir("./85/file2" [pid 6791] <... chdir resumed>) = 0 [pid 6790] <... setpgid resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] <... rmdir resumed>) = 0 [pid 6791] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6790] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... ioctl resumed>) = 0 [pid 5818] umount2("./85/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6791] <... prctl resumed>) = 0 [pid 6790] <... openat resumed>) = 3 [pid 5820] close(3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6791] setpgid(0, 0 [pid 6790] write(3, "1000", 4 [pid 5818] newfstatat(AT_FDCWD, "./85/binderfs", [pid 6791] <... setpgid resumed>) = 0 [pid 6790] <... write resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6791] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6790] close(3 [pid 5818] unlink("./85/binderfs" [pid 6790] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6791] <... openat resumed>) = 3 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] getdents64(3, ./strace-static-x86_64: Process 6792 attached [pid 6790] symlink("/dev/binderfs", "./binderfs" [pid 6791] write(3, "1000", 4 [pid 6792] set_robust_list(0x55555eedf6a0, 24 [pid 6791] <... write resumed>) = 4 [pid 6792] <... set_robust_list resumed>) = 0 [pid 6791] close(3 [pid 6792] chdir("./87" [pid 6791] <... close resumed>) = 0 [pid 6791] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6792 [pid 6792] <... chdir resumed>) = 0 [pid 6792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6792] setpgid(0, 0) = 0 [pid 6792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6792] write(3, "1000", 4) = 4 [pid 6792] close(3) = 0 [pid 6792] symlink("/dev/binderfs", "./binderfs" [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./85") = 0 [pid 5818] mkdir("./86", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3executing program executing program [pid 6792] <... symlink resumed>) = 0 [pid 6790] <... symlink resumed>) = 0 [pid 6790] write(1, "executing program\n", 18 [pid 6792] write(1, "executing program\n", 18 [pid 6790] <... write resumed>) = 18 [pid 6792] <... write resumed>) = 18 [pid 6790] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... close resumed>) = 0 [pid 6792] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... futex resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6790] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, ./strace-static-x86_64: Process 6793 attached [pid 6792] <... futex resumed>) = 0 [pid 6790] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6792] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6791] <... symlink resumed>) = 0 [pid 6790] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6793 [pid 6790] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 6792] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6791] write(1, "executing program\n", 18 [pid 6790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6793] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6791] <... write resumed>) = 18 [pid 6790] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6793] chdir("./86" [pid 6791] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6793] <... chdir resumed>) = 0 [pid 6793] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6791] <... futex resumed>) = 0 [pid 6790] <... mprotect resumed>) = 0 [pid 6793] <... prctl resumed>) = 0 [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6791] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6790] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6793] setpgid(0, 0 [pid 6792] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6791] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6792] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6791] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6793] <... setpgid resumed>) = 0 [pid 6792] <... mprotect resumed>) = 0 [pid 6791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6793] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6792] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6791] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6792] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6791] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6793] <... openat resumed>) = 3 [pid 6792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6794 attached [pid 6793] write(3, "1000", 4 [pid 6791] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6794] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6792] <... clone3 resumed> => {parent_tid=[6794]}, 88) = 6794 [pid 6791] <... mprotect resumed>) = 0 [pid 6794] <... rseq resumed>) = 0 [pid 6792] rt_sigprocmask(SIG_SETMASK, [], [pid 6791] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6794] set_robust_list(0x7fbb68bde9a0, 24 [pid 6792] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6791] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6790] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6794] <... set_robust_list resumed>) = 0 [pid 6793] <... write resumed>) = 4 [pid 6792] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [ 132.652796][ T6789] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.685116][ T6789] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6796 attached ./strace-static-x86_64: Process 6795 attached [pid 6794] rt_sigprocmask(SIG_SETMASK, [], [pid 6793] close(3 [pid 6792] <... futex resumed>) = 0 [pid 6789] <... mount resumed>) = 0 [pid 6795] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6793] <... close resumed>) = 0 [pid 6796] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6795] <... rseq resumed>) = 0 [pid 6794] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6793] symlink("/dev/binderfs", "./binderfs" [pid 6792] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6791] <... clone3 resumed> => {parent_tid=[6795]}, 88) = 6795 [pid 6790] <... clone3 resumed> => {parent_tid=[6796]}, 88) = 6796 [pid 6789] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORYexecuting program [pid 6796] <... rseq resumed>) = 0 [pid 6795] set_robust_list(0x7fbb68bde9a0, 24 [pid 6794] memfd_create("syzkaller", 0 [pid 6793] <... symlink resumed>) = 0 [pid 6791] rt_sigprocmask(SIG_SETMASK, [], [pid 6790] rt_sigprocmask(SIG_SETMASK, [], [pid 6789] <... openat resumed>) = 3 [pid 6795] <... set_robust_list resumed>) = 0 [pid 6793] write(1, "executing program\n", 18 [pid 6795] rt_sigprocmask(SIG_SETMASK, [], [pid 6793] <... write resumed>) = 18 [pid 6796] set_robust_list(0x7fbb68bde9a0, 24 [pid 6795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] <... memfd_create resumed>) = 3 [pid 6793] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] chdir("./file2" [pid 6796] <... set_robust_list resumed>) = 0 [pid 6795] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6793] <... futex resumed>) = 0 [pid 6791] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... chdir resumed>) = 0 [pid 6796] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6794] <... mmap resumed>) = 0x7fbb60600000 [pid 6793] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6791] <... futex resumed>) = 0 [pid 6790] <... futex resumed>) = 0 [pid 6789] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6796] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6795] memfd_create("syzkaller", 0 [pid 6794] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6793] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6791] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6790] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6789] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6796] memfd_create("syzkaller", 0 [pid 6795] <... memfd_create resumed>) = 3 [pid 6793] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6789] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... write resumed>) = 131072 [pid 6793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6789] <... futex resumed>) = 1 [pid 6796] <... memfd_create resumed>) = 3 [pid 6794] munmap(0x7fbb60600000, 138412032 [pid 6793] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6789] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6794] <... munmap resumed>) = 0 [pid 6793] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6796] <... mmap resumed>) = 0x7fbb60600000 [pid 6795] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6794] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6787] <... futex resumed>) = 0 [pid 6796] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6795] <... mmap resumed>) = 0x7fbb60600000 [pid 6793] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6794] <... openat resumed>) = 4 [pid 6795] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6794] ioctl(4, LOOP_SET_FD, 3 [pid 6796] <... write resumed>) = 131072 [pid 6795] <... write resumed>) = 131072 [pid 6793] <... mprotect resumed>) = 0 [pid 6787] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6789] <... futex resumed>) = 0 [pid 6789] mkdir("./file3", 0777 [pid 6787] <... futex resumed>) = 1 [pid 6787] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6795] munmap(0x7fbb60600000, 138412032 [pid 6796] munmap(0x7fbb60600000, 138412032 [pid 6793] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6794] <... ioctl resumed>) = 0 [pid 6796] <... munmap resumed>) = 0 [pid 6795] <... munmap resumed>) = 0 [pid 6794] close(3 [pid 6793] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6789] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6796] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6795] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6794] <... close resumed>) = 0 [pid 6793] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6789] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- ./strace-static-x86_64: Process 6797 attached [pid 6796] <... openat resumed>) = 4 [pid 6795] <... openat resumed>) = 4 [pid 6794] close(4 [pid 6797] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6796] ioctl(4, LOOP_SET_FD, 3 [pid 6795] ioctl(4, LOOP_SET_FD, 3 [pid 6794] <... close resumed>) = 0 [pid 6793] <... clone3 resumed> => {parent_tid=[6797]}, 88) = 6797 [pid 6787] <... futex resumed>) = ? [pid 6797] <... rseq resumed>) = 0 [pid 6796] <... ioctl resumed>) = 0 [pid 6793] rt_sigprocmask(SIG_SETMASK, [], [pid 6797] set_robust_list(0x7fbb68bde9a0, 24 [pid 6796] close(3 [pid 6793] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6794] mkdir("./file2", 0777) = 0 [pid 6794] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6797] <... set_robust_list resumed>) = 0 [pid 6796] <... close resumed>) = 0 [pid 6793] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6797] rt_sigprocmask(SIG_SETMASK, [], [pid 6796] close(4 [pid 6795] <... ioctl resumed>) = 0 [pid 6793] <... futex resumed>) = 0 [pid 6797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6796] <... close resumed>) = 0 [pid 6793] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6797] memfd_create("syzkaller", 0 [pid 6796] mkdir("./file2", 0777 [pid 6795] close(3 [pid 6789] +++ killed by SIGSEGV +++ [pid 6787] +++ killed by SIGSEGV +++ [pid 6797] <... memfd_create resumed>) = 3 [pid 6796] <... mkdir resumed>) = 0 [pid 6795] <... close resumed>) = 0 [pid 6797] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6796] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6795] close(4 [pid 6797] <... mmap resumed>) = 0x7fbb60600000 [ 132.773977][ T6794] loop2: detected capacity change from 0 to 256 [ 132.781265][ T6789] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.791853][ T6789] exFAT-fs (loop1): Filesystem has been set read-only [ 132.805879][ T6796] loop3: detected capacity change from 0 to 256 [ 132.806445][ T6795] loop4: detected capacity change from 0 to 256 [pid 6795] <... close resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6787, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6797] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6795] mkdir("./file2", 0777 [pid 5819] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6797] <... write resumed>) = 131072 [pid 6795] <... mkdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6795] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 6797] munmap(0x7fbb60600000, 138412032 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6797] <... munmap resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6797] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 132.847157][ T6794] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.861859][ T6794] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.866747][ T6796] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.877474][ T6797] loop0: detected capacity change from 0 to 256 [pid 6797] ioctl(4, LOOP_SET_FD, 3 [pid 5819] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6797] <... ioctl resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6797] close(3 [pid 5819] newfstatat(AT_FDCWD, "./88/file2", [pid 6797] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6797] close(4 [pid 5819] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6797] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6797] mkdir("./file2", 0777 [pid 5819] <... openat resumed>) = 4 [pid 6797] <... mkdir resumed>) = 0 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./88/file2" [pid 6797] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... rmdir resumed>) = 0 [pid 5819] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6796] <... mount resumed>) = 0 [pid 6794] <... mount resumed>) = 0 [pid 5819] unlink("./88/binderfs") = 0 [pid 6796] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] getdents64(3, [pid 6796] <... openat resumed>) = 3 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 6796] chdir("./file2" [pid 5819] <... close resumed>) = 0 [pid 6796] <... chdir resumed>) = 0 [pid 5819] rmdir("./88") = 0 [pid 6796] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6794] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] mkdir("./89", 0777 [pid 6796] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6794] <... openat resumed>) = 3 [pid 5819] <... mkdir resumed>) = 0 [pid 6794] chdir("./file2") = 0 [pid 6796] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6796] <... futex resumed>) = 1 [pid 6794] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6790] <... futex resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6796] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6794] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6796] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6790] <... futex resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6796] mkdir("./file3", 0777 [pid 6790] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... ioctl resumed>) = 0 [ 132.888076][ T6796] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.897112][ T6795] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 132.934108][ T6797] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5819] close(3) = 0 [pid 6794] <... futex resumed>) = 1 [pid 6792] <... futex resumed>) = 0 [pid 6794] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6792] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6792] <... futex resumed>) = 0 [pid 6794] mkdir("./file3", 0777 [pid 6792] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 6798 ./strace-static-x86_64: Process 6798 attached [pid 6798] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6798] chdir("./89") = 0 [pid 6798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6798] setpgid(0, 0) = 0 [pid 6798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6790] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) executing program [pid 6798] write(3, "1000", 4 [pid 6790] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... write resumed>) = 4 [pid 6798] close(3) = 0 [pid 6798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6798] write(1, "executing program\n", 18) = 18 [pid 6798] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6798] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6790] <... futex resumed>) = 0 [pid 6798] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [ 132.940483][ T6795] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 132.955816][ T6796] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.966545][ T6794] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 132.977730][ T6796] exFAT-fs (loop3): Filesystem has been set read-only [ 132.981956][ T6797] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6798] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6790] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6798] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6796] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6795] <... mount resumed>) = 0 [pid 6790] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6790] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6795] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6790] <... mprotect resumed>) = 0 [pid 6795] <... openat resumed>) = 3 [pid 6790] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6795] chdir("./file2") = 0 [pid 6790] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6798] <... clone3 resumed> => {parent_tid=[6799]}, 88) = 6799 [pid 6795] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6798] rt_sigprocmask(SIG_SETMASK, [], [pid 6795] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 6800 attached [pid 6797] <... mount resumed>) = 0 [pid 6790] <... clone3 resumed> => {parent_tid=[6800]}, 88) = 6800 [pid 6798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6800] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6797] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6795] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] rt_sigprocmask(SIG_SETMASK, [], [pid 6798] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6795] <... futex resumed>) = 1 [pid 6791] <... futex resumed>) = 0 [pid 6790] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6797] <... openat resumed>) = 3 [pid 6790] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6798] <... futex resumed>) = 0 [pid 6795] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6791] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6790] <... futex resumed>) = 0 [pid 6800] <... rseq resumed>) = 0 [pid 6798] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6795] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6791] <... futex resumed>) = 0 [pid 6790] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6797] chdir("./file2" [pid 6795] mkdir("./file3", 0777 [pid 6791] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6800] <... set_robust_list resumed>) = 0 [pid 6797] <... chdir resumed>) = 0 [pid 6794] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6792] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6800] rt_sigprocmask(SIG_SETMASK, [], [pid 6797] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6792] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6799 attached [pid 6800] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6797] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6796] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6792] <... futex resumed>) = 0 [pid 6799] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6797] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6794] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6790] <... futex resumed>) = ? [pid 6800] +++ killed by SIGSEGV +++ [pid 6799] <... rseq resumed>) = 0 [pid 6797] <... futex resumed>) = 1 [pid 6793] <... futex resumed>) = 0 [pid 6792] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6793] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 132.998149][ T6794] exFAT-fs (loop2): Filesystem has been set read-only [ 133.016467][ T6795] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.034743][ T6797] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6799] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6797] mkdir("./file3", 0777 [pid 6796] +++ killed by SIGSEGV +++ [pid 6793] <... futex resumed>) = 0 [pid 6790] +++ killed by SIGSEGV +++ [pid 6799] rt_sigprocmask(SIG_SETMASK, [], [pid 6793] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6790, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6799] memfd_create("syzkaller", 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6799] <... memfd_create resumed>) = 3 [pid 6799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6799] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] <... write resumed>) = 131072 [pid 6794] +++ killed by SIGSEGV +++ [pid 6792] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6799] munmap(0x7fbb60600000, 138412032) = 0 [pid 6799] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6799] ioctl(4, LOOP_SET_FD, 3 [pid 6797] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6795] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6797] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6795] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... openat resumed>) = 3 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6792, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6793] <... futex resumed>) = ? [pid 5821] newfstatat(3, "", [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6799] <... ioctl resumed>) = 0 [pid 6797] +++ killed by SIGSEGV +++ [pid 6793] +++ killed by SIGSEGV +++ [pid 6791] <... futex resumed>) = ? [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 6799] close(3 [pid 5821] getdents64(3, [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6793, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6799] <... close resumed>) = 0 [pid 6799] close(4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6799] <... close resumed>) = 0 [pid 5820] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./86", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] mkdir("./file2", 0777 [pid 5821] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6799] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 6795] +++ killed by SIGSEGV +++ [pid 6791] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6791, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5821] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(AT_FDCWD, "./89/file2", [pid 5818] <... umount2 resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(3, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] newfstatat(AT_FDCWD, "./86/file2", [pid 5821] <... openat resumed>) = 4 [pid 5820] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(4, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./86/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] <... umount2 resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./86/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] getdents64(3, [pid 5821] getdents64(4, [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 4 [ 133.036514][ T6795] exFAT-fs (loop4): Filesystem has been set read-only [ 133.055329][ T6797] exFAT-fs (loop0): Filesystem has been set read-only [ 133.058138][ T6799] loop1: detected capacity change from 0 to 256 [pid 5822] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] getdents64(4, [pid 5820] newfstatat(AT_FDCWD, "./87/file2", [pid 5818] newfstatat(4, "", [pid 5822] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./88/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./88/file2") = 0 [pid 5822] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./88/binderfs") = 0 [pid 5821] close(4 [pid 5820] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, [pid 5822] getdents64(3, [pid 5821] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6799] <... mount resumed>) = 0 [pid 5821] rmdir("./89/file2" [pid 5822] close(3 [pid 5820] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(4, [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./88" [pid 6799] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6799] <... openat resumed>) = 3 [pid 5821] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(4, "", [pid 5818] close(4 [pid 6799] chdir("./file2" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... close resumed>) = 0 [pid 6799] <... chdir resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5820] getdents64(4, [pid 6799] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] rmdir("./86/file2" [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6799] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] mkdir("./89", 0777 [pid 6799] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] unlink("./89/binderfs" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... rmdir resumed>) = 0 [pid 6799] <... futex resumed>) = 1 [pid 6798] <... futex resumed>) = 0 [pid 6799] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6798] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... unlink resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] umount2("./86/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6799] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6798] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6799] mkdir("./file3", 0777 [pid 6798] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(AT_FDCWD, "./86/binderfs", [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] close(3 [pid 5820] close(4 [pid 5822] <... ioctl resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 133.093384][ T6799] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 133.106178][ T6799] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5822] close(3) = 0 [pid 5818] unlink("./86/binderfs" [pid 5821] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6801 attached [pid 6801] set_robust_list(0x55555eedf6a0, 24 [pid 6799] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6801 [pid 5821] rmdir("./89" [pid 5820] rmdir("./87/file2" [pid 5818] getdents64(3, [pid 6801] <... set_robust_list resumed>) = 0 [pid 6799] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6801] chdir("./89" [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6801] <... chdir resumed>) = 0 [pid 6798] <... futex resumed>) = ? [pid 5821] mkdir("./90", 0777 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] close(3 [pid 6799] +++ killed by SIGSEGV +++ [pid 5820] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./86" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6801] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5818] <... rmdir resumed>) = 0 [pid 6801] <... prctl resumed>) = 0 [pid 5818] mkdir("./87", 0777 [pid 6801] setpgid(0, 0) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5820] unlink("./87/binderfs" [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... unlink resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6801] <... openat resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 6801] write(3, "1000", 4) = 4 [pid 6801] close(3) = 0 [pid 6801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5818] <... close resumed>) = 0 [ 133.134056][ T6799] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.144355][ T6799] exFAT-fs (loop1): Filesystem has been set read-only [pid 6801] write(1, "executing program\n", 18 [pid 6798] +++ killed by SIGSEGV +++ [pid 5821] <... mkdir resumed>) = 0 [pid 5820] getdents64(3, [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6798, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", ./strace-static-x86_64: Process 6802 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6802] set_robust_list(0x55555eedf6a0, 24 [pid 5819] getdents64(3, executing program [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6802 [pid 6802] <... set_robust_list resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6801] <... write resumed>) = 18 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6801] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 5820] close(3 [pid 5819] <... umount2 resumed>) = 0 [pid 6801] <... futex resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... close resumed>) = 0 [pid 5819] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6801] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./89/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6802] chdir("./87" [pid 5820] rmdir("./87" [pid 5819] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6802] <... chdir resumed>) = 0 [pid 6801] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 6802] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6801] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] close(3 [pid 5819] newfstatat(4, "", [pid 6802] <... prctl resumed>) = 0 [pid 6801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] mkdir("./88", 0777 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6802] setpgid(0, 0 [pid 6801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6802] <... setpgid resumed>) = 0 [pid 6802] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6801] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] getdents64(4, [pid 6802] <... openat resumed>) = 3 [pid 6801] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6802] write(3, "1000", 4) = 4 [pid 6802] close(3) = 0 [pid 6801] <... mprotect resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] getdents64(4, [pid 6802] symlink("/dev/binderfs", "./binderfs" [pid 6801] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6802] <... symlink resumed>) = 0 [pid 6801] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] close(4executing program [pid 6802] write(1, "executing program\n", 18 [pid 6801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... close resumed>) = 0 [pid 6802] <... write resumed>) = 18 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] rmdir("./89/file2" [pid 6802] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6801] <... clone3 resumed> => {parent_tid=[6803]}, 88) = 6803 [pid 5820] close(3 [pid 5819] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 6803 attached [pid 6802] <... futex resumed>) = 0 [pid 6801] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6803] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6802] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6803] <... rseq resumed>) = 0 [pid 6802] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6801] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] set_robust_list(0x7fbb68bde9a0, 24 [pid 6802] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6801] <... futex resumed>) = 0 [pid 6803] <... set_robust_list resumed>) = 0 [pid 6801] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6803] rt_sigprocmask(SIG_SETMASK, [], [pid 6802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6803] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6804 attached [pid 6803] memfd_create("syzkaller", 0 [pid 6802] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6804 [pid 5820] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6804] set_robust_list(0x55555eedf6a0, 24 [pid 6803] <... memfd_create resumed>) = 3 [pid 6802] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] newfstatat(AT_FDCWD, "./89/binderfs", [pid 6803] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6802] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6803] <... mmap resumed>) = 0x7fbb60600000 [pid 6802] <... mprotect resumed>) = 0 [pid 5819] unlink("./89/binderfs" [pid 6803] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6802] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... unlink resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6804] <... set_robust_list resumed>) = 0 [pid 6802] <... rt_sigprocmask resumed>[], 8) = 0 ./strace-static-x86_64: Process 6805 attached [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 6802] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6806 attached [pid 6804] chdir("./90" [pid 5819] rmdir("./89" [pid 6806] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6805] set_robust_list(0x55555eedf6a0, 24 [pid 6804] <... chdir resumed>) = 0 [pid 6802] <... clone3 resumed> => {parent_tid=[6806]}, 88) = 6806 [pid 5819] <... rmdir resumed>) = 0 [pid 6805] <... set_robust_list resumed>) = 0 [pid 5819] mkdir("./90", 0777 [pid 6806] <... rseq resumed>) = 0 [pid 6805] chdir("./88" [pid 6804] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6802] rt_sigprocmask(SIG_SETMASK, [], [pid 6806] set_robust_list(0x7fbb68bde9a0, 24 [pid 6802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6804] <... prctl resumed>) = 0 [pid 6802] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... set_robust_list resumed>) = 0 [pid 6806] rt_sigprocmask(SIG_SETMASK, [], [pid 6804] setpgid(0, 0 [pid 6802] <... futex resumed>) = 0 [pid 6806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6804] <... setpgid resumed>) = 0 [pid 6802] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6806] memfd_create("syzkaller", 0 [pid 6805] <... chdir resumed>) = 0 [pid 6804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6803] <... write resumed>) = 131072 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6805 [pid 5819] <... mkdir resumed>) = 0 [pid 6805] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6805] <... prctl resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6805] setpgid(0, 0 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [pid 6806] <... memfd_create resumed>) = 3 [pid 6804] <... openat resumed>) = 3 [pid 5819] <... close resumed>) = 0 [pid 6806] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6804] write(3, "1000", 4 [pid 6805] <... setpgid resumed>) = 0 [pid 6806] <... mmap resumed>) = 0x7fbb60600000 [pid 6805] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6804] <... write resumed>) = 4 [pid 6805] <... openat resumed>) = 3 [pid 6804] close(3 [pid 6805] write(3, "1000", 4 [pid 6804] <... close resumed>) = 0 [pid 6803] munmap(0x7fbb60600000, 138412032 [pid 6805] <... write resumed>) = 4 [pid 6804] symlink("/dev/binderfs", "./binderfs" [pid 6803] <... munmap resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6806] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6805] close(3) = 0 [pid 6805] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 6807 attached [pid 6806] <... write resumed>) = 131072 [pid 6804] <... symlink resumed>) = 0 [pid 6803] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6807 [pid 6806] munmap(0x7fbb60600000, 138412032 [pid 6805] write(1, "executing program\n", 18executing program executing program [pid 6804] write(1, "executing program\n", 18 [pid 6803] <... openat resumed>) = 4 [pid 6807] set_robust_list(0x55555eedf6a0, 24 [pid 6806] <... munmap resumed>) = 0 [pid 6805] <... write resumed>) = 18 [pid 6804] <... write resumed>) = 18 [pid 6803] ioctl(4, LOOP_SET_FD, 3 [pid 6807] <... set_robust_list resumed>) = 0 [pid 6804] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6804] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6806] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6804] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6806] <... openat resumed>) = 4 [pid 6804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6806] ioctl(4, LOOP_SET_FD, 3 [pid 6804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6807] chdir("./90" [pid 6805] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6807] <... chdir resumed>) = 0 [pid 6805] <... futex resumed>) = 0 [pid 6807] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6805] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6807] <... prctl resumed>) = 0 [pid 6805] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6807] setpgid(0, 0) = 0 [pid 6805] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6803] <... ioctl resumed>) = 0 [pid 6805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6805] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6803] close(3) = 0 [pid 6805] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6804] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6803] close(4 [pid 6807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6803] <... close resumed>) = 0 [pid 6804] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6803] mkdir("./file2", 0777 [pid 6804] <... mprotect resumed>) = 0 [pid 6807] <... openat resumed>) = 3 [pid 6805] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6804] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6803] <... mkdir resumed>) = 0 [pid 6805] <... mprotect resumed>) = 0 [pid 6804] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6803] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6808]}, 88) = 6808 [pid 6804] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6808 attached NULL, 8) = 0 [pid 6804] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6805] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6804] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6808] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6807] write(3, "1000", 4 [pid 6808] <... rseq resumed>) = 0 [pid 6805] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6808] set_robust_list(0x7fbb68bde9a0, 24 [pid 6805] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6808] <... set_robust_list resumed>) = 0 [pid 6805] <... clone3 resumed> => {parent_tid=[6809]}, 88) = 6809 [pid 6805] rt_sigprocmask(SIG_SETMASK, [], [pid 6808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] <... write resumed>) = 4 [pid 6805] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6809 attached [pid 6807] close(3 [pid 6805] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6809] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6808] memfd_create("syzkaller", 0 [pid 6805] <... futex resumed>) = 0 [pid 6807] <... close resumed>) = 0 [pid 6809] <... rseq resumed>) = 0 [pid 6809] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6808] <... memfd_create resumed>) = 3 [pid 6807] symlink("/dev/binderfs", "./binderfs" [pid 6805] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6809] memfd_create("syzkaller", 0 [pid 6808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6809] <... memfd_create resumed>) = 3 [pid 6807] <... symlink resumed>) = 0 [pid 6809] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6808] <... mmap resumed>) = 0x7fbb60600000 [pid 6807] write(1, "executing program\n", 18 [pid 6809] <... mmap resumed>) = 0x7fbb60600000 [ 133.285224][ T6803] loop4: detected capacity change from 0 to 256 [ 133.287609][ T6806] loop0: detected capacity change from 0 to 256 [pid 6809] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6808] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6807] <... write resumed>) = 18 [pid 6806] <... ioctl resumed>) = 0 [pid 6807] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6809] <... write resumed>) = 131072 [pid 6807] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6806] close(3) = 0 [pid 6806] close(4) = 0 [pid 6806] mkdir("./file2", 0777 [pid 6809] munmap(0x7fbb60600000, 138412032 [pid 6806] <... mkdir resumed>) = 0 [pid 6809] <... munmap resumed>) = 0 [pid 6806] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6809] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6809] ioctl(4, LOOP_SET_FD, 3 [pid 6808] <... write resumed>) = 131072 [pid 6807] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6808] munmap(0x7fbb60600000, 138412032 [pid 6807] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6808] <... munmap resumed>) = 0 [pid 6807] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6809] <... ioctl resumed>) = 0 [pid 6808] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6807] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6809] close(3) = 0 [pid 6809] close(4) = 0 [pid 6809] mkdir("./file2", 0777) = 0 [pid 6809] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6808] <... openat resumed>) = 4 [pid 6807] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [ 133.359223][ T6809] loop2: detected capacity change from 0 to 256 [ 133.375221][ T6806] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 133.382740][ T6803] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6807] <... clone3 resumed> => {parent_tid=[6810]}, 88) = 6810 [pid 6807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6807] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6807] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6810 attached [pid 6808] close(3 [pid 6810] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6808] <... close resumed>) = 0 [pid 6808] close(4) = 0 [pid 6810] <... rseq resumed>) = 0 [pid 6808] mkdir("./file2", 0777) = 0 [pid 6810] set_robust_list(0x7fbb68bde9a0, 24 [pid 6808] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6803] <... mount resumed>) = 0 [pid 6810] <... set_robust_list resumed>) = 0 [pid 6806] <... mount resumed>) = 0 [pid 6803] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6803] <... openat resumed>) = 3 [pid 6810] memfd_create("syzkaller", 0 [pid 6803] chdir("./file2" [pid 6806] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6810] <... memfd_create resumed>) = 3 [pid 6803] <... chdir resumed>) = 0 [pid 6810] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6806] <... openat resumed>) = 3 [pid 6803] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6810] <... mmap resumed>) = 0x7fbb60600000 [pid 6803] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6809] <... mount resumed>) = 0 [pid 6810] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6806] chdir("./file2" [pid 6803] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... chdir resumed>) = 0 [pid 6803] <... futex resumed>) = 1 [pid 6801] <... futex resumed>) = 0 [pid 6809] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6801] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... write resumed>) = 131072 [pid 6809] <... openat resumed>) = 3 [pid 6806] openat(AT_FDCWD, "/dev/loop0", O_RDWR [ 133.404770][ T6808] loop3: detected capacity change from 0 to 256 [ 133.405273][ T6806] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 133.417626][ T6803] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 133.427726][ T6809] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 133.446153][ T6809] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6803] mkdir("./file3", 0777 [pid 6801] <... futex resumed>) = 0 [pid 6810] munmap(0x7fbb60600000, 138412032 [pid 6809] chdir("./file2") = 0 [pid 6809] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6809] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6801] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] <... munmap resumed>) = 0 [pid 6810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6809] <... futex resumed>) = 1 [pid 6808] <... mount resumed>) = 0 [pid 6806] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6805] <... futex resumed>) = 0 [pid 6810] <... openat resumed>) = 4 [pid 6808] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6806] <... futex resumed>) = 1 [pid 6805] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6803] <... mkdir resumed>) = -1 EIO (Input/output error) [ 133.477292][ T6808] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 133.481306][ T6803] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.500320][ T6808] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 133.500487][ T6803] exFAT-fs (loop4): Filesystem has been set read-only [ 133.518754][ T6810] loop1: detected capacity change from 0 to 256 [pid 6810] ioctl(4, LOOP_SET_FD, 3 [pid 6809] mkdir("./file3", 0777 [pid 6808] <... openat resumed>) = 3 [pid 6806] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6805] <... futex resumed>) = 0 [pid 6803] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6802] <... futex resumed>) = 0 [pid 6810] <... ioctl resumed>) = 0 [pid 6808] chdir("./file2" [pid 6805] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6801] <... futex resumed>) = ? [pid 6810] close(3 [pid 6808] <... chdir resumed>) = 0 [pid 6810] <... close resumed>) = 0 [pid 6808] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6802] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6806] <... futex resumed>) = 0 [pid 6802] <... futex resumed>) = 1 [pid 6808] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6808] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6808] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6806] mkdir("./file3", 0777 [pid 6804] <... futex resumed>) = 0 [pid 6802] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6810] close(4) = 0 [pid 6810] mkdir("./file2", 0777) = 0 [pid 6810] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6804] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6808] <... futex resumed>) = 0 [pid 6804] <... futex resumed>) = 1 [pid 6808] mkdir("./file3", 0777 [pid 6804] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6809] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6803] +++ killed by SIGSEGV +++ [pid 6801] +++ killed by SIGSEGV +++ [ 133.520600][ T6809] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.536596][ T6809] exFAT-fs (loop2): Filesystem has been set read-only [ 133.545456][ T6808] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.554881][ T6806] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.557017][ T6808] exFAT-fs (loop3): Filesystem has been set read-only [pid 6809] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6801, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6808] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6810] <... mount resumed>) = 0 [pid 6805] <... futex resumed>) = ? [pid 6804] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6802] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6810] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6809] +++ killed by SIGSEGV +++ [pid 6808] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6806] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6804] ???( [pid 6802] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6810] <... openat resumed>) = 3 [pid 6802] <... futex resumed>) = 0 [pid 6806] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6804] <... ??? resumed>) = ? [pid 5822] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6808] +++ killed by SIGSEGV +++ [pid 6810] chdir("./file2" [pid 6805] +++ killed by SIGSEGV +++ [pid 6804] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6810] <... chdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, [pid 6810] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6806] +++ killed by SIGSEGV +++ [pid 6802] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6804, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6810] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6805, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6802, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 133.570192][ T6810] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 133.573078][ T6806] exFAT-fs (loop0): Filesystem has been set read-only [ 133.583207][ T6810] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6810] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6807] <... futex resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5820] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6810] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6807] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... restart_syscall resumed>) = 0 [pid 6810] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6807] <... futex resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6810] mkdir("./file3", 0777 [pid 6807] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./87", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./89/file2", [pid 5821] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(3, "", [pid 5818] openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5822] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(3, "", [pid 5820] getdents64(3, [pid 5818] newfstatat(3, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(3, [pid 5818] getdents64(3, [pid 5822] <... openat resumed>) = 4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] newfstatat(4, "", [pid 5821] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 6810] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] rmdir("./89/file2" [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./87/file2", [pid 6810] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... rmdir resumed>) = 0 [pid 5821] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6807] <... futex resumed>) = ? [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./87/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./90/file2", [pid 5820] newfstatat(AT_FDCWD, "./88/file2", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] openat(AT_FDCWD, "./87/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(4, "", [pid 6810] +++ killed by SIGSEGV +++ [pid 6807] +++ killed by SIGSEGV +++ [pid 5821] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(4, "", [pid 5820] <... openat resumed>) = 4 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6807, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 5822] newfstatat(AT_FDCWD, "./89/binderfs", [pid 5820] newfstatat(4, "", [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 5822] unlink("./89/binderfs" [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(4, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 5821] close(4 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] close(4 [pid 5822] getdents64(3, [pid 5821] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./87/file2" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] rmdir("./90/file2" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 5818] <... rmdir resumed>) = 0 [pid 5820] close(4 [pid 5822] <... close resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5822] rmdir("./89" [pid 5821] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./88/file2" [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] umount2("./87/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] mkdir("./90", 0777 [pid 5821] newfstatat(AT_FDCWD, "./90/binderfs", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./87/binderfs", [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 133.642105][ T6810] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 133.653238][ T6810] exFAT-fs (loop1): Filesystem has been set read-only [pid 5820] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] unlink("./90/binderfs" [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5819] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] unlink("./87/binderfs" [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] unlink("./88/binderfs" [pid 5822] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... unlink resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(3, [pid 5821] close(3 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] <... close resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] newfstatat(3, "", [pid 5822] <... ioctl resumed>) = 0 [pid 5821] rmdir("./90" [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5822] close(3 [pid 5820] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] rmdir("./87") = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] mkdir("./91", 0777 [pid 5819] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./88") = 0 [pid 5818] mkdir("./88", 0777 [pid 5822] <... close resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] mkdir("./89", 0777 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... mkdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] close(3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... openat resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 ./strace-static-x86_64: Process 6811 attached [pid 5821] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6811 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6811] set_robust_list(0x55555eedf6a0, 24 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] newfstatat(AT_FDCWD, "./90/file2", [pid 6811] <... set_robust_list resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6811] chdir("./90" [pid 5820] close(3 [pid 5819] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6811] <... chdir resumed>) = 0 [pid 6811] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6811] <... prctl resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 6811] setpgid(0, 0 [pid 5819] newfstatat(4, "", [pid 6811] <... setpgid resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6811] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./90/file2" [pid 6811] <... openat resumed>) = 3 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6811] write(3, "1000", 4 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6813 attached ./strace-static-x86_64: Process 6812 attached [pid 6811] <... write resumed>) = 4 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./90/binderfs" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6812 [pid 5819] <... unlink resumed>) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 6811] close(3 [pid 5819] rmdir("./90" [pid 6811] <... close resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6811] symlink("/dev/binderfs", "./binderfs" [pid 5819] mkdir("./91", 0777./strace-static-x86_64: Process 6814 attached [pid 6813] set_robust_list(0x55555eedf6a0, 24 [pid 6811] <... symlink resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6813 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6814 [pid 6814] set_robust_list(0x55555eedf6a0, 24 [pid 6813] <... set_robust_list resumed>) = 0 [pid 6812] set_robust_list(0x55555eedf6a0, 24 [pid 6813] chdir("./91" [pid 6811] write(1, "executing program\n", 18 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWRexecuting program [pid 6814] <... set_robust_list resumed>) = 0 [pid 6813] <... chdir resumed>) = 0 [pid 6814] chdir("./88" [pid 6813] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6812] <... set_robust_list resumed>) = 0 [pid 6811] <... write resumed>) = 18 [pid 5819] <... openat resumed>) = 3 [pid 6814] <... chdir resumed>) = 0 [pid 6813] <... prctl resumed>) = 0 [pid 6814] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6813] setpgid(0, 0 [pid 6812] chdir("./89" [pid 6811] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6812] <... chdir resumed>) = 0 [pid 6811] <... futex resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6812] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6811] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] close(3 [pid 6812] <... prctl resumed>) = 0 [pid 6811] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6812] setpgid(0, 0 [pid 6811] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6812] <... setpgid resumed>) = 0 [pid 6811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6812] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6812] <... openat resumed>) = 3 [pid 6811] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6814] setpgid(0, 0 [pid 6813] <... setpgid resumed>) = 0 [pid 6812] write(3, "1000", 4 [pid 6811] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... close resumed>) = 0 [pid 6814] <... setpgid resumed>) = 0 [pid 6813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6812] <... write resumed>) = 4 [pid 6811] <... mprotect resumed>) = 0 [pid 6813] <... openat resumed>) = 3 [pid 6811] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6813] write(3, "1000", 4 [pid 6811] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6814] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6813] <... write resumed>) = 4 [pid 6812] close(3 [pid 6811] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6815 attached [pid 6814] <... openat resumed>) = 3 [pid 6813] close(3 [pid 6812] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6816 attached [pid 6815] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6812] symlink("/dev/binderfs", "./binderfs" [pid 6811] <... clone3 resumed> => {parent_tid=[6815]}, 88) = 6815 [pid 6815] <... rseq resumed>) = 0 [pid 6814] write(3, "1000", 4executing program [pid 6813] <... close resumed>) = 0 [pid 6812] <... symlink resumed>) = 0 [pid 6811] rt_sigprocmask(SIG_SETMASK, [], [pid 6813] symlink("/dev/binderfs", "./binderfs" [pid 6816] set_robust_list(0x55555eedf6a0, 24 [pid 6811] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6815] set_robust_list(0x7fbb68bde9a0, 24 [pid 6812] write(1, "executing program\n", 18 [pid 6811] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6816] <... set_robust_list resumed>) = 0 [pid 6815] <... set_robust_list resumed>) = 0 [pid 6813] <... symlink resumed>) = 0 [pid 6812] <... write resumed>) = 18 [pid 6815] rt_sigprocmask(SIG_SETMASK, [], [pid 6812] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... futex resumed>) = 0 [pid 6816] chdir("./91" [pid 6815] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 6814] <... write resumed>) = 4 [pid 6813] write(1, "executing program\n", 18 [pid 6812] <... futex resumed>) = 0 [pid 6811] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6816] <... chdir resumed>) = 0 [pid 6815] memfd_create("syzkaller", 0 [pid 6812] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6816 [pid 6815] <... memfd_create resumed>) = 3 [pid 6812] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6815] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6812] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6815] <... mmap resumed>) = 0x7fbb60600000 [pid 6814] close(3 [pid 6813] <... write resumed>) = 18 [pid 6812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6815] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6816] <... prctl resumed>) = 0 [pid 6812] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6816] setpgid(0, 0 [pid 6814] <... close resumed>) = 0 [pid 6813] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6812] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6814] symlink("/dev/binderfs", "./binderfs" [pid 6816] <... setpgid resumed>) = 0 [pid 6812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6813] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6817 attached [pid 6817] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6815] <... write resumed>) = 131072 [pid 6814] <... symlink resumed>) = 0 [pid 6813] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6817] <... rseq resumed>) = 0 [pid 6817] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6817] rt_sigprocmask(SIG_SETMASK, [], [pid 6812] <... clone3 resumed> => {parent_tid=[6817]}, 88) = 6817 [pid 6817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6812] rt_sigprocmask(SIG_SETMASK, [], [pid 6817] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6812] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] <... futex resumed>) = 0 [pid 6813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6812] <... futex resumed>) = 1 [pid 6817] memfd_create("syzkaller", 0 [pid 6816] <... openat resumed>) = 3 [pid 6815] munmap(0x7fbb60600000, 138412032 executing program [pid 6814] write(1, "executing program\n", 18 [pid 6813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6812] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6817] <... memfd_create resumed>) = 3 [pid 6815] <... munmap resumed>) = 0 [pid 6817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6813] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6814] <... write resumed>) = 18 [pid 6816] write(3, "1000", 4 [pid 6813] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6814] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6817] <... mmap resumed>) = 0x7fbb60600000 [pid 6816] <... write resumed>) = 4 [pid 6814] <... futex resumed>) = 0 [pid 6813] <... mprotect resumed>) = 0 [pid 6816] close(3 [pid 6814] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6817] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6815] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6815] ioctl(4, LOOP_SET_FD, 3 [pid 6814] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6816] <... close resumed>) = 0 [pid 6814] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6813] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6814] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0executing program [pid 6817] <... write resumed>) = 131072 [pid 6816] write(1, "executing program\n", 18 [pid 6815] <... ioctl resumed>) = 0 [pid 6814] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6813] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6816] <... write resumed>) = 18 [pid 6814] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6816] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6814] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6818 attached [pid 6817] munmap(0x7fbb60600000, 138412032 [pid 6815] close(3 [pid 6817] <... munmap resumed>) = 0 [pid 6816] <... futex resumed>) = 0 [pid 6814] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6815] <... close resumed>) = 0 [pid 6817] <... openat resumed>) = 4 [pid 6815] close(4 [pid 6817] ioctl(4, LOOP_SET_FD, 3 [pid 6815] <... close resumed>) = 0 [pid 6815] mkdir("./file2", 0777 [pid 6816] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6815] <... mkdir resumed>) = 0 [pid 6814] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6813] <... clone3 resumed> => {parent_tid=[6818]}, 88) = 6818 [pid 6818] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6813] rt_sigprocmask(SIG_SETMASK, [], [pid 6818] <... rseq resumed>) = 0 [pid 6814] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6819 attached [pid 6818] set_robust_list(0x7fbb68bde9a0, 24 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6815] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6814] <... clone3 resumed> => {parent_tid=[6819]}, 88) = 6819 [pid 6813] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6818] <... set_robust_list resumed>) = 0 [pid 6816] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6814] rt_sigprocmask(SIG_SETMASK, [], [pid 6813] <... futex resumed>) = 0 [pid 6818] rt_sigprocmask(SIG_SETMASK, [], [pid 6816] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] <... mprotect resumed>) = 0 [pid 6814] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6813] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6816] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6819] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6818] memfd_create("syzkaller", 0 [pid 6816] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6814] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6819] <... rseq resumed>) = 0 [pid 6819] set_robust_list(0x7fbb68bde9a0, 24 [pid 6814] <... futex resumed>) = 0 [pid 6816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6818] <... memfd_create resumed>) = 3 ./strace-static-x86_64: Process 6820 attached [pid 6819] <... set_robust_list resumed>) = 0 [pid 6818] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6814] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6820] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6819] rt_sigprocmask(SIG_SETMASK, [], [pid 6818] <... mmap resumed>) = 0x7fbb60600000 [pid 6816] <... clone3 resumed> => {parent_tid=[6820]}, 88) = 6820 [pid 6819] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6816] rt_sigprocmask(SIG_SETMASK, [], [pid 6819] memfd_create("syzkaller", 0) = 3 [pid 6820] <... rseq resumed>) = 0 [pid 6819] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6818] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6820] set_robust_list(0x7fbb68bde9a0, 24 [pid 6816] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6820] <... set_robust_list resumed>) = 0 [pid 6816] <... futex resumed>) = 0 [pid 6820] rt_sigprocmask(SIG_SETMASK, [], [pid 6819] <... mmap resumed>) = 0x7fbb60600000 [pid 6816] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6820] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 133.816756][ T6815] loop4: detected capacity change from 0 to 256 [ 133.837904][ T6817] loop2: detected capacity change from 0 to 256 [pid 6820] memfd_create("syzkaller", 0 [pid 6818] <... write resumed>) = 131072 [pid 6820] <... memfd_create resumed>) = 3 [pid 6819] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6818] munmap(0x7fbb60600000, 138412032 [pid 6817] <... ioctl resumed>) = 0 [pid 6820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6819] <... write resumed>) = 131072 [pid 6818] <... munmap resumed>) = 0 [pid 6817] close(3) = 0 [pid 6817] close(4 [pid 6820] <... mmap resumed>) = 0x7fbb60600000 [pid 6817] <... close resumed>) = 0 [pid 6818] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6817] mkdir("./file2", 0777 [pid 6818] <... openat resumed>) = 4 [pid 6817] <... mkdir resumed>) = 0 [pid 6819] munmap(0x7fbb60600000, 138412032 [pid 6818] ioctl(4, LOOP_SET_FD, 3 [pid 6817] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6820] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6818] <... ioctl resumed>) = 0 [pid 6818] close(3) = 0 [pid 6820] munmap(0x7fbb60600000, 138412032 [pid 6818] close(4) = 0 [pid 6820] <... munmap resumed>) = 0 [pid 6819] <... munmap resumed>) = 0 [pid 6818] mkdir("./file2", 0777 [pid 6819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 133.858897][ T6815] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 133.884515][ T6818] loop3: detected capacity change from 0 to 256 [ 133.898690][ T6817] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6819] ioctl(4, LOOP_SET_FD, 3 [pid 6820] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6818] <... mkdir resumed>) = 0 [pid 6815] <... mount resumed>) = 0 [pid 6820] <... openat resumed>) = 4 [pid 6818] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6815] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6820] ioctl(4, LOOP_SET_FD, 3 [pid 6815] <... openat resumed>) = 3 [pid 6815] chdir("./file2") = 0 [pid 6815] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6815] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6815] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6811] <... futex resumed>) = 0 [pid 6811] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6815] <... futex resumed>) = 0 [pid 6811] <... futex resumed>) = 1 [pid 6815] mkdir("./file3", 0777 [pid 6820] <... ioctl resumed>) = 0 [pid 6817] <... mount resumed>) = 0 [pid 6811] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6820] close(3 [pid 6817] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6820] <... close resumed>) = 0 [pid 6817] <... openat resumed>) = 3 [pid 6820] close(4) = 0 [pid 6819] <... ioctl resumed>) = 0 [ 133.915881][ T6815] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 133.917828][ T6817] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 133.928164][ T6819] loop0: detected capacity change from 0 to 256 [ 133.945093][ T6820] loop1: detected capacity change from 0 to 256 [ 133.947630][ T6815] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6817] chdir("./file2" [pid 6820] mkdir("./file2", 0777 [pid 6819] close(3 [pid 6817] <... chdir resumed>) = 0 [pid 6819] <... close resumed>) = 0 [pid 6819] close(4) = 0 [pid 6820] <... mkdir resumed>) = 0 [pid 6819] mkdir("./file2", 0777) = 0 [pid 6819] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6817] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6815] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6820] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6817] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6817] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6811] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6811] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6811] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6811] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6815] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6811] rt_sigprocmask(SIG_BLOCK, ~[], ) = ? [pid 6815] +++ killed by SIGSEGV +++ [pid 6811] +++ killed by SIGSEGV +++ [ 133.976542][ T6815] exFAT-fs (loop4): Filesystem has been set read-only [ 133.978803][ T6818] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.004153][ T6819] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.018298][ T6818] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6817] <... futex resumed>) = 1 [pid 6817] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6811, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6812] <... futex resumed>) = 0 [pid 6812] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6817] <... futex resumed>) = 0 [pid 6812] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6817] mkdir("./file3", 0777 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6817] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... umount2 resumed>) = 0 [ 134.039205][ T6817] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.048135][ T6817] exFAT-fs (loop2): Filesystem has been set read-only [ 134.051813][ T6819] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6812] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6812] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6812] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./90/file2", [pid 6812] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6812] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6812] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] getdents64(4, [pid 6812] <... mprotect resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4 [pid 6812] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./90/file2") = 0 [pid 6812] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6812] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./90/binderfs", ./strace-static-x86_64: Process 6821 attached [pid 6812] <... clone3 resumed> => {parent_tid=[6821]}, 88) = 6821 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6812] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] unlink("./90/binderfs" [pid 6812] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 6812] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(3, [pid 6812] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6818] <... mount resumed>) = 0 [pid 6817] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6812] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] close(3) = 0 [pid 5822] rmdir("./90" [pid 6818] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... rmdir resumed>) = 0 [pid 6818] <... openat resumed>) = 3 [pid 6812] <... futex resumed>) = ? [pid 5822] mkdir("./91", 0777 [pid 6821] +++ killed by SIGSEGV +++ [pid 5822] <... mkdir resumed>) = 0 [pid 6819] <... mount resumed>) = 0 [pid 6819] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6819] chdir("./file2") = 0 [pid 6819] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6819] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6819] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3) = 0 [pid 6820] <... mount resumed>) = 0 [pid 6818] chdir("./file2" [pid 6817] +++ killed by SIGSEGV +++ [pid 6814] <... futex resumed>) = 0 [pid 6812] +++ killed by SIGSEGV +++ [pid 6818] <... chdir resumed>) = 0 [pid 6814] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6812, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6820] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6818] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6814] <... futex resumed>) = 1 [pid 6820] <... openat resumed>) = 3 [pid 6819] <... futex resumed>) = 0 [pid 6814] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6818] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6822 attached [pid 6819] mkdir("./file3", 0777 [pid 6820] chdir("./file2" [pid 6818] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6820] <... chdir resumed>) = 0 [pid 6818] <... futex resumed>) = 1 [pid 6813] <... futex resumed>) = 0 [ 134.080911][ T6820] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.108071][ T6820] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6822] set_robust_list(0x55555eedf6a0, 24 [pid 6820] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6818] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6813] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 3 [pid 6818] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6813] <... futex resumed>) = 0 [pid 6818] mkdir("./file3", 0777 [pid 6813] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, [pid 6822] <... set_robust_list resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6822 [pid 6822] chdir("./91" [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6822] <... chdir resumed>) = 0 [pid 5820] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6822] setpgid(0, 0) = 0 executing program [pid 6822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... umount2 resumed>) = 0 [pid 6822] <... openat resumed>) = 3 [pid 6820] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6820] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6822] write(3, "1000", 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6822] <... write resumed>) = 4 [pid 5820] newfstatat(AT_FDCWD, "./89/file2", [pid 6822] close(3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6822] <... close resumed>) = 0 [pid 5820] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6822] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6822] <... symlink resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6822] write(1, "executing program\n", 18 [pid 5820] <... openat resumed>) = 4 [pid 6822] <... write resumed>) = 18 [pid 5820] newfstatat(4, "", [pid 6822] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6822] <... futex resumed>) = 0 [pid 5820] getdents64(4, [pid 6822] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6822] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] getdents64(4, [pid 6822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] close(4 [pid 6822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... close resumed>) = 0 [pid 6822] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6820] <... futex resumed>) = 1 [pid 6822] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] rmdir("./89/file2" [pid 6822] <... mprotect resumed>) = 0 [pid 6820] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6816] <... futex resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6820] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6818] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6816] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6820] mkdir("./file3", 0777 [pid 6818] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6814] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [ 134.145129][ T6819] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.156981][ T6818] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.180064][ T6818] exFAT-fs (loop3): Filesystem has been set read-only [ 134.181813][ T6819] exFAT-fs (loop0): Filesystem has been set read-only ./strace-static-x86_64: Process 6823 attached [pid 6819] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6816] <... futex resumed>) = 0 [pid 6814] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6823] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6822] <... clone3 resumed> => {parent_tid=[6823]}, 88) = 6823 [pid 6819] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6816] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] newfstatat(AT_FDCWD, "./89/binderfs", [pid 6823] <... rseq resumed>) = 0 [pid 6822] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6823] set_robust_list(0x7fbb68bde9a0, 24 [pid 6822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] unlink("./89/binderfs" [pid 6823] <... set_robust_list resumed>) = 0 [pid 6822] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... unlink resumed>) = 0 [pid 6823] rt_sigprocmask(SIG_SETMASK, [], [pid 6822] <... futex resumed>) = 0 [pid 5820] getdents64(3, [pid 6823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6822] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6823] memfd_create("syzkaller", 0 [pid 5820] close(3 [pid 6823] <... memfd_create resumed>) = 3 [pid 5820] <... close resumed>) = 0 [pid 6823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] rmdir("./89" [pid 6823] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... rmdir resumed>) = 0 [pid 6823] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6814] <... futex resumed>) = ? [pid 5820] mkdir("./90", 0777 [pid 6823] <... write resumed>) = 131072 [pid 6819] +++ killed by SIGSEGV +++ [pid 6813] <... futex resumed>) = ? [pid 5820] <... mkdir resumed>) = 0 [pid 6823] munmap(0x7fbb60600000, 138412032 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 6814] +++ killed by SIGSEGV +++ [pid 5820] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6814, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6824 ./strace-static-x86_64: Process 6824 attached [pid 6823] <... munmap resumed>) = 0 [pid 6820] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6818] +++ killed by SIGSEGV +++ [pid 6813] +++ killed by SIGSEGV +++ [pid 5818] <... restart_syscall resumed>) = 0 [pid 6824] set_robust_list(0x55555eedf6a0, 24 [pid 6823] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6820] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6813, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6824] <... set_robust_list resumed>) = 0 [pid 6824] chdir("./90" [pid 6816] <... futex resumed>) = ? [pid 5818] umount2("./88", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6824] <... chdir resumed>) = 0 [pid 6823] <... openat resumed>) = 4 [pid 5821] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6824] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6823] ioctl(4, LOOP_SET_FD, 3 [pid 6820] +++ killed by SIGSEGV +++ [pid 6816] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 3 [pid 6824] <... prctl resumed>) = 0 [ 134.192955][ T6820] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.204198][ T6820] exFAT-fs (loop1): Filesystem has been set read-only [pid 6824] setpgid(0, 0) = 0 [pid 6824] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6823] <... ioctl resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6816, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] newfstatat(3, "", [pid 5821] newfstatat(3, "", [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6823] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6824] write(3, "1000", 4 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6824] <... write resumed>) = 4 [pid 6824] close(3) = 0 [pid 5818] getdents64(3, [pid 6824] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6824] write(1, "executing program\n", 18) = 18 [pid 6824] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6824] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6824] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6824] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6824] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6824] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6823] <... close resumed>) = 0 [pid 5821] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6823] close(4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6824] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6823] <... close resumed>) = 0 [pid 5821] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = 0 [pid 6824] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6823] mkdir("./file2", 0777 [pid 5819] <... openat resumed>) = 3 [pid 5818] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6824] <... clone3 resumed> => {parent_tid=[6825]}, 88) = 6825 [pid 5821] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 5818] newfstatat(AT_FDCWD, "./88/file2", ./strace-static-x86_64: Process 6825 attached [pid 6824] rt_sigprocmask(SIG_SETMASK, [], [pid 6823] <... mkdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6824] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6825] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6823] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] newfstatat(AT_FDCWD, "./91/file2", [pid 5819] getdents64(3, [pid 5818] umount2("./88/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6825] <... rseq resumed>) = 0 [pid 6824] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6824] <... futex resumed>) = 0 [pid 5821] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./88/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6825] set_robust_list(0x7fbb68bde9a0, 24 [pid 6824] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... openat resumed>) = 4 [pid 6825] <... set_robust_list resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(4, "", [pid 6825] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... openat resumed>) = 4 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(4, "", [pid 5819] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, [pid 6825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6825] memfd_create("syzkaller", 0 [pid 5821] getdents64(4, [pid 5819] newfstatat(AT_FDCWD, "./91/file2", [pid 5818] getdents64(4, [pid 6825] <... memfd_create resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 134.238347][ T6823] loop4: detected capacity change from 0 to 256 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(4, [pid 5819] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 5821] close(4 [pid 5819] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] rmdir("./88/file2" [pid 5821] <... close resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... rmdir resumed>) = 0 [pid 5821] rmdir("./91/file2" [pid 5819] newfstatat(4, "", [pid 5818] umount2("./88/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./88/binderfs" [pid 5819] getdents64(4, [pid 5818] <... unlink resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(3, [pid 5821] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5819] close(4 [pid 5818] <... close resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5819] <... close resumed>) = 0 [pid 6825] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./88" [pid 6825] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] unlink("./91/binderfs" [pid 5819] rmdir("./91/file2" [pid 5818] <... rmdir resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6825] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] mkdir("./89", 0777 [pid 5821] close(3) = 0 [pid 5821] rmdir("./91" [pid 6825] <... write resumed>) = 131072 [pid 5821] <... rmdir resumed>) = 0 [pid 6825] munmap(0x7fbb60600000, 138412032 [pid 5821] mkdir("./92", 0777 [pid 6825] <... munmap resumed>) = 0 [pid 6823] <... mount resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... mkdir resumed>) = 0 [pid 6825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6823] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6825] <... openat resumed>) = 4 [pid 6823] <... openat resumed>) = 3 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] newfstatat(AT_FDCWD, "./91/binderfs", [pid 6825] ioctl(4, LOOP_SET_FD, 3 [pid 6823] chdir("./file2" [pid 5821] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] unlink("./91/binderfs" [pid 5821] <... ioctl resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [ 134.292831][ T6823] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.310553][ T6823] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] close(3) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5818] close(3 [pid 6823] <... chdir resumed>) = 0 [pid 5819] rmdir("./91" [pid 5818] <... close resumed>) = 0 [pid 6825] <... ioctl resumed>) = 0 [pid 6823] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... rmdir resumed>) = 0 [pid 6825] close(3 [pid 6823] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6823] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6822] <... futex resumed>) = 0 [pid 6822] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6822] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6826 attached ./strace-static-x86_64: Process 6827 attached [pid 6826] set_robust_list(0x55555eedf6a0, 24 [pid 6825] <... close resumed>) = 0 [pid 6823] mkdir("./file3", 0777 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6826 [pid 5819] mkdir("./92", 0777 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6827 [ 134.339225][ T6825] loop2: detected capacity change from 0 to 256 [pid 6825] close(4 [pid 6827] set_robust_list(0x55555eedf6a0, 24 [pid 6826] <... set_robust_list resumed>) = 0 [pid 6825] <... close resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6827] <... set_robust_list resumed>) = 0 [pid 6825] mkdir("./file2", 0777 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6827] chdir("./89" [pid 6826] chdir("./92") = 0 [pid 6826] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6826] setpgid(0, 0) = 0 [pid 6827] <... chdir resumed>) = 0 [pid 6826] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6825] <... mkdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6827] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6826] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6827] <... prctl resumed>) = 0 [pid 6826] write(3, "1000", 4 [pid 5819] <... ioctl resumed>) = 0 executing program [pid 6827] setpgid(0, 0 [pid 6826] <... write resumed>) = 4 [pid 6827] <... setpgid resumed>) = 0 [pid 6826] close(3) = 0 [pid 6826] symlink("/dev/binderfs", "./binderfs" [pid 6827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6826] <... symlink resumed>) = 0 [pid 6826] write(1, "executing program\n", 18) = 18 [pid 6826] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6827] <... openat resumed>) = 3 [pid 6826] <... futex resumed>) = 0 [pid 6827] write(3, "1000", 4 [pid 6826] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6827] <... write resumed>) = 4 [pid 6826] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6825] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] close(3 [pid 6827] close(3 [pid 6826] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6827] <... close resumed>) = 0 [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6826] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6826] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6826] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6826] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6828 attached => {parent_tid=[6828]}, 88) = 6828 [pid 6828] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6827] symlink("/dev/binderfs", "./binderfs" [pid 6826] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... close resumed>) = 0 [pid 6828] <... rseq resumed>) = 0 [pid 6826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6828] set_robust_list(0x7fbb68bde9a0, 24 [pid 6826] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... set_robust_list resumed>) = 0 [pid 6827] <... symlink resumed>) = 0 [pid 6826] <... futex resumed>) = 0 [pid 6828] rt_sigprocmask(SIG_SETMASK, [], [pid 6826] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6828] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6828] memfd_create("syzkaller", 0) = 3 [pid 6828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6827] write(1, "executing program\n", 18 [pid 6828] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072executing program ) = 131072 [pid 6827] <... write resumed>) = 18 [pid 6823] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6828] munmap(0x7fbb60600000, 138412032 [pid 6827] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6828] <... munmap resumed>) = 0 [pid 6822] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6828] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6822] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6828] <... openat resumed>) = 4 [pid 6827] <... futex resumed>) = 0 [pid 6823] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6822] <... futex resumed>) = 0 [pid 6828] ioctl(4, LOOP_SET_FD, 3 [ 134.368406][ T6823] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.391548][ T6823] exFAT-fs (loop4): Filesystem has been set read-only [pid 6827] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, ./strace-static-x86_64: Process 6829 attached NULL, 8) = 0 [pid 6827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6823] +++ killed by SIGSEGV +++ [pid 6822] +++ killed by SIGSEGV +++ [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6829] set_robust_list(0x55555eedf6a0, 24 [pid 6827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6822, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6829 [pid 5822] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6829] <... set_robust_list resumed>) = 0 [pid 6827] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 3 [pid 6827] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(3, "", [pid 6827] <... mprotect resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6829] chdir("./92" [pid 5822] getdents64(3, [pid 6827] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6829] <... chdir resumed>) = 0 [pid 6827] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6828] <... ioctl resumed>) = 0 [pid 6828] close(3) = 0 [pid 6828] close(4) = 0 [pid 6828] mkdir("./file2", 0777) = 0 [pid 6828] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6829] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6830 attached [pid 6829] <... prctl resumed>) = 0 [pid 5822] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6830] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6829] setpgid(0, 0 [pid 6827] <... clone3 resumed> => {parent_tid=[6830]}, 88) = 6830 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6830] <... rseq resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./91/file2", [pid 6830] set_robust_list(0x7fbb68bde9a0, 24 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6829] <... setpgid resumed>) = 0 [pid 6827] rt_sigprocmask(SIG_SETMASK, [], [pid 6830] <... set_robust_list resumed>) = 0 [pid 5822] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6830] rt_sigprocmask(SIG_SETMASK, [], [pid 6827] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6829] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6830] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6830] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6829] <... openat resumed>) = 3 [pid 6827] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6829] write(3, "1000", 4 [pid 6827] <... futex resumed>) = 0 [ 134.422020][ T6828] loop3: detected capacity change from 0 to 256 [ 134.436096][ T6825] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6829] <... write resumed>) = 4 [pid 6827] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6830] memfd_create("syzkaller", 0 [pid 5822] <... openat resumed>) = 4 [pid 6830] <... memfd_create resumed>) = 3 [pid 5822] newfstatat(4, "", [pid 6830] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6830] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] getdents64(4, [pid 6830] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6830] <... write resumed>) = 131072 [pid 6829] close(3 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 6830] munmap(0x7fbb60600000, 138412032 [pid 5822] rmdir("./91/file2" [pid 6830] <... munmap resumed>) = 0 [pid 6829] <... close resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./91/binderfs") = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] getdents64(3, [pid 6830] <... openat resumed>) = 4 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3executing program [pid 6830] ioctl(4, LOOP_SET_FD, 3 [pid 6829] symlink("/dev/binderfs", "./binderfs" [pid 6828] <... mount resumed>) = 0 [pid 6825] <... mount resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6829] <... symlink resumed>) = 0 [pid 6829] write(1, "executing program\n", 18) = 18 [pid 6829] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] <... ioctl resumed>) = 0 [pid 6829] <... futex resumed>) = 0 [pid 6828] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6825] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] rmdir("./91" [pid 6830] close(3) = 0 [pid 6830] close(4 [pid 6829] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6828] <... openat resumed>) = 3 [pid 6825] <... openat resumed>) = 3 [pid 5822] <... rmdir resumed>) = 0 [pid 6830] <... close resumed>) = 0 [pid 6829] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6829] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6830] mkdir("./file2", 0777 [pid 6829] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6828] chdir("./file2" [pid 6825] chdir("./file2" [pid 5822] mkdir("./92", 0777 [pid 6829] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6828] <... chdir resumed>) = 0 [pid 6825] <... chdir resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 6829] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6828] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6825] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6830] <... mkdir resumed>) = 0 [pid 6829] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6828] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6825] <... openat resumed>) = -1 EBUSY (Device or resource busy) [ 134.468605][ T6828] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.474120][ T6825] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 134.493724][ T6828] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 134.507958][ T6830] loop0: detected capacity change from 0 to 256 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6830] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6829] <... mprotect resumed>) = 0 [pid 6825] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6829] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6828] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6828] <... futex resumed>) = 1 [pid 6826] <... futex resumed>) = 0 [pid 6825] <... futex resumed>) = 1 [pid 6824] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6829] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6825] mkdir("./file3", 0777 [pid 6824] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... ioctl resumed>) = 0 [pid 6824] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6831 attached [pid 6828] mkdir("./file3", 0777 [pid 6826] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6829] <... clone3 resumed> => {parent_tid=[6831]}, 88) = 6831 [pid 6824] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] close(3 [pid 6829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6829] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6829] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6832 attached [ 134.564497][ T6830] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.568860][ T6825] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.577520][ T6830] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 134.600873][ T6828] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6826] <... futex resumed>) = 0 [pid 6831] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6832] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6832 [pid 6832] <... set_robust_list resumed>) = 0 [pid 6832] chdir("./92" [pid 6831] <... rseq resumed>) = 0 [pid 6826] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6825] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6832] <... chdir resumed>) = 0 [pid 6831] set_robust_list(0x7fbb68bde9a0, 24 [pid 6832] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6831] <... set_robust_list resumed>) = 0 [pid 6828] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6825] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6832] <... prctl resumed>) = 0 [pid 6831] rt_sigprocmask(SIG_SETMASK, [], [pid 6828] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6832] setpgid(0, 0 [pid 6831] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6826] <... futex resumed>) = ? [pid 6824] <... futex resumed>) = ? [pid 6832] <... setpgid resumed>) = 0 [pid 6831] memfd_create("syzkaller", 0) = 3 [pid 6825] +++ killed by SIGSEGV +++ [pid 6831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6831] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6832] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6831] <... write resumed>) = 131072 [pid 6824] +++ killed by SIGSEGV +++ [pid 6831] munmap(0x7fbb60600000, 138412032 [pid 6832] <... openat resumed>) = 3 [pid 6831] <... munmap resumed>) = 0 [pid 6832] write(3, "1000", 4 [pid 6828] +++ killed by SIGSEGV +++ [pid 6826] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6824, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6832] <... write resumed>) = 4 [pid 6831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6830] <... mount resumed>) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6832] close(3 [pid 6831] <... openat resumed>) = 4 [pid 6830] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6826, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6832] <... close resumed>) = 0 [pid 6831] ioctl(4, LOOP_SET_FD, 3 [pid 6830] <... openat resumed>) = 3 [pid 6832] symlink("/dev/binderfs", "./binderfs" [pid 5821] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6832] <... symlink resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 6832] write(1, "executing program\n", 18 [pid 5820] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6832] <... write resumed>) = 18 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6832] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6830] chdir("./file2" [pid 5820] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6832] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6832] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 6832] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6832] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6832] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6830] <... chdir resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5820] getdents64(3, [pid 6832] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6831] <... ioctl resumed>) = 0 [pid 6830] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6832] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6831] close(3 [pid 6830] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] getdents64(3, [pid 6831] <... close resumed>) = 0 [pid 6830] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6831] close(4 [pid 6830] <... futex resumed>) = 1 [pid 6827] <... futex resumed>) = 0 [pid 5821] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6832] <... mprotect resumed>) = 0 [pid 6831] <... close resumed>) = 0 [pid 6830] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6827] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6832] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6830] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6827] <... futex resumed>) = 0 [ 134.608386][ T6825] exFAT-fs (loop2): Filesystem has been set read-only [ 134.612917][ T6828] exFAT-fs (loop3): Filesystem has been set read-only [ 134.636957][ T6831] loop1: detected capacity change from 0 to 256 [pid 6832] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6831] mkdir("./file2", 0777 [pid 6830] mkdir("./file3", 0777 [pid 6827] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6832] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6831] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6833 attached [pid 6832] <... clone3 resumed> => {parent_tid=[6833]}, 88) = 6833 [pid 6833] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6832] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... umount2 resumed>) = 0 [pid 6833] <... rseq resumed>) = 0 [pid 5821] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6833] set_robust_list(0x7fbb68bde9a0, 24 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6833] <... set_robust_list resumed>) = 0 [pid 6832] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] newfstatat(AT_FDCWD, "./92/file2", [pid 6833] rt_sigprocmask(SIG_SETMASK, [], [pid 6832] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6832] <... futex resumed>) = 0 [pid 5821] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6833] memfd_create("syzkaller", 0 [pid 6832] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./90/file2", [pid 6833] <... memfd_create resumed>) = 3 [pid 6831] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5820] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6833] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6833] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] newfstatat(4, "", [pid 5820] <... openat resumed>) = 4 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] newfstatat(4, "", [pid 6833] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, [pid 5821] getdents64(4, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(4, [pid 5821] close(4) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] rmdir("./92/file2" [pid 5820] close(4 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6833] <... write resumed>) = 131072 [pid 5820] rmdir("./90/file2" [pid 5821] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5820] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6833] munmap(0x7fbb60600000, 138412032 [pid 5821] unlink("./92/binderfs" [pid 6833] <... munmap resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./90/binderfs" [pid 5821] getdents64(3, [pid 5820] <... unlink resumed>) = 0 [pid 6833] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6833] <... openat resumed>) = 4 [pid 5821] close(3 [pid 5820] getdents64(3, [pid 5821] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 134.664624][ T6830] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.678469][ T6830] exFAT-fs (loop0): Filesystem has been set read-only [ 134.692922][ T6831] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.705868][ T6831] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6833] ioctl(4, LOOP_SET_FD, 3 [pid 5821] rmdir("./92" [pid 6831] <... mount resumed>) = 0 [pid 6830] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] close(3 [pid 6830] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6831] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6831] chdir("./file2") = 0 [pid 6831] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6827] <... futex resumed>) = ? [pid 6833] <... ioctl resumed>) = 0 [pid 6831] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6830] +++ killed by SIGSEGV +++ [pid 6827] +++ killed by SIGSEGV +++ [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6831] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] rmdir("./90" [pid 6831] <... futex resumed>) = 1 [pid 6829] <... futex resumed>) = 0 [pid 6833] close(3 [pid 6831] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] mkdir("./93", 0777 [pid 5820] <... rmdir resumed>) = 0 [pid 6833] <... close resumed>) = 0 [pid 6831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6829] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6827, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6833] close(4 [pid 6831] mkdir("./file3", 0777 [pid 6829] <... futex resumed>) = 0 [pid 5820] mkdir("./91", 0777 [pid 6833] <... close resumed>) = 0 [pid 5818] umount2("./89", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6833] mkdir("./file2", 0777 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6833] <... mkdir resumed>) = 0 [pid 6829] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6833] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [ 134.706200][ T6833] loop4: detected capacity change from 0 to 256 [ 134.736192][ T6831] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.747724][ T6831] exFAT-fs (loop1): Filesystem has been set read-only [pid 6831] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] newfstatat(3, "", [pid 6831] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 5820] <... openat resumed>) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6831] +++ killed by SIGSEGV +++ [pid 6829] <... futex resumed>) = ? [pid 5821] <... close resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] getdents64(3, [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6833] <... mount resumed>) = 0 [pid 6829] +++ killed by SIGSEGV +++ [pid 5820] close(3 [pid 5818] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6833] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6833] chdir("./file2") = 0 [pid 6833] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6833] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6832] <... futex resumed>) = 0 [pid 6833] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6832] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6833] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6832] <... futex resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6829, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6833] mkdir("./file3", 0777 [pid 6832] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 134.761956][ T6833] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 134.775584][ T6833] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./89/file2", [pid 5819] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6835 attached [pid 5819] <... openat resumed>) = 3 [pid 5818] umount2("./89/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6834 [pid 5819] newfstatat(3, "", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6835] set_robust_list(0x55555eedf6a0, 24 [pid 6833] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] openat(AT_FDCWD, "./89/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6835] <... set_robust_list resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] <... openat resumed>) = 4 ./strace-static-x86_64: Process 6834 attached [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] newfstatat(4, "", [pid 6835] chdir("./91" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6835 [pid 5819] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6833] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6834] set_robust_list(0x55555eedf6a0, 24 [pid 6835] <... chdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] getdents64(4, [pid 6834] <... set_robust_list resumed>) = 0 [pid 6834] chdir("./93" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6834] <... chdir resumed>) = 0 [pid 6834] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6834] setpgid(0, 0) = 0 [pid 6834] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6835] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, [pid 6834] write(3, "1000", 4 [pid 6835] <... prctl resumed>) = 0 [pid 6832] <... futex resumed>) = ? [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6834] <... write resumed>) = 4 [pid 5818] close(4 [pid 6835] setpgid(0, 0 [pid 5819] newfstatat(AT_FDCWD, "./92/file2", [pid 6835] <... setpgid resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6834] close(3 [pid 6835] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./89/file2" [pid 6834] <... close resumed>) = 0 [pid 6834] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6834] write(1, "executing program\n", 18) = 18 [pid 6834] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] umount2("./89/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6834] <... futex resumed>) = 0 [pid 6834] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6834] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6834] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] newfstatat(AT_FDCWD, "./89/binderfs", [pid 6834] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6834] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6834] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6835] <... openat resumed>) = 3 [pid 5818] unlink("./89/binderfs" [pid 6834] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6835] write(3, "1000", 4 [pid 6833] +++ killed by SIGSEGV +++ [pid 6832] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... unlink resumed>) = 0 [pid 6834] <... mprotect resumed>) = 0 [pid 6835] <... write resumed>) = 4 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6832, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(3, [pid 6834] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6835] close(3 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6834] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6835] <... close resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 5818] close(3 [pid 6834] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6835] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... close resumed>) = 0 [pid 6834] <... clone3 resumed> => {parent_tid=[6836]}, 88) = 6836 [pid 6834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] getdents64(4, [pid 5818] rmdir("./89"./strace-static-x86_64: Process 6836 attached [pid 6834] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6834] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] <... rmdir resumed>) = 0 [pid 6836] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] mkdir("./90", 0777 [pid 6836] <... rseq resumed>) = 0 [pid 5819] getdents64(4, [pid 6836] set_robust_list(0x7fbb68bde9a0, 24 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6836] <... set_robust_list resumed>) = 0 [pid 6835] <... symlink resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6836] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 6835] write(1, "executing program\n", 18 [pid 5819] close(4 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6836] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6835] <... write resumed>) = 18 [pid 6836] memfd_create("syzkaller", 0 [pid 6835] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... openat resumed>) = 3 [pid 6835] <... futex resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6836] <... memfd_create resumed>) = 3 [pid 6835] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] rmdir("./92/file2" [pid 6836] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6835] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6835] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6836] <... mmap resumed>) = 0x7fbb60600000 [pid 6835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6835] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6835] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] close(3 [pid 6836] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6835] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [ 134.807242][ T6833] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 134.819835][ T6833] exFAT-fs (loop4): Filesystem has been set read-only [pid 5819] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6835] <... mprotect resumed>) = 0 [pid 5822] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 6835] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... openat resumed>) = 3 [pid 5819] newfstatat(AT_FDCWD, "./92/binderfs", [pid 6835] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] newfstatat(3, "", [pid 6836] <... write resumed>) = 131072 [pid 6835] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6837 attached [pid 6835] <... clone3 resumed> => {parent_tid=[6837]}, 88) = 6837 [pid 5822] <... umount2 resumed>) = 0 [pid 5819] unlink("./92/binderfs"./strace-static-x86_64: Process 6838 attached [pid 6837] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6836] munmap(0x7fbb60600000, 138412032 [pid 5819] <... unlink resumed>) = 0 [pid 6837] <... rseq resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6838 [pid 6837] set_robust_list(0x7fbb68bde9a0, 24 [pid 6838] set_robust_list(0x55555eedf6a0, 24 [pid 6837] <... set_robust_list resumed>) = 0 [pid 6835] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] getdents64(3, [pid 6837] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6837] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6838] <... set_robust_list resumed>) = 0 [pid 5819] close(3 [pid 6837] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6835] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6838] chdir("./90" [pid 6836] <... munmap resumed>) = 0 [pid 6835] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 6838] <... chdir resumed>) = 0 [pid 6837] <... futex resumed>) = 0 [pid 6835] <... futex resumed>) = 1 [pid 5819] rmdir("./92" [pid 6838] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6837] memfd_create("syzkaller", 0 [pid 6836] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6835] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6838] setpgid(0, 0 [pid 6837] <... memfd_create resumed>) = 3 [pid 6836] <... openat resumed>) = 4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... rmdir resumed>) = 0 [pid 6838] <... setpgid resumed>) = 0 [pid 6837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6836] ioctl(4, LOOP_SET_FD, 3 [pid 5822] newfstatat(AT_FDCWD, "./92/file2", [pid 6838] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6837] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] mkdir("./93", 0777 [pid 6838] <... openat resumed>) = 3 [pid 6837] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6836] <... ioctl resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6836] close(3 [pid 5822] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6836] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6836] close(4 [pid 5822] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 6838] write(3, "1000", 4 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6836] <... close resumed>) = 0 [pid 5822] rmdir("./92/file2" [pid 6838] <... write resumed>) = 4 [pid 6836] mkdir("./file2", 0777 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6838] close(3) = 0 [pid 6837] <... write resumed>) = 131072 [pid 6836] <... mkdir resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6838] symlink("/dev/binderfs", "./binderfs" [pid 6837] munmap(0x7fbb60600000, 138412032 [pid 5819] <... ioctl resumed>) = 0 [pid 6838] <... symlink resumed>) = 0 [pid 6836] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""executing program [pid 5822] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(3 [pid 6838] write(1, "executing program\n", 18 [pid 6837] <... munmap resumed>) = 0 [pid 6838] <... write resumed>) = 18 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./92/binderfs" [pid 6838] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6838] <... futex resumed>) = 0 [pid 6837] <... openat resumed>) = 4 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6838] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6837] ioctl(4, LOOP_SET_FD, 3 [pid 6838] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6837] <... ioctl resumed>) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./92") = 0 [pid 5822] mkdir("./93", 0777) = 0 [pid 6838] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [ 134.903278][ T6836] loop3: detected capacity change from 0 to 256 [ 134.932490][ T6837] loop2: detected capacity change from 0 to 256 [ 134.937151][ T6836] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] close(3) = 0 [pid 6838] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 6839 ./strace-static-x86_64: Process 6839 attached [pid 6838] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6837] close(3./strace-static-x86_64: Process 6840 attached [pid 6838] <... mprotect resumed>) = 0 [pid 6837] <... close resumed>) = 0 [pid 6839] set_robust_list(0x55555eedf6a0, 24 [pid 6837] close(4 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6840 [pid 6839] <... set_robust_list resumed>) = 0 [pid 6838] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6840] set_robust_list(0x55555eedf6a0, 24 [pid 6838] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6837] <... close resumed>) = 0 [pid 6840] <... set_robust_list resumed>) = 0 [pid 6837] mkdir("./file2", 0777 [pid 6839] chdir("./93" [pid 6837] <... mkdir resumed>) = 0 [pid 6839] <... chdir resumed>) = 0 [pid 6837] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6840] chdir("./93" [pid 6839] setpgid(0, 0 [pid 6838] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6840] <... chdir resumed>) = 0 [pid 6839] <... setpgid resumed>) = 0 [pid 6840] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6840] <... prctl resumed>) = 0 [pid 6839] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6841 attached [pid 6840] setpgid(0, 0 [pid 6839] write(3, "1000", 4 [pid 6841] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6840] <... setpgid resumed>) = 0 [pid 6839] <... write resumed>) = 4 [pid 6839] close(3) = 0 [pid 6839] symlink("/dev/binderfs", "./binderfs" [pid 6841] <... rseq resumed>) = 0 [pid 6840] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6839] <... symlink resumed>) = 0 [pid 6841] set_robust_list(0x7fbb68bde9a0, 24 [pid 6840] <... openat resumed>) = 3 [pid 6838] <... clone3 resumed> => {parent_tid=[6841]}, 88) = 6841 [pid 6841] <... set_robust_list resumed>) = 0 [pid 6840] write(3, "1000", 4 [pid 6838] rt_sigprocmask(SIG_SETMASK, [], [pid 6841] rt_sigprocmask(SIG_SETMASK, [], [pid 6840] <... write resumed>) = 4 [pid 6838] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6841] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6840] close(3 [pid 6838] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] memfd_create("syzkaller", 0 [pid 6840] <... close resumed>) = 0 [pid 6838] <... futex resumed>) = 0 [pid 6841] <... memfd_create resumed>) = 3 [pid 6840] symlink("/dev/binderfs", "./binderfs" [pid 6838] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 134.963159][ T6836] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 134.998463][ T6837] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6841] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0executing program [pid 6840] <... symlink resumed>) = 0 [pid 6841] <... mmap resumed>) = 0x7fbb60600000 [pid 6839] write(1, "executing program\n", 18 [pid 6836] <... mount resumed>) = 0 [pid 6841] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6840] write(1, "executing program\n", 18 [pid 6839] <... write resumed>) = 18 [pid 6837] <... mount resumed>) = 0 [pid 6836] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORYexecuting program [pid 6840] <... write resumed>) = 18 [pid 6841] <... write resumed>) = 131072 [pid 6840] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6839] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6837] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6836] <... openat resumed>) = 3 [pid 6840] <... futex resumed>) = 0 [pid 6839] <... futex resumed>) = 0 [pid 6837] <... openat resumed>) = 3 [pid 6836] chdir("./file2" [pid 6841] munmap(0x7fbb60600000, 138412032 [pid 6840] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6839] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6837] chdir("./file2" [pid 6836] <... chdir resumed>) = 0 [pid 6840] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6839] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6836] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6837] <... chdir resumed>) = 0 [pid 6840] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6836] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6840] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6837] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6836] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6840] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6840] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6839] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6841] <... munmap resumed>) = 0 [pid 6840] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6839] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6837] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6836] <... futex resumed>) = 1 [pid 6834] <... futex resumed>) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6840] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6839] <... mprotect resumed>) = 0 [pid 6837] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6836] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6839] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6837] <... futex resumed>) = 1 [pid 6836] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6834] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6835] <... futex resumed>) = 0 [pid 6841] <... openat resumed>) = 4 [pid 6840] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6839] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6837] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6836] mkdir("./file3", 0777 [pid 6834] <... futex resumed>) = 0 [pid 6835] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6841] ioctl(4, LOOP_SET_FD, 3 [pid 6839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6834] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6835] <... futex resumed>) = 0 [pid 6837] mkdir("./file3", 0777 [pid 6840] <... clone3 resumed> => {parent_tid=[6842]}, 88) = 6842 [pid 6840] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6840] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 135.028259][ T6837] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.059961][ T6836] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.062165][ T6841] loop0: detected capacity change from 0 to 256 [pid 6840] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6841] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6842 attached [pid 6835] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6841] close(3./strace-static-x86_64: Process 6843 attached [pid 6842] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6839] <... clone3 resumed> => {parent_tid=[6843]}, 88) = 6843 [pid 6841] <... close resumed>) = 0 [pid 6841] close(4) = 0 [pid 6841] mkdir("./file2", 0777) = 0 [pid 6843] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6842] <... rseq resumed>) = 0 [pid 6841] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6839] rt_sigprocmask(SIG_SETMASK, [], [pid 6837] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6836] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6843] <... rseq resumed>) = 0 [pid 6842] set_robust_list(0x7fbb68bde9a0, 24 [pid 6839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6837] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6836] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6843] set_robust_list(0x7fbb68bde9a0, 24 [pid 6842] <... set_robust_list resumed>) = 0 [pid 6839] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6834] <... futex resumed>) = ? [pid 6835] <... futex resumed>) = ? [pid 6843] <... set_robust_list resumed>) = 0 [pid 6842] rt_sigprocmask(SIG_SETMASK, [], [pid 6839] <... futex resumed>) = 0 [pid 6836] +++ killed by SIGSEGV +++ [pid 6843] rt_sigprocmask(SIG_SETMASK, [], [pid 6842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6839] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6837] +++ killed by SIGSEGV +++ [pid 6834] +++ killed by SIGSEGV +++ [pid 6835] +++ killed by SIGSEGV +++ [pid 6843] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6842] memfd_create("syzkaller", 0 [pid 6843] memfd_create("syzkaller", 0 [pid 6842] <... memfd_create resumed>) = 3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6834, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6835, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6843] <... memfd_create resumed>) = 3 [pid 6842] <... mmap resumed>) = 0x7fbb60600000 [ 135.069621][ T6836] exFAT-fs (loop3): Filesystem has been set read-only [ 135.082940][ T6837] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.092528][ T6837] exFAT-fs (loop2): Filesystem has been set read-only [pid 6842] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6842] <... write resumed>) = 131072 [pid 6843] <... mmap resumed>) = 0x7fbb60600000 [pid 6842] munmap(0x7fbb60600000, 138412032 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6843] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6843] <... write resumed>) = 131072 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 3 [pid 5821] newfstatat(3, "", [pid 5820] newfstatat(3, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6843] munmap(0x7fbb60600000, 138412032 [pid 5820] getdents64(3, [pid 6843] <... munmap resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6843] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6843] <... openat resumed>) = 4 [pid 6843] ioctl(4, LOOP_SET_FD, 3 [pid 6842] <... munmap resumed>) = 0 [pid 6841] <... mount resumed>) = 0 [pid 5821] getdents64(3, [pid 6842] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6841] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6842] <... openat resumed>) = 4 [pid 6841] <... openat resumed>) = 3 [pid 5821] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6843] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6843] close(3 [pid 5820] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6843] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6843] close(4 [pid 5820] newfstatat(AT_FDCWD, "./91/file2", [pid 6841] chdir("./file2" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6842] ioctl(4, LOOP_SET_FD, 3 [pid 6841] <... chdir resumed>) = 0 [pid 5820] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6843] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6843] mkdir("./file2", 0777 [pid 5821] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6843] <... mkdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 4 [pid 6843] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] newfstatat(AT_FDCWD, "./93/file2", [pid 5820] newfstatat(4, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] getdents64(4, [pid 5821] <... openat resumed>) = 4 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] newfstatat(4, "", [pid 5820] close(4 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... close resumed>) = 0 [pid 5821] getdents64(4, [pid 5820] rmdir("./91/file2" [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... rmdir resumed>) = 0 [pid 5821] getdents64(4, [pid 5820] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] close(4 [pid 5820] newfstatat(AT_FDCWD, "./91/binderfs", [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] rmdir("./93/file2" [pid 5820] unlink("./91/binderfs" [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5821] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(3, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5820] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... close resumed>) = 0 [pid 5821] unlink("./93/binderfs" [pid 5820] rmdir("./91" [pid 6842] <... ioctl resumed>) = 0 [pid 6841] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6842] close(3 [pid 6841] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] getdents64(3, [pid 6842] <... close resumed>) = 0 [pid 6841] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6842] close(4 [pid 6841] <... futex resumed>) = 1 [pid 6838] <... futex resumed>) = 0 [pid 5821] close(3 [pid 5820] mkdir("./92", 0777 [pid 6842] <... close resumed>) = 0 [pid 6841] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6838] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6842] mkdir("./file2", 0777 [pid 6841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6838] <... futex resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 6842] <... mkdir resumed>) = 0 [ 135.120998][ T6841] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.140428][ T6841] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.144232][ T6843] loop4: detected capacity change from 0 to 256 [ 135.162091][ T6842] loop1: detected capacity change from 0 to 256 [pid 6841] mkdir("./file3", 0777 [pid 6838] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... mkdir resumed>) = 0 [pid 5821] rmdir("./93" [pid 6842] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... rmdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] mkdir("./94", 0777 [pid 5820] <... openat resumed>) = 3 [pid 6843] <... mount resumed>) = 0 [pid 6841] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... mkdir resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6843] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6841] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 135.193655][ T6841] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.199929][ T6843] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.203595][ T6841] exFAT-fs (loop0): Filesystem has been set read-only [ 135.217152][ T6843] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.227839][ T6842] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... ioctl resumed>) = 0 [pid 6843] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 5820] close(3 [pid 6843] chdir("./file2" [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... close resumed>) = 0 [pid 6843] <... chdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6843] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6843] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6844 attached [pid 6842] <... mount resumed>) = 0 [pid 6838] <... futex resumed>) = ? [pid 5821] close(3 [pid 6844] set_robust_list(0x55555eedf6a0, 24 [pid 6843] <... futex resumed>) = 1 [pid 6844] <... set_robust_list resumed>) = 0 [pid 6843] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6842] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6841] +++ killed by SIGSEGV +++ [pid 6839] <... futex resumed>) = 0 [pid 6838] +++ killed by SIGSEGV +++ [pid 5821] <... close resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6844 [pid 6844] chdir("./92" [pid 6842] <... openat resumed>) = 3 [pid 6839] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6838, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6844] <... chdir resumed>) = 0 [pid 6843] <... futex resumed>) = 0 [pid 6842] chdir("./file2" [pid 6839] <... futex resumed>) = 1 [pid 6843] mkdir("./file3", 0777 [pid 6842] <... chdir resumed>) = 0 [ 135.244319][ T6842] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6839] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6845 attached [pid 6842] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6845] set_robust_list(0x55555eedf6a0, 24 [pid 6842] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6845 [pid 5818] umount2("./90", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6845] <... set_robust_list resumed>) = 0 [pid 6842] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6842] <... futex resumed>) = 1 [pid 6840] <... futex resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6845] chdir("./94" [pid 6842] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6840] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... openat resumed>) = 3 [pid 6844] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6840] <... futex resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 6840] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 6844] <... prctl resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6844] setpgid(0, 0 [pid 5818] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6845] <... chdir resumed>) = 0 [pid 6844] <... setpgid resumed>) = 0 [pid 6842] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5818] <... umount2 resumed>) = 0 [pid 6845] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6842] mkdir("./file3", 0777 [pid 6845] <... prctl resumed>) = 0 [pid 6845] setpgid(0, 0 [pid 6844] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6845] <... setpgid resumed>) = 0 [pid 6845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6844] <... openat resumed>) = 3 [pid 5818] newfstatat(AT_FDCWD, "./90/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./90/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./90/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./90/file2") = 0 [pid 5818] umount2("./90/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6845] <... openat resumed>) = 3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6845] write(3, "1000", 4 [pid 5818] newfstatat(AT_FDCWD, "./90/binderfs", [pid 6845] <... write resumed>) = 4 [pid 6843] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./90/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./90") = 0 [pid 5818] mkdir("./91", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6844] write(3, "1000", 4 [pid 5818] <... openat resumed>) = 3 [pid 6845] close(3 [pid 6844] <... write resumed>) = 4 [pid 6843] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6842] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6845] <... close resumed>) = 0 [pid 6844] close(3 [pid 6842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6839] <... futex resumed>) = ? [pid 6845] symlink("/dev/binderfs", "./binderfs" [pid 6844] <... close resumed>) = 0 [pid 6843] +++ killed by SIGSEGV +++ [pid 5818] <... ioctl resumed>) = 0 [pid 6844] symlink("/dev/binderfs", "./binderfs" [pid 5818] close(3 [pid 6845] <... symlink resumed>) = 0 [pid 6844] <... symlink resumed>) = 0 [pid 6839] +++ killed by SIGSEGV +++ executing program [pid 5818] <... close resumed>) = 0 [pid 6845] write(1, "executing program\n", 18 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6839, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6845] <... write resumed>) = 18 [pid 5822] restart_syscall(<... resuming interrupted clone ...>executing program [pid 6845] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] write(1, "executing program\n", 18 [pid 6845] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6846 attached [pid 6845] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6844] <... write resumed>) = 18 [pid 6846] set_robust_list(0x55555eedf6a0, 24 [pid 6845] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6844] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6846] <... set_robust_list resumed>) = 0 [pid 6845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6844] <... futex resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 6846] chdir("./91" [pid 6845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6844] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6840] <... futex resumed>) = ? [pid 6846] <... chdir resumed>) = 0 [pid 6845] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6844] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6846 [pid 6846] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6845] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6844] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6846] <... prctl resumed>) = 0 [pid 6845] <... mprotect resumed>) = 0 [pid 6844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6842] +++ killed by SIGSEGV +++ [pid 6840] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6846] setpgid(0, 0 [pid 6845] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6840, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6846] <... setpgid resumed>) = 0 [pid 6845] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6844] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6846] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6844] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(3, "", ./strace-static-x86_64: Process 6847 attached [pid 6844] <... mprotect resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6847] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6846] <... openat resumed>) = 3 [pid 6845] <... clone3 resumed> => {parent_tid=[6847]}, 88) = 6847 [pid 6844] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] getdents64(3, [pid 6847] <... rseq resumed>) = 0 [pid 6845] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6847] set_robust_list(0x7fbb68bde9a0, 24 [pid 6846] write(3, "1000", 4 [pid 6845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6844] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6847] <... set_robust_list resumed>) = 0 [pid 6846] <... write resumed>) = 4 [pid 6845] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... umount2 resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6847] rt_sigprocmask(SIG_SETMASK, [], [pid 6846] close(3 [pid 6845] <... futex resumed>) = 0 ./strace-static-x86_64: Process 6848 attached [pid 6847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6846] <... close resumed>) = 0 [pid 6845] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6844] <... clone3 resumed> => {parent_tid=[6848]}, 88) = 6848 [pid 5822] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6847] memfd_create("syzkaller", 0 [pid 6846] symlink("/dev/binderfs", "./binderfs" [pid 6844] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] <... rseq resumed>) = 0 [pid 6847] <... memfd_create resumed>) = 3 [pid 6846] <... symlink resumed>) = 0 [pid 6844] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 135.288297][ T6843] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.307364][ T6842] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.308266][ T6843] exFAT-fs (loop4): Filesystem has been set read-only [ 135.325980][ T6842] exFAT-fs (loop1): Filesystem has been set read-only [pid 5822] newfstatat(AT_FDCWD, "./93/file2", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6844] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 6848] set_robust_list(0x7fbb68bde9a0, 24 [pid 6847] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6846] write(1, "executing program\n", 18 [pid 6844] <... futex resumed>) = 0 [pid 5822] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 6848] <... set_robust_list resumed>) = 0 [pid 6847] <... mmap resumed>) = 0x7fbb60600000 [pid 6846] <... write resumed>) = 18 [pid 6844] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] newfstatat(3, "", [pid 6848] rt_sigprocmask(SIG_SETMASK, [], [pid 6846] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6848] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6847] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6846] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] getdents64(3, [pid 6848] memfd_create("syzkaller", 0 [pid 6846] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... openat resumed>) = 4 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6848] <... memfd_create resumed>) = 3 [pid 6846] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6848] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6847] <... write resumed>) = 131072 [pid 6846] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] newfstatat(4, "", [pid 5819] <... umount2 resumed>) = 0 [pid 6848] <... mmap resumed>) = 0x7fbb60600000 [pid 6847] munmap(0x7fbb60600000, 138412032 [pid 6846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6846] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] getdents64(4, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6846] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] newfstatat(AT_FDCWD, "./93/file2", [pid 6846] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6846] <... mprotect resumed>) = 0 [pid 5822] getdents64(4, [pid 5819] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6846] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6848] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] close(4 [pid 5819] <... openat resumed>) = 4 [pid 6846] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 6846] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] rmdir("./93/file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6849 attached [pid 5822] <... rmdir resumed>) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6846] <... clone3 resumed> => {parent_tid=[6849]}, 88) = 6849 [pid 5819] getdents64(4, [pid 6849] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6846] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6849] <... rseq resumed>) = 0 [pid 6846] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(4 [pid 6849] set_robust_list(0x7fbb68bde9a0, 24 [pid 6846] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... close resumed>) = 0 [pid 6849] <... set_robust_list resumed>) = 0 [pid 6846] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5819] rmdir("./93/file2" [pid 6849] rt_sigprocmask(SIG_SETMASK, [], [pid 6847] <... munmap resumed>) = 0 [pid 6846] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6849] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6848] <... write resumed>) = 131072 [pid 6847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] unlink("./93/binderfs" [pid 5819] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6849] memfd_create("syzkaller", 0 [pid 6848] munmap(0x7fbb60600000, 138412032 [pid 6847] <... openat resumed>) = 4 [pid 6848] <... munmap resumed>) = 0 [pid 6847] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./93/binderfs", [pid 6849] <... memfd_create resumed>) = 3 [pid 6848] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] unlink("./93/binderfs") = 0 [pid 5819] getdents64(3, [pid 6849] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6848] <... openat resumed>) = 4 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 6849] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] close(3 [pid 5819] <... close resumed>) = 0 [pid 6848] ioctl(4, LOOP_SET_FD, 3 [pid 5819] rmdir("./93" [pid 6847] <... ioctl resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 6847] close(3) = 0 [pid 6849] <... write resumed>) = 131072 [pid 6848] <... ioctl resumed>) = 0 [pid 5822] rmdir("./93" [pid 5819] mkdir("./94", 0777 [pid 6847] close(4 [pid 6849] munmap(0x7fbb60600000, 138412032 [pid 6848] close(3 [pid 5822] <... rmdir resumed>) = 0 [pid 6849] <... munmap resumed>) = 0 [pid 6848] <... close resumed>) = 0 [pid 6847] <... close resumed>) = 0 [pid 5822] mkdir("./94", 0777 [pid 5819] <... mkdir resumed>) = 0 [pid 6849] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6848] close(4 [pid 5822] <... mkdir resumed>) = 0 [pid 6849] <... openat resumed>) = 4 [pid 6848] <... close resumed>) = 0 [pid 6847] mkdir("./file2", 0777 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6849] ioctl(4, LOOP_SET_FD, 3 [pid 6848] mkdir("./file2", 0777 [pid 5822] <... openat resumed>) = 3 [pid 6849] <... ioctl resumed>) = 0 [pid 6848] <... mkdir resumed>) = 0 [pid 6847] <... mkdir resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6848] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6847] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... close resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [ 135.397833][ T6847] loop3: detected capacity change from 0 to 256 [ 135.405115][ T6848] loop2: detected capacity change from 0 to 256 [ 135.431265][ T6849] loop0: detected capacity change from 0 to 256 [pid 5819] close(3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 6850 [pid 6849] close(3) = 0 [pid 6849] close(4) = 0 [pid 6849] mkdir("./file2", 0777) = 0 [pid 6849] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""./strace-static-x86_64: Process 6851 attached ./strace-static-x86_64: Process 6850 attached [pid 6850] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6851] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6851 [pid 6851] chdir("./94") = 0 [pid 6851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6851] setpgid(0, 0) = 0 [pid 6851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 135.449260][ T6848] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.471223][ T6848] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.482606][ T6847] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6851] write(3, "1000", 4 [pid 6850] chdir("./94" [pid 6848] <... mount resumed>) = 0 [pid 6850] <... chdir resumed>) = 0 [pid 6850] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6850] setpgid(0, 0) = 0 [pid 6850] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXECexecuting program [pid 6851] <... write resumed>) = 4 [pid 6850] <... openat resumed>) = 3 [pid 6848] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6847] <... mount resumed>) = 0 [pid 6850] write(3, "1000", 4) = 4 [pid 6848] <... openat resumed>) = 3 [pid 6847] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6850] close(3) = 0 [pid 6850] symlink("/dev/binderfs", "./binderfs" [pid 6847] <... openat resumed>) = 3 [pid 6850] <... symlink resumed>) = 0 [pid 6848] chdir("./file2" [pid 6850] write(1, "executing program\n", 18) = 18 [pid 6848] <... chdir resumed>) = 0 [pid 6847] chdir("./file2" [pid 6850] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6847] <... chdir resumed>) = 0 [pid 6850] <... futex resumed>) = 0 [pid 6848] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6850] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6847] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6850] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6850] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6848] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6847] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6850] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6848] <... futex resumed>) = 1 [pid 6850] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6848] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... mprotect resumed>) = 0 [pid 6845] <... futex resumed>) = 0 [pid 6850] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6847] <... futex resumed>) = 1 [pid 6845] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6850] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6847] mkdir("./file3", 0777 [pid 6845] <... futex resumed>) = 0 [pid 6850] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6845] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6852 attached [pid 6851] close(3 [pid 6844] <... futex resumed>) = 0 [pid 6852] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6850] <... clone3 resumed> => {parent_tid=[6852]}, 88) = 6852 [pid 6844] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6851] <... close resumed>) = 0 [pid 6850] rt_sigprocmask(SIG_SETMASK, [], [pid 6852] <... rseq resumed>) = 0 [pid 6850] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6852] set_robust_list(0x7fbb68bde9a0, 24 [pid 6850] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... set_robust_list resumed>) = 0 [pid 6850] <... futex resumed>) = 0 [pid 6852] rt_sigprocmask(SIG_SETMASK, [], [pid 6850] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6852] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6852] memfd_create("syzkaller", 0) = 3 [pid 6851] symlink("/dev/binderfs", "./binderfs" [pid 6844] <... futex resumed>) = 1 [pid 6844] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6852] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6851] <... symlink resumed>) = 0 executing program [pid 6852] <... write resumed>) = 131072 [pid 6851] write(1, "executing program\n", 18 [pid 6852] munmap(0x7fbb60600000, 138412032 [pid 6848] <... futex resumed>) = 0 [pid 6852] <... munmap resumed>) = 0 [ 135.497703][ T6847] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.510620][ T6849] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.519571][ T6847] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.538401][ T6849] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6848] mkdir("./file3", 0777 [pid 6851] <... write resumed>) = 18 [pid 6852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6851] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6852] <... openat resumed>) = 4 [pid 6851] <... futex resumed>) = 0 [pid 6852] ioctl(4, LOOP_SET_FD, 3 [pid 6851] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6852] <... ioctl resumed>) = 0 [pid 6851] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6845] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6845] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6845] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6853]}, 88) = 6853 [pid 6845] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6853 attached [pid 6851] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6849] <... mount resumed>) = 0 [pid 6845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6844] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6849] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6845] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6844] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] <... openat resumed>) = 3 [pid 6851] <... mprotect resumed>) = 0 [pid 6845] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... futex resumed>) = 0 [pid 6844] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6853] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6852] close(3 [pid 6851] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6849] chdir("./file2" [pid 6844] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6852] <... close resumed>) = 0 [pid 6852] close(4) = 0 [pid 6844] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6851] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6849] <... chdir resumed>) = 0 [pid 6853] <... rseq resumed>) = 0 [pid 6852] mkdir("./file2", 0777 [pid 6851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6849] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6844] <... mprotect resumed>) = 0 [pid 6853] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6852] <... mkdir resumed>) = 0 [pid 6849] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6844] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6853] rt_sigprocmask(SIG_SETMASK, [], [pid 6852] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6844] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6849] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6853] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6851] <... clone3 resumed> => {parent_tid=[6854]}, 88) = 6854 [pid 6844] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6854 attached [pid 6853] openat(AT_FDCWD, ".", O_RDONLY [pid 6851] rt_sigprocmask(SIG_SETMASK, [], [pid 6849] <... futex resumed>) = 1 [pid 6846] <... futex resumed>) = 0 [ 135.541983][ T6848] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.560036][ T6852] loop1: detected capacity change from 0 to 256 [ 135.567154][ T6847] exFAT-fs (loop3): Filesystem has been set read-only ./strace-static-x86_64: Process 6855 attached [pid 6854] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6853] <... openat resumed>) = 4 [pid 6851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6849] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6847] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6846] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6851] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6854] <... rseq resumed>) = 0 [pid 6853] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6851] <... futex resumed>) = 0 [pid 6849] mkdir("./file3", 0777 [pid 6847] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6846] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6844] <... clone3 resumed> => {parent_tid=[6855]}, 88) = 6855 [pid 6854] set_robust_list(0x7fbb68bde9a0, 24 [pid 6853] <... futex resumed>) = ? [pid 6851] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6844] rt_sigprocmask(SIG_SETMASK, [], [pid 6854] <... set_robust_list resumed>) = 0 [pid 6844] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6844] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6855] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6854] memfd_create("syzkaller", 0 [pid 6845] <... futex resumed>) = ? [pid 6844] <... futex resumed>) = 0 [pid 6855] <... rseq resumed>) = 0 [pid 6853] +++ killed by SIGSEGV +++ [pid 6855] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6855] rt_sigprocmask(SIG_SETMASK, [], [pid 6844] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6854] <... memfd_create resumed>) = 3 [pid 6855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6855] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6855] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6848] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6855] <... futex resumed>) = 0 [pid 6848] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 135.605152][ T6848] exFAT-fs (loop2): Filesystem has been set read-only [ 135.613857][ T6852] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.630095][ T6849] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.639014][ T6849] exFAT-fs (loop0): Filesystem has been set read-only [pid 6854] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6849] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6847] +++ killed by SIGSEGV +++ [pid 6845] +++ killed by SIGSEGV +++ [pid 6854] <... mmap resumed>) = 0x7fbb60600000 [pid 6852] <... mount resumed>) = 0 [pid 6844] <... futex resumed>) = ? [pid 6855] +++ killed by SIGSEGV +++ [pid 6852] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6848] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6845, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6852] <... openat resumed>) = 3 [pid 5821] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6852] chdir("./file2" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6854] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6852] <... chdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6852] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] newfstatat(3, "", [pid 6852] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6852] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6852] <... futex resumed>) = 1 [pid 6850] <... futex resumed>) = 0 [pid 6852] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6850] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6854] <... write resumed>) = 131072 [pid 6852] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6850] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 6852] mkdir("./file3", 0777 [pid 6850] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6854] munmap(0x7fbb60600000, 138412032 [pid 6849] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6844] +++ killed by SIGSEGV +++ [pid 6854] <... munmap resumed>) = 0 [pid 6846] <... futex resumed>) = ? [pid 6854] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6849] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6854] <... openat resumed>) = 4 [pid 6854] ioctl(4, LOOP_SET_FD, 3 [pid 6852] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6846] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(AT_FDCWD, "./94/file2", [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6844, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6852] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6850] <... futex resumed>) = ? [pid 5821] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6852] +++ killed by SIGSEGV +++ [pid 6850] +++ killed by SIGSEGV +++ [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6846, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=2 /* 0.02 s */} --- [pid 5821] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6850, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5821] newfstatat(4, "", [pid 5820] <... openat resumed>) = 3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6854] <... ioctl resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6854] close(3) = 0 [pid 5821] getdents64(4, [pid 6854] close(4) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] newfstatat(3, "", [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 6854] mkdir("./file2", 0777) = 0 [pid 6854] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 135.648746][ T6852] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.667851][ T6852] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.677047][ T6852] exFAT-fs (loop1): Filesystem has been set read-only [ 135.678585][ T6854] loop4: detected capacity change from 0 to 256 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(3, [pid 5821] close(4) = 0 [pid 5821] rmdir("./94/file2") = 0 [pid 5821] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./91", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5819] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 5821] unlink("./94/binderfs" [pid 5820] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(3, "", [pid 5821] <... unlink resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6854] <... mount resumed>) = 0 [pid 5821] getdents64(3, [pid 5820] newfstatat(AT_FDCWD, "./92/file2", [pid 6854] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6854] <... openat resumed>) = 3 [pid 5820] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6854] chdir("./file2" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [pid 5818] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6854] <... chdir resumed>) = 0 [pid 5821] close(3 [pid 5820] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = 0 [ 135.729476][ T6854] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.741830][ T6854] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6854] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5821] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5819] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] rmdir("./94" [pid 6854] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] newfstatat(4, "", [pid 6854] <... futex resumed>) = 1 [pid 6851] <... futex resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6854] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6851] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(4, [pid 6854] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6851] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6854] mkdir("./file3", 0777 [pid 6851] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] getdents64(4, [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] mkdir("./95", 0777) = 0 [pid 5818] newfstatat(AT_FDCWD, "./91/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./91/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./91/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] newfstatat(4, "", [pid 5821] <... openat resumed>) = 3 [pid 5819] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] newfstatat(AT_FDCWD, "./94/file2", [pid 5818] getdents64(4, [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] close(3) = 0 [pid 5820] close(4 [pid 5819] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, [pid 6854] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] rmdir("./92/file2") = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6856 [pid 5820] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6856 attached ) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] newfstatat(AT_FDCWD, "./92/binderfs", [pid 6854] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] close(4 [pid 6856] set_robust_list(0x55555eedf6a0, 24 [pid 6851] <... futex resumed>) = ? [pid 6856] <... set_robust_list resumed>) = 0 [pid 5820] unlink("./92/binderfs" [pid 5819] <... openat resumed>) = 4 [pid 5818] <... close resumed>) = 0 [pid 6854] +++ killed by SIGSEGV +++ [pid 6851] +++ killed by SIGSEGV +++ [pid 5820] <... unlink resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 5818] rmdir("./91/file2" [pid 6856] chdir("./95" [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6851, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6856] <... chdir resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] getdents64(4, [pid 5818] umount2("./91/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6856] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] close(3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6856] <... prctl resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] newfstatat(AT_FDCWD, "./91/binderfs", [pid 6856] setpgid(0, 0 [pid 5820] rmdir("./92" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6856] <... setpgid resumed>) = 0 [pid 5819] close(4 [pid 5818] unlink("./91/binderfs" [pid 6856] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6856] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] mkdir("./93", 0777 [pid 5819] rmdir("./94/file2" [pid 6856] write(3, "1000", 4 [pid 5822] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] getdents64(3, [pid 6856] <... write resumed>) = 4 [pid 5822] <... openat resumed>) = 3 [pid 6856] close(3 [pid 5822] newfstatat(3, "", [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6856] <... close resumed>) = 0 [pid 5822] getdents64(3, [pid 6856] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... openat resumed>) = 3 [pid 6856] <... symlink resumed>) = 0 [pid 5822] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW executing program [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6856] write(1, "executing program\n", 18 [pid 5822] <... umount2 resumed>) = 0 [pid 5819] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3 [pid 6856] <... write resumed>) = 18 [pid 6856] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6856] <... futex resumed>) = 0 [pid 5820] close(3 [pid 6856] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6856] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5819] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5818] rmdir("./91" [pid 6856] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6856] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... close resumed>) = 0 [pid 5819] unlink("./94/binderfs" [ 135.781150][ T6854] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 135.790851][ T6854] exFAT-fs (loop4): Filesystem has been set read-only [pid 6856] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(AT_FDCWD, "./94/file2", [pid 5819] <... unlink resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] getdents64(3, [pid 5822] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(3 [pid 5822] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... close resumed>) = 0 [pid 5818] mkdir("./92", 0777 [pid 5822] <... openat resumed>) = 4 [pid 5819] rmdir("./94" [pid 5818] <... mkdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6856] <... mprotect resumed>) = 0 [pid 5822] close(4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] mkdir("./95", 0777 [pid 5818] <... openat resumed>) = 3 [pid 6856] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6856] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] rmdir("./94/file2" [pid 5818] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 6857 attached [pid 6856] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6857 [pid 5818] <... ioctl resumed>) = 0 [pid 6857] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 6858 attached ) = 0 [pid 6857] chdir("./93" [pid 6856] <... clone3 resumed> => {parent_tid=[6858]}, 88) = 6858 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] close(3 [pid 6858] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6857] <... chdir resumed>) = 0 [pid 6856] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 6858] <... rseq resumed>) = 0 [pid 6857] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... close resumed>) = 0 [pid 6858] set_robust_list(0x7fbb68bde9a0, 24 [pid 6857] <... prctl resumed>) = 0 [pid 6856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... ioctl resumed>) = 0 [pid 6858] <... set_robust_list resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5819] close(3 [pid 6857] setpgid(0, 0 [pid 6856] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6858] rt_sigprocmask(SIG_SETMASK, [], [pid 6857] <... setpgid resumed>) = 0 [pid 6856] <... futex resumed>) = 0 [pid 5822] unlink("./94/binderfs" [pid 6858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6856] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... unlink resumed>) = 0 [pid 6858] memfd_create("syzkaller", 0 [pid 5822] getdents64(3, [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6858] <... memfd_create resumed>) = 3 [pid 6857] <... openat resumed>) = 3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6859 attached [pid 6858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6857] write(3, "1000", 4 [pid 5822] close(3 [pid 5819] <... close resumed>) = 0 [pid 6858] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] <... close resumed>) = 0 [pid 6859] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6859] chdir("./92" [pid 5822] rmdir("./94" [pid 6859] <... chdir resumed>) = 0 [pid 6858] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... rmdir resumed>) = 0 [pid 6859] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6859] setpgid(0, 0) = 0 [pid 6859] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6859 [pid 6859] <... openat resumed>) = 3 [pid 6857] <... write resumed>) = 4 [pid 5822] mkdir("./95", 0777 [pid 6859] write(3, "1000", 4 [pid 5822] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6860 attached [pid 6859] <... write resumed>) = 4 [pid 6858] <... write resumed>) = 131072 [pid 6857] close(3 [pid 6859] close(3) = 0 [pid 6859] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6857] <... close resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6860] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6857] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... openat resumed>) = 3 executing program [pid 6859] write(1, "executing program\n", 18 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6859] <... write resumed>) = 18 [pid 6857] <... symlink resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6860] chdir("./95" executing program [pid 6859] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] munmap(0x7fbb60600000, 138412032 [pid 6857] write(1, "executing program\n", 18 [pid 5822] close(3 [pid 6860] <... chdir resumed>) = 0 [pid 6859] <... futex resumed>) = 0 [pid 6858] <... munmap resumed>) = 0 [pid 6857] <... write resumed>) = 18 [pid 5822] <... close resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6860 [pid 6860] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6859] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6860] <... prctl resumed>) = 0 [pid 6857] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] setpgid(0, 0 [pid 6859] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6858] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6857] <... futex resumed>) = 0 [pid 6860] <... setpgid resumed>) = 0 [pid 6857] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6858] <... openat resumed>) = 4 [pid 6860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6859] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6858] ioctl(4, LOOP_SET_FD, 3 [pid 6857] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6860] <... openat resumed>) = 3 [pid 6859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6860] write(3, "1000", 4 [pid 6859] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6860] <... write resumed>) = 4 [pid 6859] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6857] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6861 attached [pid 6860] close(3 [pid 6859] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6861] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6861] chdir("./95") = 0 [pid 6861] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6861] setpgid(0, 0 [pid 6859] <... mprotect resumed>) = 0 [pid 6861] <... setpgid resumed>) = 0 [pid 6859] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6861] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6859] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6861] <... openat resumed>) = 3 [pid 6859] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6861 [pid 6860] <... close resumed>) = 0 [pid 6861] write(3, "1000", 4 [pid 6860] symlink("/dev/binderfs", "./binderfs" [pid 6857] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6861] <... write resumed>) = 4 [pid 6859] <... clone3 resumed> => {parent_tid=[6862]}, 88) = 6862 [pid 6861] close(3 [pid 6859] rt_sigprocmask(SIG_SETMASK, [], [pid 6861] <... close resumed>) = 0 [pid 6859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6861] symlink("/dev/binderfs", "./binderfs" [pid 6859] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] <... symlink resumed>) = 0 [pid 6859] <... futex resumed>) = 0 [pid 6860] <... symlink resumed>) = 0 [pid 6857] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 6861] write(1, "executing program\n", 18 [pid 6859] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6860] write(1, "executing program\n", 18 [pid 6857] <... mprotect resumed>) = 0 [pid 6861] <... write resumed>) = 18 [pid 6861] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6861] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6861] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6861] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 executing program [pid 6861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6862 attached [pid 6860] <... write resumed>) = 18 [pid 6857] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6863 attached [pid 6862] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6861] <... clone3 resumed> => {parent_tid=[6863]}, 88) = 6863 [pid 6860] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] <... ioctl resumed>) = 0 [pid 6857] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6863] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6862] <... rseq resumed>) = 0 [pid 6861] rt_sigprocmask(SIG_SETMASK, [], [pid 6860] <... futex resumed>) = 0 [pid 6858] close(3 [pid 6857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6863] <... rseq resumed>) = 0 [pid 6862] set_robust_list(0x7fbb68bde9a0, 24 [pid 6861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6860] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6858] <... close resumed>) = 0 ./strace-static-x86_64: Process 6864 attached [pid 6863] set_robust_list(0x7fbb68bde9a0, 24 [pid 6862] <... set_robust_list resumed>) = 0 [pid 6861] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6858] close(4 [pid 6864] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6863] <... set_robust_list resumed>) = 0 [pid 6862] rt_sigprocmask(SIG_SETMASK, [], [pid 6861] <... futex resumed>) = 0 [pid 6860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6858] <... close resumed>) = 0 [pid 6857] <... clone3 resumed> => {parent_tid=[6864]}, 88) = 6864 [pid 6864] <... rseq resumed>) = 0 [pid 6863] rt_sigprocmask(SIG_SETMASK, [], [pid 6862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6861] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6858] mkdir("./file2", 0777 [pid 6857] rt_sigprocmask(SIG_SETMASK, [], [pid 6864] set_robust_list(0x7fbb68bde9a0, 24 [pid 6863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6862] memfd_create("syzkaller", 0 [pid 6860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6858] <... mkdir resumed>) = 0 [pid 6857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6864] <... set_robust_list resumed>) = 0 [pid 6863] memfd_create("syzkaller", 0 [pid 6864] rt_sigprocmask(SIG_SETMASK, [], [pid 6860] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6857] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6857] <... futex resumed>) = 0 [pid 6864] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6864] memfd_create("syzkaller", 0 [pid 6863] <... memfd_create resumed>) = 3 [pid 6860] <... mprotect resumed>) = 0 [pid 6864] <... memfd_create resumed>) = 3 [pid 6863] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6862] <... memfd_create resumed>) = 3 [pid 6858] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6857] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6863] <... mmap resumed>) = 0x7fbb60600000 [pid 6862] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6860] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6864] <... mmap resumed>) = 0x7fbb60600000 [pid 6860] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6864] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6862] <... mmap resumed>) = 0x7fbb60600000 [pid 6860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6865 attached [ 135.896208][ T6858] loop3: detected capacity change from 0 to 256 [pid 6863] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6865] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6864] <... write resumed>) = 131072 [pid 6862] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6860] <... clone3 resumed> => {parent_tid=[6865]}, 88) = 6865 [pid 6863] <... write resumed>) = 131072 [pid 6860] rt_sigprocmask(SIG_SETMASK, [], [pid 6865] <... rseq resumed>) = 0 [pid 6864] munmap(0x7fbb60600000, 138412032 [pid 6863] munmap(0x7fbb60600000, 138412032) = 0 [pid 6862] <... write resumed>) = 131072 [pid 6865] set_robust_list(0x7fbb68bde9a0, 24 [pid 6864] <... munmap resumed>) = 0 [pid 6863] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6862] munmap(0x7fbb60600000, 138412032 [pid 6860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6865] <... set_robust_list resumed>) = 0 [pid 6864] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6863] <... openat resumed>) = 4 [pid 6863] ioctl(4, LOOP_SET_FD, 3 [pid 6865] rt_sigprocmask(SIG_SETMASK, [], [pid 6864] <... openat resumed>) = 4 [pid 6862] <... munmap resumed>) = 0 [pid 6860] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6864] ioctl(4, LOOP_SET_FD, 3 [pid 6862] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6860] <... futex resumed>) = 0 [pid 6863] <... ioctl resumed>) = 0 [ 135.945687][ T6858] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 135.969523][ T6858] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 135.980471][ T6863] loop4: detected capacity change from 0 to 256 [pid 6863] close(3 [pid 6860] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6863] <... close resumed>) = 0 [pid 6862] <... openat resumed>) = 4 [pid 6865] memfd_create("syzkaller", 0 [pid 6863] close(4 [pid 6862] ioctl(4, LOOP_SET_FD, 3 [pid 6865] <... memfd_create resumed>) = 3 [pid 6863] <... close resumed>) = 0 [pid 6858] <... mount resumed>) = 0 [pid 6863] mkdir("./file2", 0777) = 0 [pid 6863] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6862] <... ioctl resumed>) = 0 [pid 6865] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6858] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6865] <... mmap resumed>) = 0x7fbb60600000 [pid 6858] <... openat resumed>) = 3 [pid 6864] <... ioctl resumed>) = 0 [pid 6865] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6864] close(3 [pid 6858] chdir("./file2" [pid 6864] <... close resumed>) = 0 [pid 6858] <... chdir resumed>) = 0 [pid 6864] close(4 [pid 6858] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6864] <... close resumed>) = 0 [pid 6858] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6865] <... write resumed>) = 131072 [pid 6864] mkdir("./file2", 0777 [pid 6862] close(3 [pid 6858] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6865] munmap(0x7fbb60600000, 138412032 [pid 6858] <... futex resumed>) = 1 [pid 6862] <... close resumed>) = 0 [pid 6856] <... futex resumed>) = 0 [pid 6865] <... munmap resumed>) = 0 [pid 6864] <... mkdir resumed>) = 0 [pid 6862] close(4 [pid 6858] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6856] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6864] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6862] <... close resumed>) = 0 [pid 6858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6856] <... futex resumed>) = 0 [pid 6862] mkdir("./file2", 0777 [pid 6858] mkdir("./file3", 0777 [pid 6856] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6862] <... mkdir resumed>) = 0 [ 135.990757][ T6864] loop2: detected capacity change from 0 to 256 [ 135.999471][ T6862] loop0: detected capacity change from 0 to 256 [ 136.014584][ T6863] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6862] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6863] <... mount resumed>) = 0 [pid 6865] <... openat resumed>) = 4 [pid 6858] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6865] ioctl(4, LOOP_SET_FD, 3 [pid 6858] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6856] <... futex resumed>) = ? [pid 6863] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6863] chdir("./file2") = 0 [pid 6863] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6863] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6858] +++ killed by SIGSEGV +++ [pid 6856] +++ killed by SIGSEGV +++ [pid 6863] <... futex resumed>) = 1 [pid 6861] <... futex resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6856, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6863] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6861] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6863] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6861] <... futex resumed>) = 0 [pid 6863] mkdir("./file3", 0777 [pid 6861] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [ 136.038850][ T6858] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.039731][ T6863] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 136.057288][ T6858] exFAT-fs (loop3): Filesystem has been set read-only [ 136.076759][ T6864] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 136.089465][ T6865] loop1: detected capacity change from 0 to 256 [pid 5821] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6865] <... ioctl resumed>) = 0 [pid 5821] newfstatat(4, "", [pid 6861] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6861] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6861] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6861] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6861] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6865] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6861] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6861] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6866 attached [ 136.106445][ T6863] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.119962][ T6862] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6865] <... close resumed>) = 0 [pid 6861] <... clone3 resumed> => {parent_tid=[6866]}, 88) = 6866 [pid 5821] getdents64(4, [pid 6865] close(4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6865] <... close resumed>) = 0 [pid 5821] getdents64(4, [pid 6865] mkdir("./file2", 0777) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6866] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6861] rt_sigprocmask(SIG_SETMASK, [], [pid 6866] <... rseq resumed>) = 0 [pid 6861] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6866] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6861] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] close(4 [pid 6865] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6866] <... set_robust_list resumed>) = 0 [pid 6861] <... futex resumed>) = 0 [pid 6866] rt_sigprocmask(SIG_SETMASK, [], [pid 6861] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6866] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6866] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6861] <... futex resumed>) = 0 [pid 6866] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6861] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... close resumed>) = 0 [pid 6866] <... ioctl resumed>) = 0 [pid 6861] <... futex resumed>) = 0 [pid 6866] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6861] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] rmdir("./95/file2" [pid 6866] <... futex resumed>) = 0 [pid 6861] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6866] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] <... rmdir resumed>) = 0 [pid 5821] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./95/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [ 136.149478][ T6864] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 136.159476][ T6863] exFAT-fs (loop4): Filesystem has been set read-only [ 136.168631][ T6862] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] close(3 [pid 6863] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./95") = 0 [pid 6863] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6862] <... mount resumed>) = 0 [pid 5821] mkdir("./96", 0777 [pid 6866] <... futex resumed>) = ? [pid 6864] <... mount resumed>) = 0 [pid 6862] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6866] +++ killed by SIGSEGV +++ [pid 6862] <... openat resumed>) = 3 [pid 6865] <... mount resumed>) = 0 [pid 6864] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6863] +++ killed by SIGSEGV +++ [pid 6865] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6862] chdir("./file2" [pid 6861] +++ killed by SIGSEGV +++ [pid 5821] <... mkdir resumed>) = 0 [pid 6865] <... openat resumed>) = 3 [pid 6864] <... openat resumed>) = 3 [pid 6862] <... chdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6865] chdir("./file2" [pid 6864] chdir("./file2" [pid 6862] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6861, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] <... openat resumed>) = 3 [pid 6865] <... chdir resumed>) = 0 [pid 6864] <... chdir resumed>) = 0 [pid 6862] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6865] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6864] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6865] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6862] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... ioctl resumed>) = 0 [pid 6865] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6864] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6862] <... futex resumed>) = 1 [pid 6859] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] close(3 [pid 6865] <... futex resumed>) = 1 [pid 6864] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6862] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] <... futex resumed>) = 0 [pid 6859] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... close resumed>) = 0 [pid 6864] <... futex resumed>) = 1 [pid 6862] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6860] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6859] <... futex resumed>) = 0 [pid 6857] <... futex resumed>) = 0 [ 136.196324][ T6865] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 136.214060][ T6865] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6864] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6860] <... futex resumed>) = 0 [pid 6857] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 6865] mkdir("./file3", 0777 [pid 6864] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6860] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] <... futex resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 6864] mkdir("./file3", 0777 [pid 6862] mkdir("./file3", 0777 [pid 6859] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6857] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6867 attached [pid 6862] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] getdents64(3, [ 136.247854][ T6865] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.248384][ T6862] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.257671][ T6864] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.275370][ T6862] exFAT-fs (loop0): Filesystem has been set read-only [ 136.283388][ T6865] exFAT-fs (loop1): Filesystem has been set read-only [pid 6867] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6867 [pid 6867] <... set_robust_list resumed>) = 0 [pid 5822] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6867] chdir("./96") = 0 [pid 6867] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6867] setpgid(0, 0 [pid 6862] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6867] <... setpgid resumed>) = 0 [pid 6867] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6867] write(3, "1000", 4) = 4 [pid 6862] +++ killed by SIGSEGV +++ [pid 6859] <... futex resumed>) = ? [pid 6860] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6857] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6860] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] <... futex resumed>) = 0 [pid 6857] <... futex resumed>) = 0 [pid 6860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6860] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6857] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6867] close(3 [pid 6860] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6857] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6867] <... close resumed>) = 0 [pid 6860] <... mprotect resumed>) = 0 [pid 6857] <... mprotect resumed>) = 0 [pid 6860] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6857] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6860] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6857] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6860] <... clone3 resumed> => {parent_tid=[6868]}, 88) = 6868 [pid 6857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6868 attached [pid 6867] symlink("/dev/binderfs", "./binderfs" [pid 6860] rt_sigprocmask(SIG_SETMASK, [], [pid 6868] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6867] <... symlink resumed>) = 0 [pid 6860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6857] <... clone3 resumed> => {parent_tid=[6869]}, 88) = 6869 [pid 6868] <... rseq resumed>) = 0 [pid 6867] write(1, "executing program\n", 18 [pid 6860] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 6867] <... write resumed>) = 18 [pid 6860] <... futex resumed>) = 0 [pid 6857] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 6869 attached [pid 6868] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6867] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6860] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6859] +++ killed by SIGSEGV +++ [pid 6857] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = 0 [pid 6869] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6868] <... set_robust_list resumed>) = 0 [pid 6867] <... futex resumed>) = 0 [pid 6857] <... futex resumed>) = 0 [pid 5822] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6869] <... rseq resumed>) = 0 [pid 6868] rt_sigprocmask(SIG_SETMASK, [], [pid 6867] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6857] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6869] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6868] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6867] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6864] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] newfstatat(AT_FDCWD, "./95/file2", [pid 6869] <... set_robust_list resumed>) = 0 [pid 6868] openat(AT_FDCWD, ".", O_RDONLY [pid 6867] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6869] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6859, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6868] <... openat resumed>) = 4 [pid 6867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6864] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6868] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6857] <... futex resumed>) = ? [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6869] +++ killed by SIGSEGV +++ [pid 6868] <... futex resumed>) = 1 [pid 6864] +++ killed by SIGSEGV +++ [pid 6860] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... restart_syscall resumed>) = 0 [pid 6867] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 4 [pid 6867] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(4, "", [pid 6867] <... mprotect resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6867] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6868] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6860] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6857] +++ killed by SIGSEGV +++ [pid 5822] getdents64(4, [pid 5818] umount2("./92", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6868] <... ioctl resumed>) = 0 [pid 6867] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6860] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6868] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6860] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] getdents64(4, [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6857, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6870 attached [pid 6868] <... futex resumed>) = 0 [pid 6860] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6868] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] <... clone3 resumed> => {parent_tid=[6870]}, 88) = 6870 [pid 5822] close(4 [pid 5818] openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6867] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... close resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] rmdir("./95/file2" [pid 5818] newfstatat(3, "", [pid 6870] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6867] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... rmdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6870] <... rseq resumed>) = 0 [pid 6867] <... futex resumed>) = 0 [pid 5822] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, [pid 6870] set_robust_list(0x7fbb68bde9a0, 24 [pid 6867] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6870] <... set_robust_list resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./95/binderfs", [pid 5818] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6870] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] unlink("./95/binderfs" [pid 6870] memfd_create("syzkaller", 0 [pid 5822] <... unlink resumed>) = 0 [pid 5822] getdents64(3, [pid 6870] <... memfd_create resumed>) = 3 [pid 6865] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6865] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] close(3 [pid 5818] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6870] <... mmap resumed>) = 0x7fbb60600000 [pid 6868] <... futex resumed>) = ? [pid 5822] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6870] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6868] +++ killed by SIGSEGV +++ [pid 6865] +++ killed by SIGSEGV +++ [pid 6860] +++ killed by SIGSEGV +++ [pid 5820] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./92/file2", [pid 5822] rmdir("./95" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... rmdir resumed>) = 0 [ 136.292503][ T6864] exFAT-fs (loop2): Filesystem has been set read-only [pid 5820] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6860, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5818] umount2("./92/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] mkdir("./96", 0777 [pid 5820] newfstatat(3, "", [pid 5818] openat(AT_FDCWD, "./92/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... openat resumed>) = 4 [pid 5820] getdents64(3, [pid 5818] newfstatat(4, "", [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5818] close(4) = 0 [pid 5818] rmdir("./92/file2" [pid 6870] <... write resumed>) = 131072 [pid 5818] <... rmdir resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6870] munmap(0x7fbb60600000, 138412032 [pid 5822] <... ioctl resumed>) = 0 [pid 6870] <... munmap resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] umount2("./92/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] close(3 [pid 6870] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6870] ioctl(4, LOOP_SET_FD, 3 [pid 5818] newfstatat(AT_FDCWD, "./92/binderfs", [pid 5820] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./93/file2", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./93/file2") = 0 [pid 5820] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6870] <... ioctl resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] unlink("./92/binderfs" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6870] close(3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... unlink resumed>) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./95/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./92") = 0 [pid 5819] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 ./strace-static-x86_64: Process 6871 attached [pid 6870] <... close resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6871 [pid 5820] newfstatat(AT_FDCWD, "./93/binderfs", [pid 5819] newfstatat(4, "", [pid 5818] mkdir("./93", 0777 [pid 6871] set_robust_list(0x55555eedf6a0, 24 [pid 6870] close(4 [pid 6871] <... set_robust_list resumed>) = 0 [pid 6871] chdir("./96" [pid 5818] <... mkdir resumed>) = 0 [pid 6871] <... chdir resumed>) = 0 [pid 6870] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 136.351650][ T6870] loop3: detected capacity change from 0 to 256 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6871] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6870] mkdir("./file2", 0777 [pid 5820] unlink("./93/binderfs" [pid 5819] getdents64(4, [pid 5818] <... openat resumed>) = 3 [pid 6871] <... prctl resumed>) = 0 [pid 6870] <... mkdir resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6871] setpgid(0, 0 [pid 6870] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] getdents64(3, [pid 5819] getdents64(4, [pid 5818] <... ioctl resumed>) = 0 [pid 6871] <... setpgid resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 6871] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] close(3 [pid 5819] close(4) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] rmdir("./95/file2") = 0 executing program [pid 6871] <... openat resumed>) = 3 [pid 5820] rmdir("./93" [pid 5819] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6871] write(3, "1000", 4) = 4 [pid 6871] close(3) = 0 [pid 6871] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6871] write(1, "executing program\n", 18 [pid 5819] newfstatat(AT_FDCWD, "./95/binderfs", [pid 6871] <... write resumed>) = 18 [pid 6871] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6871] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6871] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6872 [pid 6871] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6871] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] unlink("./95/binderfs" [pid 5820] mkdir("./94", 0777 [pid 6871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6872 attached [pid 6871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6873]}, 88) = 6873 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] getdents64(3, [pid 6871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6871] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6872] set_robust_list(0x55555eedf6a0, 24 [pid 6871] <... futex resumed>) = 0 [pid 6871] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6872] <... set_robust_list resumed>) = 0 [pid 6872] chdir("./93") = 0 [pid 6872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6872] setpgid(0, 0) = 0 [pid 6872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC./strace-static-x86_64: Process 6873 attached ) = 3 [pid 6872] write(3, "1000", 4) = 4 [pid 6872] close(3) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6873] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6872] symlink("/dev/binderfs", "./binderfs" [pid 6873] <... rseq resumed>) = 0 [pid 6873] set_robust_list(0x7fbb68bde9a0, 24 [pid 5820] <... openat resumed>) = 3 [pid 5819] close(3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6873] <... set_robust_list resumed>) = 0 [pid 6872] <... symlink resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6873] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] close(3 [pid 5819] rmdir("./95" [pid 6873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6872] write(1, "executing program\n", 18 [pid 6873] memfd_create("syzkaller", 0 [pid 6872] <... write resumed>) = 18 [pid 6872] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6873] <... memfd_create resumed>) = 3 [pid 6872] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6873] <... mmap resumed>) = 0x7fbb60600000 [pid 6872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 executing program [pid 6873] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... rmdir resumed>) = 0 [pid 5819] mkdir("./96", 0777 [pid 6872] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6872] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6872] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... mkdir resumed>) = 0 [pid 6872] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6875 attached ./strace-static-x86_64: Process 6874 attached [pid 6873] <... write resumed>) = 131072 [pid 5819] <... openat resumed>) = 3 [pid 6872] <... clone3 resumed> => {parent_tid=[6874]}, 88) = 6874 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6875] set_robust_list(0x55555eedf6a0, 24 [pid 6874] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6875 [pid 5819] <... ioctl resumed>) = 0 [pid 6873] munmap(0x7fbb60600000, 138412032 [pid 6874] <... rseq resumed>) = 0 [pid 6873] <... munmap resumed>) = 0 [pid 5819] close(3 [pid 6874] set_robust_list(0x7fbb68bde9a0, 24 [pid 6873] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 136.426098][ T6870] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 136.461295][ T6870] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6873] ioctl(4, LOOP_SET_FD, 3 [pid 6874] <... set_robust_list resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6875] <... set_robust_list resumed>) = 0 [pid 6872] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6872] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6875] chdir("./94" [pid 6874] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6875] <... chdir resumed>) = 0 [pid 6875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6875] setpgid(0, 0) = 0 [pid 6875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6875] write(3, "1000", 4) = 4 [pid 6875] close(3) = 0 [pid 6874] memfd_create("syzkaller", 0./strace-static-x86_64: Process 6876 attached [pid 6875] symlink("/dev/binderfs", "./binderfs" [pid 6874] <... memfd_create resumed>) = 3 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6876 [pid 6876] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6875] <... symlink resumed>) = 0 [pid 6874] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6873] <... ioctl resumed>) = 0 [pid 6870] <... mount resumed>) = 0 [pid 6876] chdir("./96" executing program [pid 6875] write(1, "executing program\n", 18 [pid 6873] close(3 [pid 6875] <... write resumed>) = 18 [pid 6874] <... mmap resumed>) = 0x7fbb60600000 [pid 6873] <... close resumed>) = 0 [pid 6870] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6876] <... chdir resumed>) = 0 [pid 6875] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6873] close(4 [pid 6870] <... openat resumed>) = 3 [pid 6876] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6875] <... futex resumed>) = 0 [pid 6873] <... close resumed>) = 0 [pid 6870] chdir("./file2" [pid 6876] <... prctl resumed>) = 0 [pid 6875] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6873] mkdir("./file2", 0777 [pid 6870] <... chdir resumed>) = 0 [pid 6876] setpgid(0, 0 [pid 6875] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6873] <... mkdir resumed>) = 0 [pid 6870] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6875] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6875] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6870] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6875] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6873] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6870] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6877 attached [pid 6877] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6875] <... clone3 resumed> => {parent_tid=[6877]}, 88) = 6877 [pid 6877] <... rseq resumed>) = 0 [pid 6876] <... setpgid resumed>) = 0 [pid 6875] rt_sigprocmask(SIG_SETMASK, [], [pid 6877] set_robust_list(0x7fbb68bde9a0, 24 [pid 6876] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6870] <... futex resumed>) = 1 [pid 6867] <... futex resumed>) = 0 [pid 6877] <... set_robust_list resumed>) = 0 [pid 6876] <... openat resumed>) = 3 [pid 6875] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6870] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6867] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] rt_sigprocmask(SIG_SETMASK, [], [pid 6876] write(3, "1000", 4 [pid 6875] <... futex resumed>) = 0 [pid 6874] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6870] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6867] <... futex resumed>) = 0 [pid 6877] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6876] <... write resumed>) = 4 [pid 6875] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6870] mkdir("./file3", 0777 [pid 6867] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6877] memfd_create("syzkaller", 0 [pid 6876] close(3 [pid 6874] <... write resumed>) = 131072 [ 136.474900][ T6873] loop4: detected capacity change from 0 to 256 [pid 6876] <... close resumed>) = 0 [pid 6876] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6877] <... memfd_create resumed>) = 3 [pid 6877] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6877] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 executing program [pid 6876] write(1, "executing program\n", 18 [pid 6874] munmap(0x7fbb60600000, 138412032 [pid 6876] <... write resumed>) = 18 [pid 6876] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... write resumed>) = 131072 [pid 6876] <... futex resumed>) = 0 [pid 6874] <... munmap resumed>) = 0 [pid 6876] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6874] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6876] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6876] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6876] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6874] <... openat resumed>) = 4 [pid 6876] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6876] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6874] ioctl(4, LOOP_SET_FD, 3 [pid 6876] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6877] munmap(0x7fbb60600000, 138412032 [pid 6876] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6878 attached [pid 6877] <... munmap resumed>) = 0 [pid 6876] <... clone3 resumed> => {parent_tid=[6878]}, 88) = 6878 [pid 6874] <... ioctl resumed>) = 0 [pid 6877] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6877] ioctl(4, LOOP_SET_FD, 3 [pid 6876] rt_sigprocmask(SIG_SETMASK, [], [pid 6878] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6874] close(3 [pid 6878] <... rseq resumed>) = 0 [pid 6876] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... close resumed>) = 0 [pid 6878] set_robust_list(0x7fbb68bde9a0, 24 [pid 6876] <... futex resumed>) = 0 [pid 6874] close(4 [pid 6876] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6874] <... close resumed>) = 0 [pid 6878] <... set_robust_list resumed>) = 0 [pid 6874] mkdir("./file2", 0777 [pid 6878] rt_sigprocmask(SIG_SETMASK, [], [pid 6874] <... mkdir resumed>) = 0 [ 136.515548][ T6870] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.533280][ T6874] loop0: detected capacity change from 0 to 256 [ 136.533506][ T6873] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6874] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6867] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6867] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6878] memfd_create("syzkaller", 0 [pid 6867] <... futex resumed>) = 0 [pid 6878] <... memfd_create resumed>) = 3 [pid 6867] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6867] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6867] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6867] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6879]}, 88) = 6879 [pid 6867] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6879 attached NULL, 8) = 0 [pid 6867] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6879] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6879] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6879] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6867] <... futex resumed>) = 0 [pid 6867] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6867] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6879] <... futex resumed>) = 1 [pid 6879] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 6879] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6867] <... futex resumed>) = 0 [pid 6879] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6870] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6878] <... mmap resumed>) = 0x7fbb60600000 [pid 6873] <... mount resumed>) = 0 [pid 6873] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6873] chdir("./file2" [pid 6870] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6873] <... chdir resumed>) = 0 [pid 6873] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6873] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6871] <... futex resumed>) = 0 [pid 6879] <... futex resumed>) = ? [pid 6878] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6871] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6879] +++ killed by SIGSEGV +++ [pid 6873] mkdir("./file3", 0777 [pid 6871] <... futex resumed>) = 0 [ 136.559704][ T6870] exFAT-fs (loop3): Filesystem has been set read-only [ 136.576163][ T6873] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 136.590681][ T6877] loop2: detected capacity change from 0 to 256 [pid 6878] <... write resumed>) = 131072 [pid 6871] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6870] +++ killed by SIGSEGV +++ [pid 6867] +++ killed by SIGSEGV +++ [pid 6877] <... ioctl resumed>) = 0 [pid 6877] close(3) = 0 [pid 6877] close(4 [pid 6878] munmap(0x7fbb60600000, 138412032 [pid 6877] <... close resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6867, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 6877] mkdir("./file2", 0777 [pid 6878] <... munmap resumed>) = 0 [pid 6877] <... mkdir resumed>) = 0 [pid 6877] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6878] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6878] <... openat resumed>) = 4 [pid 6878] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... openat resumed>) = 3 [pid 6873] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6878] <... ioctl resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 6878] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6871] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6871] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6871] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6871] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6871] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6878] <... close resumed>) = 0 [pid 6878] close(4) = 0 [pid 6871] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... umount2 resumed>) = 0 [ 136.607764][ T6873] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.619834][ T6874] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 136.622104][ T6873] exFAT-fs (loop4): Filesystem has been set read-only [ 136.644456][ T6878] loop1: detected capacity change from 0 to 256 [ 136.644673][ T6874] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6878] mkdir("./file2", 0777 [pid 6871] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5821] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6873] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./96/file2", [pid 6878] <... mkdir resumed>) = 0 [pid 6873] +++ killed by SIGSEGV +++ [pid 6871] <... clone3 resumed> ) = ? [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 6878] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./96/file2") = 0 [pid 6871] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6871, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./96/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] rmdir("./96" [pid 5822] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... rmdir resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] mkdir("./97", 0777) = 0 [pid 5822] newfstatat(3, "", [pid 6874] <... mount resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6874] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 6874] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6874] chdir("./file2" [pid 5821] <... ioctl resumed>) = 0 [pid 6874] <... chdir resumed>) = 0 [pid 5822] getdents64(3, [ 136.681773][ T6877] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] close(3 [pid 6874] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... close resumed>) = 0 [pid 6874] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6874] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6880 attached [pid 6874] <... futex resumed>) = 1 [pid 6872] <... futex resumed>) = 0 [pid 6874] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6872] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6874] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6872] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 6874] mkdir("./file3", 0777 [pid 6872] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6880] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6880 [pid 6880] <... set_robust_list resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./96/file2", [pid 6880] chdir("./97" [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6880] <... chdir resumed>) = 0 [pid 6880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) executing program [pid 5822] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6880] setpgid(0, 0) = 0 [pid 6880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6880] write(3, "1000", 4) = 4 [pid 6880] close(3) = 0 [pid 6880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6880] write(1, "executing program\n", 18) = 18 [pid 6880] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... openat resumed>) = 4 [pid 6880] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] newfstatat(4, "", [pid 6880] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6880] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6880] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] getdents64(4, [pid 6880] <... rt_sigprocmask resumed>[], 8) = 0 [ 136.728521][ T6877] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 136.743684][ T6874] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.760082][ T6878] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6877] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6881 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 6881] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4 [pid 6881] <... rseq resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6881] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 5822] rmdir("./96/file2" [pid 6880] <... clone3 resumed> => {parent_tid=[6881]}, 88) = 6881 [pid 6880] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6880] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6880] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6877] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6877] chdir("./file2") = 0 [pid 6877] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6877] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6877] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6875] <... futex resumed>) = 0 [pid 6875] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6877] <... futex resumed>) = 0 [pid 6875] <... futex resumed>) = 1 [pid 6877] mkdir("./file3", 0777 [pid 6881] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... rmdir resumed>) = 0 [pid 6881] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6881] memfd_create("syzkaller", 0 [pid 6872] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6875] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6872] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6881] <... memfd_create resumed>) = 3 [pid 6881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] newfstatat(AT_FDCWD, "./96/binderfs", [pid 6872] <... futex resumed>) = 0 [pid 6872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6881] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] unlink("./96/binderfs" [pid 6872] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6882]}, 88) = 6882 [pid 6872] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6872] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6881] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6872] <... futex resumed>) = 0 [pid 6872] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6882 attached [pid 6882] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 5822] <... unlink resumed>) = 0 [pid 6882] <... rseq resumed>) = 0 [pid 6874] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6882] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6874] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6882] <... set_robust_list resumed>) = ? [pid 6872] <... futex resumed>) = ? [pid 6882] +++ killed by SIGSEGV +++ [pid 6881] <... write resumed>) = 131072 [pid 6874] +++ killed by SIGSEGV +++ [pid 6872] +++ killed by SIGSEGV +++ [pid 5822] getdents64(3, [pid 6881] munmap(0x7fbb60600000, 138412032 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6872, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 6877] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6881] <... munmap resumed>) = 0 [pid 5822] close(3 [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6877] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... close resumed>) = 0 [ 136.761794][ T6874] exFAT-fs (loop0): Filesystem has been set read-only [ 136.785277][ T6877] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.803958][ T6877] exFAT-fs (loop2): Filesystem has been set read-only [ 136.808575][ T6878] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6881] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6875] <... futex resumed>) = ? [pid 6881] <... openat resumed>) = 4 [pid 5818] umount2("./93", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6881] ioctl(4, LOOP_SET_FD, 3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6877] +++ killed by SIGSEGV +++ [pid 6875] +++ killed by SIGSEGV +++ [pid 6878] <... mount resumed>) = 0 [pid 6881] <... ioctl resumed>) = 0 [pid 6878] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] rmdir("./96" [pid 5818] openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6878] <... openat resumed>) = 3 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6875, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6878] chdir("./file2" [pid 5818] <... openat resumed>) = 3 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6878] <... chdir resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 6878] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5820] <... restart_syscall resumed>) = 0 [pid 6878] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6878] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5818] getdents64(3, [pid 6878] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6881] close(3 [pid 6876] <... futex resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6881] <... close resumed>) = 0 [pid 6876] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] mkdir("./97", 0777 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6881] close(4 [pid 6878] <... futex resumed>) = 0 [pid 6876] <... futex resumed>) = 1 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6881] <... close resumed>) = 0 [pid 6878] mkdir("./file3", 0777 [pid 6876] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... umount2 resumed>) = 0 [pid 6881] mkdir("./file2", 0777 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... openat resumed>) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6881] <... mkdir resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5820] getdents64(3, [pid 5818] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6878] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6881] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6878] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6876] <... futex resumed>) = ? [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./93/file2", [pid 6878] +++ killed by SIGSEGV +++ [pid 5822] close(3 [pid 6876] +++ killed by SIGSEGV +++ [pid 5822] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./93/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6876, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./93/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... openat resumed>) = 4 [pid 5819] <... openat resumed>) = 3 [pid 5818] newfstatat(4, "", [pid 5820] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, ./strace-static-x86_64: Process 6883 attached [pid 5820] newfstatat(AT_FDCWD, "./94/file2", [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(3, [pid 5818] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6883] set_robust_list(0x55555eedf6a0, 24 [pid 5820] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] close(4 [pid 6883] <... set_robust_list resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [pid 6883] chdir("./97" [pid 5818] rmdir("./93/file2" [pid 5820] <... openat resumed>) = 4 [pid 5820] newfstatat(4, "", [pid 5818] <... rmdir resumed>) = 0 [ 136.824694][ T6881] loop3: detected capacity change from 0 to 256 [ 136.848957][ T6878] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.863052][ T6878] exFAT-fs (loop1): Filesystem has been set read-only [pid 6883] <... chdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] umount2("./93/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6883] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] getdents64(4, [pid 5819] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6883] <... prctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6883] setpgid(0, 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] newfstatat(AT_FDCWD, "./93/binderfs", [pid 6883] <... setpgid resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6883 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] newfstatat(AT_FDCWD, "./96/file2", [pid 5818] unlink("./93/binderfs" [pid 6883] <... openat resumed>) = 3 [pid 5818] <... unlink resumed>) = 0 [pid 6883] write(3, "1000", 4 [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(3, [pid 6883] <... write resumed>) = 4 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6883] close(3 [pid 5820] close(4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6883] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6883] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] close(3) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", [pid 5818] rmdir("./93" [pid 6883] <... symlink resumed>) = 0 [pid 5820] rmdir("./94/file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6883] write(1, "executing program\n", 18executing program ) = 18 [pid 5819] getdents64(4, [pid 5818] mkdir("./94", 0777 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... mkdir resumed>) = 0 [pid 5819] getdents64(4, [pid 6883] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6883] <... futex resumed>) = 0 [pid 5819] close(4 [pid 6883] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... close resumed>) = 0 [pid 6883] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... rmdir resumed>) = 0 [pid 5819] rmdir("./96/file2" [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6883] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6883] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5819] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6883] <... mprotect resumed>) = 0 [pid 6883] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... ioctl resumed>) = 0 [pid 6883] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] unlink("./94/binderfs" [pid 5818] close(3 [pid 6883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] newfstatat(AT_FDCWD, "./96/binderfs", [pid 5820] <... unlink resumed>) = 0 [pid 6881] <... mount resumed>) = 0 ./strace-static-x86_64: Process 6884 attached [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6884] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6883] <... clone3 resumed> => {parent_tid=[6884]}, 88) = 6884 [pid 5820] getdents64(3, [pid 5819] unlink("./96/binderfs" [pid 5818] <... close resumed>) = 0 [pid 6884] <... rseq resumed>) = 0 [pid 6883] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6884] set_robust_list(0x7fbb68bde9a0, 24 [pid 6883] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] close(3 [pid 5819] <... unlink resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6884] <... set_robust_list resumed>) = 0 [pid 6883] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... close resumed>) = 0 ./strace-static-x86_64: Process 6885 attached [pid 6884] rt_sigprocmask(SIG_SETMASK, [], [pid 6883] <... futex resumed>) = 0 [pid 6881] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] rmdir("./94" [pid 5819] getdents64(3, [pid 6885] set_robust_list(0x55555eedf6a0, 24 [pid 6884] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6883] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6881] <... openat resumed>) = 3 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6885 [pid 6885] <... set_robust_list resumed>) = 0 [pid 6884] memfd_create("syzkaller", 0 [pid 6881] chdir("./file2" [pid 5820] mkdir("./95", 0777 [pid 5819] close(3 [pid 6885] chdir("./94" [pid 6884] <... memfd_create resumed>) = 3 [pid 6881] <... chdir resumed>) = 0 [pid 6885] <... chdir resumed>) = 0 [pid 6884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6881] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6885] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6884] <... mmap resumed>) = 0x7fbb60600000 [pid 6885] <... prctl resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] rmdir("./96" [pid 6881] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6881] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6880] <... futex resumed>) = 0 [pid 6881] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6880] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6885] setpgid(0, 0 [pid 6881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 136.900160][ T6881] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 136.917642][ T6881] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6880] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... rmdir resumed>) = 0 [pid 6881] mkdir("./file3", 0777 [pid 6880] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6885] <... setpgid resumed>) = 0 [pid 6884] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] mkdir("./97", 0777 [pid 6885] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... ioctl resumed>) = 0 [pid 6885] <... openat resumed>) = 3 [pid 6884] <... write resumed>) = 131072 [pid 5820] close(3 [pid 5819] <... mkdir resumed>) = 0 [pid 6885] write(3, "1000", 4 [pid 6884] munmap(0x7fbb60600000, 138412032 [pid 6881] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6885] <... write resumed>) = 4 [pid 6885] close(3) = 0 [pid 6885] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5820] <... close resumed>) = 0 [pid 6884] <... munmap resumed>) = 0 [pid 6881] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6884] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6885] write(1, "executing program\n", 18executing program ) = 18 ./strace-static-x86_64: Process 6886 attached [pid 6884] <... openat resumed>) = 4 [pid 6880] <... futex resumed>) = ? [pid 5819] <... openat resumed>) = 3 [pid 6885] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6885] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6886 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6884] ioctl(4, LOOP_SET_FD, 3 [pid 5819] <... ioctl resumed>) = 0 [pid 6886] set_robust_list(0x55555eedf6a0, 24 [pid 6885] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] close(3 [pid 6885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6885] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6885] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6885] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6885] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6887 attached [pid 6886] <... set_robust_list resumed>) = 0 [pid 6884] <... ioctl resumed>) = 0 [pid 6881] +++ killed by SIGSEGV +++ [pid 6880] +++ killed by SIGSEGV +++ [pid 5819] <... close resumed>) = 0 [pid 6886] chdir("./95" [pid 6885] <... clone3 resumed> => {parent_tid=[6887]}, 88) = 6887 [pid 6884] close(3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6880, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6887] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6886] <... chdir resumed>) = 0 [pid 6885] rt_sigprocmask(SIG_SETMASK, [], [pid 6884] <... close resumed>) = 0 [pid 6887] <... rseq resumed>) = 0 [pid 6886] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6885] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6884] close(4 [pid 6887] set_robust_list(0x7fbb68bde9a0, 24 [pid 6886] <... prctl resumed>) = 0 [pid 6885] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6888 attached [pid 6887] <... set_robust_list resumed>) = 0 [pid 6886] setpgid(0, 0 [pid 6885] <... futex resumed>) = 0 [pid 6884] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", [pid 6886] <... setpgid resumed>) = 0 [pid 6884] mkdir("./file2", 0777 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6888] set_robust_list(0x55555eedf6a0, 24 [pid 6887] rt_sigprocmask(SIG_SETMASK, [], [pid 6886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6885] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] getdents64(3, [pid 6888] <... set_robust_list resumed>) = 0 [pid 6887] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6886] <... openat resumed>) = 3 [pid 6884] <... mkdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6888 [pid 6888] chdir("./97" [pid 6887] memfd_create("syzkaller", 0 [pid 6886] write(3, "1000", 4 [pid 5821] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] <... chdir resumed>) = 0 [pid 6887] <... memfd_create resumed>) = 3 [pid 6886] <... write resumed>) = 4 [pid 6884] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6888] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6886] close(3 [pid 5821] <... umount2 resumed>) = 0 [pid 6888] <... prctl resumed>) = 0 [pid 6886] <... close resumed>) = 0 [ 136.971302][ T6881] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 136.985892][ T6881] exFAT-fs (loop3): Filesystem has been set read-only [ 137.005454][ T6884] loop4: detected capacity change from 0 to 256 [pid 5821] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6888] setpgid(0, 0 [pid 6887] <... mmap resumed>) = 0x7fbb60600000 [pid 6886] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6888] <... setpgid resumed>) = 0 [pid 6886] <... symlink resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./97/file2", [pid 6888] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6886] write(1, "executing program\n", 18 [pid 6888] <... openat resumed>) = 3 [pid 6886] <... write resumed>) = 18 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6888] write(3, "1000", 4 [pid 6886] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... write resumed>) = 4 [pid 6886] <... futex resumed>) = 0 [pid 5821] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6888] close(3 [pid 6886] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6888] <... close resumed>) = 0 [pid 6886] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6888] symlink("/dev/binderfs", "./binderfs"executing program [pid 6886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6888] <... symlink resumed>) = 0 [pid 6886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5821] <... openat resumed>) = 4 [pid 6886] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6888] write(1, "executing program\n", 18 [pid 6886] <... mprotect resumed>) = 0 [pid 5821] newfstatat(4, "", [pid 6888] <... write resumed>) = 18 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6888] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6886] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] getdents64(4, [pid 6888] <... futex resumed>) = 0 [pid 6887] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6888] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6886] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6888] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6888] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6888] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6886] <... clone3 resumed> => {parent_tid=[6889]}, 88) = 6889 [pid 6888] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6886] rt_sigprocmask(SIG_SETMASK, [], [pid 6888] <... mprotect resumed>) = 0 [pid 6886] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6886] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6889 attached [pid 6887] <... write resumed>) = 131072 [pid 6886] <... futex resumed>) = 0 [pid 5821] getdents64(4, [pid 6889] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6888] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6887] munmap(0x7fbb60600000, 138412032 [pid 6886] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6889] <... rseq resumed>) = 0 [pid 6888] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6889] set_robust_list(0x7fbb68bde9a0, 24 [pid 5821] close(4) = 0 [pid 5821] rmdir("./97/file2" [pid 6889] <... set_robust_list resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5821] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6889] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6890 attached NULL, 8) = 0 [pid 6888] <... clone3 resumed> => {parent_tid=[6890]}, 88) = 6890 [pid 5821] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6890] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6889] memfd_create("syzkaller", 0 [pid 6888] rt_sigprocmask(SIG_SETMASK, [], [pid 6887] <... munmap resumed>) = 0 [pid 6884] <... mount resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6890] <... rseq resumed>) = 0 [pid 6889] <... memfd_create resumed>) = 3 [pid 6888] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6887] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6884] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] unlink("./97/binderfs" [pid 6890] set_robust_list(0x7fbb68bde9a0, 24 [pid 6889] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6888] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] <... set_robust_list resumed>) = 0 [pid 6888] <... futex resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6890] rt_sigprocmask(SIG_SETMASK, [], [pid 6889] <... mmap resumed>) = 0x7fbb60600000 [pid 6888] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6887] <... openat resumed>) = 4 [pid 6884] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 6890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6887] ioctl(4, LOOP_SET_FD, 3 [pid 6890] memfd_create("syzkaller", 0 [ 137.066581][ T6884] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.081093][ T6884] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] close(3 [pid 6889] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6890] <... memfd_create resumed>) = 3 [pid 6887] <... ioctl resumed>) = 0 [pid 6884] chdir("./file2" [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./97" [pid 6890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6889] <... write resumed>) = 131072 [pid 6887] close(3 [pid 6884] <... chdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6889] munmap(0x7fbb60600000, 138412032 [pid 6890] <... mmap resumed>) = 0x7fbb60600000 [pid 6887] <... close resumed>) = 0 [pid 6884] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6889] <... munmap resumed>) = 0 [pid 6884] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] mkdir("./98", 0777 [pid 6889] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6887] close(4 [pid 5821] <... mkdir resumed>) = 0 [pid 6884] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] <... close resumed>) = 0 [pid 6884] <... futex resumed>) = 1 [pid 6883] <... futex resumed>) = 0 [pid 6889] <... openat resumed>) = 4 [pid 6884] mkdir("./file3", 0777 [pid 6883] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6883] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6889] ioctl(4, LOOP_SET_FD, 3 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6890] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6887] mkdir("./file2", 0777 [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6887] <... mkdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 6890] <... write resumed>) = 131072 [pid 6889] <... ioctl resumed>) = 0 [pid 6887] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6884] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... close resumed>) = 0 [ 137.109805][ T6887] loop0: detected capacity change from 0 to 256 [ 137.137640][ T6884] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.141405][ T6889] loop2: detected capacity change from 0 to 256 [ 137.147458][ T6884] exFAT-fs (loop4): Filesystem has been set read-only [pid 6890] munmap(0x7fbb60600000, 138412032 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6890] <... munmap resumed>) = 0 [pid 6889] close(3 [pid 6884] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6883] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6890] <... openat resumed>) = 4 [pid 6883] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6890] ioctl(4, LOOP_SET_FD, 3 [pid 6889] <... close resumed>) = 0 [pid 6889] close(4) = 0 [pid 6883] <... futex resumed>) = ? [pid 6884] +++ killed by SIGSEGV +++ [pid 6890] <... ioctl resumed>) = 0 [pid 6889] mkdir("./file2", 0777) = 0 [pid 6889] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6890] close(3./strace-static-x86_64: Process 6891 attached ) = 0 [pid 6883] +++ killed by SIGSEGV +++ [pid 6891] set_robust_list(0x55555eedf6a0, 24 [pid 6890] close(4 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6883, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6891] <... set_robust_list resumed>) = 0 [pid 6890] <... close resumed>) = 0 [pid 6890] mkdir("./file2", 0777 [pid 6891] chdir("./98" [pid 6890] <... mkdir resumed>) = 0 [pid 5822] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6891] <... chdir resumed>) = 0 [pid 6890] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6887] <... mount resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6891 [ 137.178039][ T6887] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.191832][ T6890] loop1: detected capacity change from 0 to 256 [ 137.201067][ T6887] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6891] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6887] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6891] setpgid(0, 0 [pid 6887] <... openat resumed>) = 3 [pid 5822] <... openat resumed>) = 3 [pid 6891] <... setpgid resumed>) = 0 [pid 6887] chdir("./file2" [pid 5822] newfstatat(3, "", [pid 6891] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6887] <... chdir resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6891] <... openat resumed>) = 3 [pid 6887] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] getdents64(3, [pid 6891] write(3, "1000", 4 [pid 6887] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6891] <... write resumed>) = 4 [pid 6887] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6891] close(3 [pid 6887] <... futex resumed>) = 1 [pid 6885] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 6891] <... close resumed>) = 0 [pid 6887] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6885] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6891] symlink("/dev/binderfs", "./binderfs" [pid 6887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6885] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6891] <... symlink resumed>) = 0 [pid 6887] mkdir("./file3", 0777 [pid 6885] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] newfstatat(AT_FDCWD, "./97/file2", [pid 6891] write(1, "executing program\n", 18 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6891] <... write resumed>) = 18 [pid 5822] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6891] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6891] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6891] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... openat resumed>) = 4 [pid 6891] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] newfstatat(4, "", [pid 6891] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] getdents64(4, [pid 6891] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6891] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] getdents64(4, [pid 6891] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6891] <... mprotect resumed>) = 0 [pid 5822] close(4 [pid 6891] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 6891] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] rmdir("./97/file2" [pid 6891] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6891] <... clone3 resumed> => {parent_tid=[6892]}, 88) = 6892 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6891] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6891] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6891] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 137.236305][ T6889] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.251506][ T6889] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 137.254910][ T6890] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.274025][ T6890] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5822] unlink("./97/binderfs"./strace-static-x86_64: Process 6892 attached [pid 6891] <... futex resumed>) = 0 [pid 6890] <... mount resumed>) = 0 [pid 6889] <... mount resumed>) = 0 [pid 6892] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6890] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6892] <... rseq resumed>) = 0 [pid 6892] set_robust_list(0x7fbb68bde9a0, 24 [pid 6890] <... openat resumed>) = 3 [pid 6892] <... set_robust_list resumed>) = 0 [pid 6892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6892] memfd_create("syzkaller", 0 [pid 6890] chdir("./file2" [pid 6892] <... memfd_create resumed>) = 3 [pid 6892] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6890] <... chdir resumed>) = 0 [pid 6892] <... mmap resumed>) = 0x7fbb60600000 [pid 6892] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6891] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6890] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6889] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... unlink resumed>) = 0 [pid 6892] munmap(0x7fbb60600000, 138412032 [pid 6889] <... openat resumed>) = 3 [pid 6887] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] getdents64(3, [pid 6890] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6889] chdir("./file2" [pid 6887] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6892] <... munmap resumed>) = 0 [pid 6890] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6889] <... chdir resumed>) = 0 [pid 6885] <... futex resumed>) = ? [pid 5822] close(3 [pid 6892] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6890] <... futex resumed>) = 1 [pid 6889] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6888] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6890] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6889] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6888] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6887] +++ killed by SIGSEGV +++ [pid 5822] rmdir("./97" [pid 6892] <... openat resumed>) = 4 [pid 6890] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6889] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6888] <... futex resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6890] mkdir("./file3", 0777 [pid 6889] <... futex resumed>) = 1 [pid 6888] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6886] <... futex resumed>) = 0 [pid 5822] mkdir("./98", 0777 [pid 6889] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6886] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... mkdir resumed>) = 0 [pid 6889] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6886] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [ 137.286085][ T6887] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.297356][ T6887] exFAT-fs (loop0): Filesystem has been set read-only [ 137.313088][ T6890] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.313566][ T6889] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6889] mkdir("./file3", 0777 [pid 6886] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... openat resumed>) = 3 [pid 6892] ioctl(4, LOOP_SET_FD, 3 [pid 6890] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6885] +++ killed by SIGSEGV +++ [pid 6890] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6889] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 6889] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] close(3 [pid 6886] <... futex resumed>) = ? [pid 5822] <... close resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6885, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6888] <... futex resumed>) = ? [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6893 attached [pid 6892] <... ioctl resumed>) = 0 [pid 6893] set_robust_list(0x55555eedf6a0, 24 [pid 6892] close(3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6893 [pid 5818] umount2("./94", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6893] <... set_robust_list resumed>) = 0 [pid 6892] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6893] chdir("./98" [pid 6892] close(4 [pid 5818] openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6893] <... chdir resumed>) = 0 [pid 6893] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6892] <... close resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 6893] <... prctl resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 6893] setpgid(0, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6893] <... setpgid resumed>) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6893] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6893] <... openat resumed>) = 3 [pid 6892] mkdir("./file2", 0777 [pid 6889] +++ killed by SIGSEGV +++ [pid 6886] +++ killed by SIGSEGV +++ [pid 6893] write(3, "1000", 4 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6886, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6893] <... write resumed>) = 4 [pid 6893] close(3 [pid 6892] <... mkdir resumed>) = 0 [pid 6893] <... close resumed>) = 0 [pid 6892] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6893] symlink("/dev/binderfs", "./binderfs" [pid 5820] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6890] +++ killed by SIGSEGV +++ [pid 6888] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6888, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5820] <... openat resumed>) = 3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6893] <... symlink resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5818] newfstatat(AT_FDCWD, "./94/file2", [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 6893] write(1, "executing program\n", 18 [pid 5820] getdents64(3, [pid 5818] umount2("./94/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6893] <... write resumed>) = 18 [pid 6893] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6893] <... futex resumed>) = 0 [pid 5820] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./94/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6893] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 5818] <... openat resumed>) = 4 [pid 6893] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] newfstatat(4, "", [pid 6893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6893] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6893] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6893] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] getdents64(4, [pid 6893] <... mprotect resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [ 137.322512][ T6890] exFAT-fs (loop1): Filesystem has been set read-only [ 137.338881][ T6889] exFAT-fs (loop2): Filesystem has been set read-only [ 137.341150][ T6892] loop3: detected capacity change from 0 to 256 [pid 6893] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5818] getdents64(4, [pid 6893] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(4./strace-static-x86_64: Process 6894 attached [pid 5819] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... umount2 resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] rmdir("./94/file2" [pid 6893] <... clone3 resumed> => {parent_tid=[6894]}, 88) = 6894 [pid 5818] <... rmdir resumed>) = 0 [pid 6893] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] newfstatat(3, "", [pid 6894] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6893] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./94/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6894] <... rseq resumed>) = 0 [pid 6893] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6894] set_robust_list(0x7fbb68bde9a0, 24 [pid 6893] <... futex resumed>) = 0 [pid 5819] getdents64(3, [pid 6894] <... set_robust_list resumed>) = 0 [pid 6893] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] newfstatat(AT_FDCWD, "./94/binderfs", [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6894] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6894] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(AT_FDCWD, "./95/file2", [pid 5818] unlink("./94/binderfs" [pid 6894] memfd_create("syzkaller", 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] getdents64(3, [pid 6894] <... memfd_create resumed>) = 3 [pid 5820] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6894] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6892] <... mount resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6894] <... mmap resumed>) = 0x7fbb60600000 [pid 6892] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 6892] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 4 [pid 6894] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6892] chdir("./file2" [pid 5820] newfstatat(4, "", [pid 5819] newfstatat(AT_FDCWD, "./97/file2", [pid 5818] <... close resumed>) = 0 [pid 6892] <... chdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] rmdir("./94" [pid 6894] <... write resumed>) = 131072 [pid 6892] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6892] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6892] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... rmdir resumed>) = 0 [pid 6894] munmap(0x7fbb60600000, 138412032 [pid 6892] <... futex resumed>) = 1 [pid 6891] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] mkdir("./95", 0777 [pid 6892] mkdir("./file3", 0777 [pid 6891] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 6891] <... futex resumed>) = 0 [pid 6891] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... mkdir resumed>) = 0 [pid 6894] <... munmap resumed>) = 0 [ 137.393326][ T6892] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.423834][ T6892] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] close(4 [pid 6894] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... close resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6894] <... openat resumed>) = 4 [pid 5820] rmdir("./95/file2" [pid 5819] newfstatat(4, "", [pid 5818] <... openat resumed>) = 3 [pid 6894] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5820] unlink("./95/binderfs") = 0 [pid 5819] rmdir("./97/file2") = 0 [pid 6894] <... ioctl resumed>) = 0 [pid 6892] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] getdents64(3, [pid 5819] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... ioctl resumed>) = 0 [pid 6894] close(3 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 6892] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6894] <... close resumed>) = 0 [pid 5820] close(3 [pid 5819] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6894] close(4 [pid 5820] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6894] <... close resumed>) = 0 [pid 5820] rmdir("./95" [pid 5819] unlink("./97/binderfs" [pid 6891] <... futex resumed>) = ? [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6894] mkdir("./file2", 0777 [pid 5820] mkdir("./96", 0777 [pid 5819] getdents64(3, [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6894] <... mkdir resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6894] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] close(3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6895 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6895 attached [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] rmdir("./97" [pid 5820] <... ioctl resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5820] close(3 [pid 5819] mkdir("./98", 0777 [pid 6895] set_robust_list(0x55555eedf6a0, 24 [pid 6892] +++ killed by SIGSEGV +++ [pid 6891] +++ killed by SIGSEGV +++ [pid 5820] <... close resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6895] <... set_robust_list resumed>) = 0 [pid 6895] chdir("./95" [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6891, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6895] <... chdir resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6895] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6895] <... prctl resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6895] setpgid(0, 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6895] <... setpgid resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] close(3 [pid 6895] <... openat resumed>) = 3 [ 137.448982][ T6892] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.453231][ T6894] loop4: detected capacity change from 0 to 256 [ 137.459087][ T6892] exFAT-fs (loop3): Filesystem has been set read-only [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 6896 attached [pid 6895] write(3, "1000", 4 [pid 5821] <... restart_syscall resumed>) = 0 [pid 6895] <... write resumed>) = 4 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6896] set_robust_list(0x55555eedf6a0, 24 [pid 6895] close(3 [pid 6896] <... set_robust_list resumed>) = 0 [pid 6895] <... close resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6896 [pid 6895] symlink("/dev/binderfs", "./binderfs") = 0 ./strace-static-x86_64: Process 6897 attached [pid 6896] chdir("./96" [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6897 [pid 6897] set_robust_list(0x55555eedf6a0, 24 [pid 6894] <... mount resumed>) = 0 [pid 5821] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6897] <... set_robust_list resumed>) = 0 [pid 6896] <... chdir resumed>) = 0 [pid 6896] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6897] chdir("./98" [pid 6896] <... prctl resumed>) = 0 executing program [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6896] setpgid(0, 0 [pid 6895] write(1, "executing program\n", 18 [pid 6896] <... setpgid resumed>) = 0 [pid 6895] <... write resumed>) = 18 [pid 5821] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6897] <... chdir resumed>) = 0 [pid 6897] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6895] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6897] <... prctl resumed>) = 0 [pid 6896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6895] <... futex resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6897] setpgid(0, 0 [pid 6896] <... openat resumed>) = 3 [pid 6895] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6894] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] newfstatat(3, "", [pid 6897] <... setpgid resumed>) = 0 [pid 6895] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6897] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6895] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6895] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6897] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 6897] write(3, "1000", 4) = 4 [pid 6895] <... mprotect resumed>) = 0 [pid 6894] <... openat resumed>) = 3 [pid 6897] close(3 [pid 6896] write(3, "1000", 4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6894] chdir("./file2" [pid 6895] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6896] <... write resumed>) = 4 [pid 6896] close(3 [pid 6897] <... close resumed>) = 0 [pid 6896] <... close resumed>) = 0 [pid 6894] <... chdir resumed>) = 0 [pid 5821] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6897] symlink("/dev/binderfs", "./binderfs" [pid 6896] symlink("/dev/binderfs", "./binderfs" [pid 6894] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6897] <... symlink resumed>) = 0 [pid 6896] <... symlink resumed>) = 0 [pid 6895] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6897] write(1, "executing program\n", 18executing program [pid 6896] write(1, "executing program\n", 18 [pid 6895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6894] <... openat resumed>) = -1 EBUSY (Device or resource busy) executing program [pid 5821] <... umount2 resumed>) = 0 ./strace-static-x86_64: Process 6898 attached [pid 6897] <... write resumed>) = 18 [pid 6896] <... write resumed>) = 18 [pid 6894] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6898] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6897] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] <... clone3 resumed> => {parent_tid=[6898]}, 88) = 6898 [pid 6894] <... futex resumed>) = 1 [pid 6893] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6898] <... rseq resumed>) = 0 [pid 6897] <... futex resumed>) = 0 [pid 6896] <... futex resumed>) = 0 [pid 6895] rt_sigprocmask(SIG_SETMASK, [], [pid 6894] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6893] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] newfstatat(AT_FDCWD, "./98/file2", [pid 6898] set_robust_list(0x7fbb68bde9a0, 24 [pid 6897] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6896] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6894] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6893] <... futex resumed>) = 0 [pid 6898] <... set_robust_list resumed>) = 0 [pid 6897] <... rt_sigaction resumed>NULL, 8) = 0 [ 137.508489][ T6894] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.521907][ T6894] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6896] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6895] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6894] mkdir("./file3", 0777 [pid 6893] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6898] rt_sigprocmask(SIG_SETMASK, [], [pid 6897] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6896] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6895] <... futex resumed>) = 0 [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6897] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6897] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6895] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6897] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", [pid 6896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6896] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] getdents64(4, [pid 6896] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6896] <... mprotect resumed>) = 0 [pid 5821] getdents64(4, [pid 6896] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 6897] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6896] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] rmdir("./98/file2" [pid 6898] memfd_create("syzkaller", 0 [pid 6897] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6897] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6899 attached [pid 6898] <... memfd_create resumed>) = 3 [pid 5821] <... rmdir resumed>) = 0 [pid 6896] <... clone3 resumed> => {parent_tid=[6900]}, 88) = 6900 [pid 6896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5821] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6899] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6897] <... clone3 resumed> => {parent_tid=[6899]}, 88) = 6899 [pid 6896] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6900 attached [pid 6898] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6897] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] <... rseq resumed>) = 0 [pid 6896] <... futex resumed>) = 0 [pid 6897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6900] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6899] set_robust_list(0x7fbb68bde9a0, 24 [pid 6898] <... mmap resumed>) = 0x7fbb60600000 [pid 6897] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6896] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6894] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6900] <... rseq resumed>) = 0 [pid 6899] <... set_robust_list resumed>) = 0 [pid 6897] <... futex resumed>) = 0 [pid 6899] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] unlink("./98/binderfs" [pid 6897] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6900] set_robust_list(0x7fbb68bde9a0, 24 [pid 6899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6900] <... set_robust_list resumed>) = 0 [pid 6899] memfd_create("syzkaller", 0 [pid 5821] getdents64(3, [pid 6900] rt_sigprocmask(SIG_SETMASK, [], [pid 6899] <... memfd_create resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] close(3 [pid 6900] memfd_create("syzkaller", 0 [pid 6899] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] <... close resumed>) = 0 [pid 6900] <... memfd_create resumed>) = 3 [pid 6898] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6894] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6900] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5821] rmdir("./98" [pid 6900] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6898] <... write resumed>) = 131072 [pid 6893] <... futex resumed>) = ? [pid 5821] <... rmdir resumed>) = 0 [pid 6900] <... write resumed>) = 131072 [pid 6898] munmap(0x7fbb60600000, 138412032 [pid 6899] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6898] <... munmap resumed>) = 0 [pid 6898] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6899] <... write resumed>) = 131072 [pid 6898] <... openat resumed>) = 4 [pid 6899] munmap(0x7fbb60600000, 138412032 [pid 5821] mkdir("./99", 0777 [pid 6899] <... munmap resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [ 137.561176][ T6894] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.590639][ T6894] exFAT-fs (loop4): Filesystem has been set read-only [pid 6900] munmap(0x7fbb60600000, 138412032 [pid 6899] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6898] ioctl(4, LOOP_SET_FD, 3 [pid 6894] +++ killed by SIGSEGV +++ [pid 6893] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6893, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6899] <... openat resumed>) = 4 [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 6899] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6900] <... munmap resumed>) = 0 [pid 6899] <... ioctl resumed>) = 0 [pid 6898] <... ioctl resumed>) = 0 [pid 5822] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6900] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6898] close(3 [pid 6900] <... openat resumed>) = 4 [pid 6899] close(3 [pid 6898] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6900] ioctl(4, LOOP_SET_FD, 3 [pid 6899] <... close resumed>) = 0 [pid 6898] close(4 [pid 5822] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6901 [ 137.632623][ T6898] loop0: detected capacity change from 0 to 256 [ 137.640318][ T6899] loop1: detected capacity change from 0 to 256 [ 137.653486][ T6900] loop2: detected capacity change from 0 to 256 ./strace-static-x86_64: Process 6901 attached [pid 6900] <... ioctl resumed>) = 0 [pid 6899] close(4 [pid 6898] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 6899] <... close resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 6899] mkdir("./file2", 0777 [pid 6898] mkdir("./file2", 0777 [pid 6901] set_robust_list(0x55555eedf6a0, 24 [pid 6899] <... mkdir resumed>) = 0 [pid 6898] <... mkdir resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6898] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6901] <... set_robust_list resumed>) = 0 [pid 6899] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6901] chdir("./99" [pid 5822] getdents64(3, [pid 6901] <... chdir resumed>) = 0 [pid 6901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6901] setpgid(0, 0) = 0 [pid 6901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6901] <... openat resumed>) = 3 [pid 5822] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6901] write(3, "1000", 4 [pid 5822] <... umount2 resumed>) = 0 [pid 5822] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./98/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 6901] <... write resumed>) = 4 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6901] close(3) = 0 [pid 6901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./98/file2"executing program ) = 0 [pid 6901] write(1, "executing program\n", 18 [pid 6900] close(3 [pid 6901] <... write resumed>) = 18 [pid 6901] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6901] <... futex resumed>) = 0 [pid 6901] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6901] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6901] <... mprotect resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6900] <... close resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] unlink("./98/binderfs" [pid 6901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6902 attached [pid 6900] close(4 [pid 6902] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6900] <... close resumed>) = 0 [pid 6898] <... mount resumed>) = 0 [pid 5822] getdents64(3, [pid 6900] mkdir("./file2", 0777 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 6902] <... rseq resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6902] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6902] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] rmdir("./98" [pid 6902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6901] <... clone3 resumed> => {parent_tid=[6902]}, 88) = 6902 [pid 6902] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6901] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6901] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6902] <... futex resumed>) = 0 [pid 6900] <... mkdir resumed>) = 0 [pid 6902] memfd_create("syzkaller", 0 [pid 6900] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6901] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6898] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6902] <... memfd_create resumed>) = 3 [pid 5822] mkdir("./99", 0777) = 0 [pid 6902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6898] <... openat resumed>) = 3 [pid 6902] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] <... openat resumed>) = 3 [pid 6902] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6898] chdir("./file2" [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3 [pid 6898] <... chdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6898] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6898] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6898] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6895] <... futex resumed>) = 0 [pid 6898] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6895] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6902] <... write resumed>) = 131072 [pid 6898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 6903 attached [ 137.676559][ T6898] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.692800][ T6898] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 137.706011][ T6899] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6898] mkdir("./file3", 0777 [pid 6903] set_robust_list(0x55555eedf6a0, 24 [pid 6902] munmap(0x7fbb60600000, 138412032 [pid 6903] <... set_robust_list resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6903 [pid 6903] chdir("./99"executing program ) = 0 [pid 6903] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6903] setpgid(0, 0) = 0 [pid 6903] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6903] write(3, "1000", 4) = 4 [pid 6903] close(3) = 0 [pid 6903] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6903] write(1, "executing program\n", 18) = 18 [pid 6903] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6903] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6903] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6903] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6903] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6903] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6904 attached => {parent_tid=[6904]}, 88) = 6904 [pid 6903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6903] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6903] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6904] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6904] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6904] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6904] memfd_create("syzkaller", 0) = 3 [pid 6904] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6904] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6902] <... munmap resumed>) = 0 [pid 6902] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6904] <... write resumed>) = 131072 [pid 6902] ioctl(4, LOOP_SET_FD, 3 [pid 6899] <... mount resumed>) = 0 [pid 6895] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6899] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6895] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6899] <... openat resumed>) = 3 [pid 6895] <... futex resumed>) = 0 [pid 6899] chdir("./file2" [pid 6895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6899] <... chdir resumed>) = 0 [pid 6895] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6899] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6895] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6899] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6895] <... mprotect resumed>) = 0 [pid 6899] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6899] <... futex resumed>) = 1 [pid 6895] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6899] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6897] <... futex resumed>) = 0 [pid 6895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6905]}, 88) = 6905 [pid 6895] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 137.735766][ T6899] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 137.737762][ T6900] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.758952][ T6898] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.774222][ T6900] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) ./strace-static-x86_64: Process 6905 attached [pid 6897] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6895] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6895] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] munmap(0x7fbb60600000, 138412032) = 0 [pid 6904] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6904] ioctl(4, LOOP_SET_FD, 3 [pid 6905] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6899] <... futex resumed>) = 0 [pid 6897] <... futex resumed>) = 1 [pid 6905] <... rseq resumed>) = 0 [pid 6899] mkdir("./file3", 0777 [pid 6897] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6905] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6902] <... ioctl resumed>) = 0 [pid 6902] close(3) = 0 [pid 6902] close(4) = 0 [pid 6902] mkdir("./file2", 0777) = 0 [pid 6902] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6905] <... set_robust_list resumed>) = 0 [pid 6904] <... ioctl resumed>) = 0 [pid 6900] <... mount resumed>) = 0 [pid 6898] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6905] rt_sigprocmask(SIG_SETMASK, [], [pid 6904] close(3 [pid 6900] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6905] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6904] <... close resumed>) = 0 [pid 6898] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6904] close(4 [pid 6895] <... futex resumed>) = ? [pid 6905] +++ killed by SIGSEGV +++ [pid 6904] <... close resumed>) = 0 [pid 6900] <... openat resumed>) = 3 [pid 6900] chdir("./file2") = 0 [pid 6900] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6900] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6896] <... futex resumed>) = 0 [pid 6900] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6896] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6900] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6896] <... futex resumed>) = 0 [pid 6900] mkdir("./file3", 0777 [ 137.788949][ T6902] loop3: detected capacity change from 0 to 256 [ 137.789901][ T6898] exFAT-fs (loop0): Filesystem has been set read-only [ 137.798693][ T6904] loop4: detected capacity change from 0 to 256 [ 137.814687][ T6899] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.829350][ T6899] exFAT-fs (loop1): Filesystem has been set read-only [pid 6896] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6904] mkdir("./file2", 0777 [pid 6898] +++ killed by SIGSEGV +++ [pid 6895] +++ killed by SIGSEGV +++ [pid 6904] <... mkdir resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6895, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6904] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6899] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] umount2("./95", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6899] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6897] <... futex resumed>) = ? [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 137.836244][ T6900] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.848035][ T6900] exFAT-fs (loop2): Filesystem has been set read-only [ 137.866227][ T6902] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5818] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6899] +++ killed by SIGSEGV +++ [pid 6897] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6897, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6900] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 6896] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6896] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6896] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6896] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5819] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6896] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... openat resumed>) = 3 [pid 6896] <... mprotect resumed>) = 0 [pid 5819] newfstatat(3, "", [pid 6896] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6896] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] getdents64(3, [pid 6896] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6896] <... clone3 resumed> => {parent_tid=[6906]}, 88) = 6906 [pid 6896] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6896] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6896] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6900] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5818] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./95/file2", ./strace-static-x86_64: Process 6906 attached [pid 6896] <... futex resumed>) = ? [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6900] +++ killed by SIGSEGV +++ [pid 5818] umount2("./95/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6906] +++ killed by SIGSEGV +++ [pid 6896] +++ killed by SIGSEGV +++ [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6896, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... umount2 resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./95/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", [pid 5819] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(4, [pid 6902] <... mount resumed>) = 0 [pid 6902] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6902] chdir("./file2") = 0 [pid 6902] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./98/file2", [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 5820] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(4 [pid 5820] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5818] rmdir("./95/file2" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(4, "", [pid 5818] <... rmdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] umount2("./95/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6902] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] newfstatat(AT_FDCWD, "./95/binderfs", [pid 6904] <... mount resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] getdents64(4, [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6904] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] unlink("./95/binderfs" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6904] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(4 [pid 5818] <... unlink resumed>) = 0 [pid 6904] chdir("./file2" [pid 5820] newfstatat(AT_FDCWD, "./96/file2", [pid 5818] getdents64(3, [pid 6904] <... chdir resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 6904] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] rmdir("./98/file2" [ 137.867388][ T6904] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 137.892501][ T6902] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 137.901905][ T6904] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] close(3 [pid 6904] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6902] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6902] <... futex resumed>) = 1 [pid 5820] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6902] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] rmdir("./95" [pid 5819] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6904] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] <... futex resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... rmdir resumed>) = 0 [pid 6904] <... futex resumed>) = 1 [pid 6903] <... futex resumed>) = 0 [pid 6901] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] mkdir("./96", 0777 [pid 6904] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6903] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6902] <... futex resumed>) = 0 [pid 6901] <... futex resumed>) = 1 [pid 5820] getdents64(4, [pid 5819] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6903] <... futex resumed>) = 0 [pid 6902] mkdir("./file3", 0777 [pid 6901] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6903] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5820] getdents64(4, [pid 5818] <... mkdir resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 6904] mkdir("./file3", 0777 [pid 5820] <... close resumed>) = 0 [pid 5819] unlink("./98/binderfs" [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] rmdir("./96/file2") = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5819] getdents64(3, [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5820] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./96/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./96") = 0 [pid 5820] mkdir("./97", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] close(3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6908 attached [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./98" [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6908 ./strace-static-x86_64: Process 6907 attached [ 137.955939][ T6902] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.974915][ T6904] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 137.990720][ T6904] exFAT-fs (loop4): Filesystem has been set read-only [pid 6908] set_robust_list(0x55555eedf6a0, 24 [pid 6903] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6901] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6904] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... rmdir resumed>) = 0 [pid 6908] <... set_robust_list resumed>) = 0 [pid 6904] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6903] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6901] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6907 [pid 5819] mkdir("./99", 0777 [pid 6903] <... futex resumed>) = ? [pid 6908] chdir("./96" [pid 6901] <... futex resumed>) = 0 [pid 6901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6908] <... chdir resumed>) = 0 [pid 6901] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... mkdir resumed>) = 0 [pid 6908] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6901] <... mprotect resumed>) = 0 [pid 6907] set_robust_list(0x55555eedf6a0, 24 [pid 6901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 6909 attached [pid 6908] <... prctl resumed>) = 0 [pid 6904] +++ killed by SIGSEGV +++ [pid 6903] +++ killed by SIGSEGV +++ [pid 6901] <... clone3 resumed> => {parent_tid=[6909]}, 88) = 6909 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6908] setpgid(0, 0 [pid 6901] rt_sigprocmask(SIG_SETMASK, [], [pid 6908] <... setpgid resumed>) = 0 [pid 6901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6903, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] <... openat resumed>) = 3 [pid 6901] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6901] <... futex resumed>) = 0 [pid 6908] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6901] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6907] <... set_robust_list resumed>) = 0 [pid 6909] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6907] chdir("./97" [pid 5819] <... ioctl resumed>) = 0 [pid 6909] <... rseq resumed>) = 0 [pid 6908] <... openat resumed>) = 3 [pid 6907] <... chdir resumed>) = 0 [pid 5819] close(3 [pid 6909] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6908] write(3, "1000", 4 [pid 6907] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6909] <... set_robust_list resumed>) = 0 [pid 6907] <... prctl resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 6907] setpgid(0, 0) = 0 [pid 6908] <... write resumed>) = 4 [pid 6907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... close resumed>) = 0 [pid 6909] rt_sigprocmask(SIG_SETMASK, [], [pid 6908] close(3 [pid 6907] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6909] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6908] <... close resumed>) = 0 [pid 6907] write(3, "1000", 4 [pid 6902] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6909] openat(AT_FDCWD, ".", O_RDONLYexecuting program [pid 6908] symlink("/dev/binderfs", "./binderfs" [pid 6907] <... write resumed>) = 4 [pid 6902] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... openat resumed>) = 3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6909] <... openat resumed>) = 4 [pid 6907] close(3 [pid 5822] newfstatat(3, "", [pid 6908] <... symlink resumed>) = 0 [pid 6907] <... close resumed>) = 0 [pid 6901] <... futex resumed>) = ? [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6910 attached [pid 6909] +++ killed by SIGSEGV +++ [pid 6908] write(1, "executing program\n", 18 [pid 6907] symlink("/dev/binderfs", "./binderfs" [pid 6902] +++ killed by SIGSEGV +++ [pid 6901] +++ killed by SIGSEGV +++ [pid 5822] getdents64(3, [pid 6910] set_robust_list(0x55555eedf6a0, 24 [pid 6908] <... write resumed>) = 18 [pid 6907] <... symlink resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6901, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6910] <... set_robust_list resumed>) = 0 [pid 6907] write(1, "executing program\n", 18executing program [pid 5822] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 6910] chdir("./99" [pid 6908] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... write resumed>) = 18 [pid 6910] <... chdir resumed>) = 0 [pid 6910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6908] <... futex resumed>) = 0 [pid 6907] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6910] setpgid(0, 0 [pid 6908] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6910] <... setpgid resumed>) = 0 [pid 6908] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6907] <... futex resumed>) = 0 [pid 6910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6907] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6910] <... openat resumed>) = 3 [ 138.001220][ T6902] exFAT-fs (loop3): Filesystem has been set read-only [pid 6908] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6907] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6910 [pid 6910] write(3, "1000", 4 [pid 6908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5822] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6910] <... write resumed>) = 4 [pid 6908] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] newfstatat(AT_FDCWD, "./99/file2", [pid 6910] close(3 [pid 6908] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6910] <... close resumed>) = 0 [pid 6908] <... mprotect resumed>) = 0 [pid 5822] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6910] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6910] <... symlink resumed>) = 0 [pid 6908] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6908] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 executing program [pid 6910] write(1, "executing program\n", 18 [pid 6908] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... openat resumed>) = 4 [pid 5821] newfstatat(3, "", [pid 6910] <... write resumed>) = 18 [pid 6907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] newfstatat(4, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 6911 attached [pid 6910] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 6910] <... futex resumed>) = 0 [pid 6908] <... clone3 resumed> => {parent_tid=[6911]}, 88) = 6911 [pid 6907] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] getdents64(4, [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6911] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6910] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6908] rt_sigprocmask(SIG_SETMASK, [], [pid 6907] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6911] <... rseq resumed>) = 0 [pid 6910] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6907] <... mprotect resumed>) = 0 [pid 5822] getdents64(4, [pid 6911] set_robust_list(0x7fbb68bde9a0, 24 [pid 6910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6908] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6911] <... set_robust_list resumed>) = 0 [pid 6910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6908] <... futex resumed>) = 0 [pid 6907] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] close(4 [pid 6911] rt_sigprocmask(SIG_SETMASK, [], [pid 6910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... close resumed>) = 0 ./strace-static-x86_64: Process 6912 attached [pid 6911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6910] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6908] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] rmdir("./99/file2" [pid 6912] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6911] memfd_create("syzkaller", 0 [pid 6910] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6907] <... clone3 resumed> => {parent_tid=[6912]}, 88) = 6912 [pid 5822] <... rmdir resumed>) = 0 [pid 6912] <... rseq resumed>) = 0 [pid 6911] <... memfd_create resumed>) = 3 [pid 6910] <... mprotect resumed>) = 0 [pid 6907] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6912] set_robust_list(0x7fbb68bde9a0, 24 [pid 6911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6910] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./99/binderfs", [pid 5821] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] unlink("./99/binderfs" [pid 5821] newfstatat(AT_FDCWD, "./99/file2", [pid 5822] <... unlink resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] getdents64(3, [pid 5821] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] close(3 [pid 5821] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... close resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5822] rmdir("./99" [pid 5821] newfstatat(4, "", [pid 6910] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6911] <... mmap resumed>) = 0x7fbb60600000 [pid 6910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6907] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6913 attached [pid 6911] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] mkdir("./100", 0777 [pid 5821] getdents64(4, [pid 6910] <... clone3 resumed> => {parent_tid=[6913]}, 88) = 6913 [pid 6907] <... futex resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 6910] rt_sigprocmask(SIG_SETMASK, [], [pid 6907] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6913] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] getdents64(4, [pid 6913] <... rseq resumed>) = 0 [pid 6911] <... write resumed>) = 131072 [pid 6910] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6913] set_robust_list(0x7fbb68bde9a0, 24 [pid 6910] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] close(4 [pid 6913] <... set_robust_list resumed>) = 0 [pid 6912] <... set_robust_list resumed>) = 0 [pid 6910] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 6913] rt_sigprocmask(SIG_SETMASK, [], [pid 6912] rt_sigprocmask(SIG_SETMASK, [], [pid 6911] munmap(0x7fbb60600000, 138412032 [pid 5822] close(3 [pid 5821] rmdir("./99/file2" [pid 6913] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6912] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6911] <... munmap resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6913] memfd_create("syzkaller", 0 [pid 6912] memfd_create("syzkaller", 0 [pid 6913] <... memfd_create resumed>) = 3 [pid 5821] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6913] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6913] <... mmap resumed>) = 0x7fbb60600000 [pid 6912] <... memfd_create resumed>) = 3 [pid 6911] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6912] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6911] <... openat resumed>) = 4 [pid 5821] newfstatat(AT_FDCWD, "./99/binderfs", [pid 6913] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6912] <... mmap resumed>) = 0x7fbb60600000 [pid 6911] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6914 attached [pid 6912] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] unlink("./99/binderfs") = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6914 [pid 5821] getdents64(3, [pid 6914] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6914] <... set_robust_list resumed>) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./99") = 0 [pid 6914] chdir("./100" [pid 6912] <... write resumed>) = 131072 [pid 6914] <... chdir resumed>) = 0 [pid 5821] mkdir("./100", 0777 [pid 6914] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6913] <... write resumed>) = 131072 [pid 5821] <... mkdir resumed>) = 0 [pid 6914] <... prctl resumed>) = 0 [pid 6912] munmap(0x7fbb60600000, 138412032 [pid 6914] setpgid(0, 0) = 0 [pid 6912] <... munmap resumed>) = 0 [pid 6913] munmap(0x7fbb60600000, 138412032) = 0 [pid 6913] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... openat resumed>) = 3 [pid 6913] <... openat resumed>) = 4 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6913] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... ioctl resumed>) = 0 [pid 6912] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] close(3 [pid 6912] <... openat resumed>) = 4 [pid 6912] ioctl(4, LOOP_SET_FD, 3 [pid 6914] <... openat resumed>) = 3 [pid 6914] write(3, "1000", 4 [pid 6911] <... ioctl resumed>) = 0 [pid 6914] <... write resumed>) = 4 [pid 6913] <... ioctl resumed>) = 0 [pid 6912] <... ioctl resumed>) = 0 [pid 6913] close(3) = 0 [pid 6913] close(4) = 0 [pid 6913] mkdir("./file2", 0777 [pid 6914] close(3 [pid 6912] close(3 [pid 6911] close(3 [pid 6914] <... close resumed>) = 0 [pid 6912] <... close resumed>) = 0 [pid 6911] <... close resumed>) = 0 [pid 6913] <... mkdir resumed>) = 0 [pid 6914] symlink("/dev/binderfs", "./binderfs" [pid 6913] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6912] close(4 [pid 6911] close(4 [pid 6914] <... symlink resumed>) = 0 [pid 6912] <... close resumed>) = 0 [pid 6911] <... close resumed>) = 0 [pid 6912] mkdir("./file2", 0777 [pid 6911] mkdir("./file2", 0777 [pid 6912] <... mkdir resumed>) = 0 executing program [pid 6912] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6911] <... mkdir resumed>) = 0 [pid 6914] write(1, "executing program\n", 18 [pid 5821] <... close resumed>) = 0 [pid 6914] <... write resumed>) = 18 [pid 6911] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6914] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6914] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6914] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [ 138.119032][ T6912] loop2: detected capacity change from 0 to 256 [ 138.120572][ T6911] loop0: detected capacity change from 0 to 256 [ 138.131885][ T6913] loop1: detected capacity change from 0 to 256 [pid 6914] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6914] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6914] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6915 attached [pid 6915] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6915] chdir("./100") = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6915 [pid 6915] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6915] setpgid(0, 0) = 0 [pid 6915] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6914] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6915] <... openat resumed>) = 3 [pid 6914] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6915] write(3, "1000", 4) = 4 [pid 6915] close(3) = 0 [pid 6915] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6915] write(1, "executing program\n", 18./strace-static-x86_64: Process 6916 attached [pid 6916] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6916] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6916] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6916] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULLexecuting program [pid 6915] <... write resumed>) = 18 [pid 6915] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6915] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6915] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6915] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6915] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6915] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6914] <... clone3 resumed> => {parent_tid=[6916]}, 88) = 6916 [ 138.165806][ T6913] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.184824][ T6913] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 138.185321][ T6912] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6915] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6917 attached => {parent_tid=[6917]}, 88) = 6917 [pid 6915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6915] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6915] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6917] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6917] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6917] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6917] memfd_create("syzkaller", 0 [pid 6914] rt_sigprocmask(SIG_SETMASK, [], [pid 6917] <... memfd_create resumed>) = 3 [pid 6917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6914] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 138.208522][ T6911] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6917] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6914] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] <... mount resumed>) = 0 [pid 6914] <... futex resumed>) = 1 [pid 6916] <... futex resumed>) = 0 [pid 6914] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6913] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6916] memfd_create("syzkaller", 0) = 3 [pid 6916] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6913] <... openat resumed>) = 3 [pid 6917] <... write resumed>) = 131072 [pid 6916] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6911] <... mount resumed>) = 0 [pid 6916] <... write resumed>) = 131072 [pid 6917] munmap(0x7fbb60600000, 138412032 [pid 6916] munmap(0x7fbb60600000, 138412032 [pid 6917] <... munmap resumed>) = 0 [pid 6911] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6917] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 6911] <... openat resumed>) = 3 [pid 6917] ioctl(4, LOOP_SET_FD, 3 [pid 6911] chdir("./file2" [pid 6913] chdir("./file2" [pid 6911] <... chdir resumed>) = 0 [pid 6911] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6913] <... chdir resumed>) = 0 [pid 6913] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6911] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6913] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6911] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] <... munmap resumed>) = 0 [pid 6913] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6912] <... mount resumed>) = 0 [pid 6911] <... futex resumed>) = 1 [pid 6908] <... futex resumed>) = 0 [pid 6913] <... futex resumed>) = 1 [pid 6912] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6911] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6908] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6913] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6911] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6908] <... futex resumed>) = 0 [pid 6916] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6912] <... openat resumed>) = 3 [pid 6911] mkdir("./file3", 0777 [pid 6910] <... futex resumed>) = 0 [pid 6908] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] <... openat resumed>) = 4 [ 138.239673][ T6911] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 138.250869][ T6912] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 138.266461][ T6917] loop3: detected capacity change from 0 to 256 [pid 6910] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6916] ioctl(4, LOOP_SET_FD, 3 [pid 6913] <... futex resumed>) = 0 [pid 6910] <... futex resumed>) = 1 [pid 6913] mkdir("./file3", 0777 [pid 6910] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6912] chdir("./file2" [pid 6917] <... ioctl resumed>) = 0 [pid 6917] close(3) = 0 [pid 6917] close(4) = 0 [pid 6917] mkdir("./file2", 0777) = 0 [pid 6917] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6916] <... ioctl resumed>) = 0 [pid 6912] <... chdir resumed>) = 0 [pid 6912] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6912] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6907] <... futex resumed>) = 0 [pid 6916] close(3 [pid 6913] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6912] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6911] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6908] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6907] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6908] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6911] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6908] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6912] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6908] <... mmap resumed>) = ? [pid 6912] mkdir("./file3", 0777 [pid 6907] <... futex resumed>) = 0 [ 138.282678][ T6911] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.283272][ T6916] loop4: detected capacity change from 0 to 256 [ 138.299721][ T6913] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.312774][ T6911] exFAT-fs (loop0): Filesystem has been set read-only [ 138.320799][ T6913] exFAT-fs (loop1): Filesystem has been set read-only [ 138.327042][ T6917] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6916] <... close resumed>) = 0 [pid 6907] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6916] close(4) = 0 [pid 6913] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6916] mkdir("./file2", 0777 [pid 6911] +++ killed by SIGSEGV +++ [pid 6908] +++ killed by SIGSEGV +++ [pid 6916] <... mkdir resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6908, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 6917] <... mount resumed>) = 0 [pid 6916] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6917] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] umount2("./96", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6917] <... openat resumed>) = 3 [pid 6913] +++ killed by SIGSEGV +++ [pid 6910] <... futex resumed>) = ? [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6917] chdir("./file2" [pid 6910] +++ killed by SIGSEGV +++ [pid 6912] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6917] <... chdir resumed>) = 0 [pid 6912] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6910, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6917] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... openat resumed>) = 3 [pid 6917] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] newfstatat(3, "", [pid 6917] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6907] <... futex resumed>) = ? [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6917] <... futex resumed>) = 1 [pid 6915] <... futex resumed>) = 0 [ 138.351057][ T6917] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 138.351912][ T6912] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.378535][ T6912] exFAT-fs (loop2): Filesystem has been set read-only [pid 6917] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] getdents64(3, [pid 5819] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6915] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6915] <... futex resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6915] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... openat resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] newfstatat(3, "", [pid 5818] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6917] mkdir("./file3", 0777 [pid 5819] getdents64(3, [pid 6912] +++ killed by SIGSEGV +++ [pid 6907] +++ killed by SIGSEGV +++ [pid 5818] <... umount2 resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6907, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=10 /* 0.10 s */} --- [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6916] <... mount resumed>) = 0 [pid 6917] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6917] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6916] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] <... umount2 resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./96/file2", [pid 5819] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6916] <... openat resumed>) = 3 [pid 6915] <... futex resumed>) = ? [pid 5820] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6917] +++ killed by SIGSEGV +++ [pid 6916] chdir("./file2") = 0 [pid 6916] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6916] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6914] <... futex resumed>) = 0 [pid 6915] +++ killed by SIGSEGV +++ [pid 6914] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./99/file2", [pid 5818] umount2("./96/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6914] <... futex resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6915, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6914] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 3 [pid 5819] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./96/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(3, "", [pid 6916] <... futex resumed>) = 1 [pid 6916] mkdir("./file3", 0777 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 4 [ 138.394744][ T6916] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.416811][ T6917] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.417072][ T6916] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 138.437666][ T6917] exFAT-fs (loop3): Filesystem has been set read-only [pid 5820] getdents64(3, [pid 5819] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(4, "", [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(4, "", [pid 5818] getdents64(4, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] getdents64(4, [pid 5818] getdents64(4, [pid 5821] <... openat resumed>) = 3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] newfstatat(3, "", [pid 5819] getdents64(4, [pid 5818] close(4 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... close resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] close(4 [pid 5818] rmdir("./96/file2" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5821] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./99/file2" [pid 5818] umount2("./96/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./96/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./96" [pid 5820] <... umount2 resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./99/binderfs", [pid 5818] <... rmdir resumed>) = 0 [pid 5820] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] mkdir("./97", 0777 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... mkdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./97/file2", [pid 5819] unlink("./99/binderfs" [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5820] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] <... openat resumed>) = 4 [pid 5818] <... ioctl resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 5819] getdents64(3, [pid 5818] close(3 [pid 6916] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6916] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... umount2 resumed>) = 0 [pid 6914] <... futex resumed>) = ? [pid 5818] <... close resumed>) = 0 [pid 5821] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 5819] close(3 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./100/file2", [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./99" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6918 attached [pid 5821] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... rmdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 5819] mkdir("./100", 0777 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6918 [pid 5821] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5820] close(4 [pid 5821] newfstatat(4, "", [pid 5820] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] rmdir("./97/file2" [pid 5821] getdents64(4, [pid 6918] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 6918] chdir("./97" [pid 5821] getdents64(4, [pid 6918] <... chdir resumed>) = 0 [pid 6916] +++ killed by SIGSEGV +++ [pid 6914] +++ killed by SIGSEGV +++ [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6918] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6914, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] close(4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./100/file2" [pid 5820] newfstatat(AT_FDCWD, "./97/binderfs", [pid 5819] <... openat resumed>) = 3 [pid 6918] <... prctl resumed>) = 0 [pid 5822] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6918] setpgid(0, 0 [pid 5822] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... ioctl resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./100/binderfs", [pid 6918] <... setpgid resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./97/binderfs" [pid 5819] close(3 [pid 6918] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] unlink("./100/binderfs" [pid 5820] <... unlink resumed>) = 0 [pid 6918] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 5821] <... unlink resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] <... close resumed>) = 0 [pid 5821] getdents64(3, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3 [pid 5822] getdents64(3, [pid 5820] close(3 [pid 5821] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5821] rmdir("./100" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 138.471245][ T6916] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.480816][ T6916] exFAT-fs (loop4): Filesystem has been set read-only [pid 5821] <... rmdir resumed>) = 0 [pid 5820] rmdir("./97") = 0 [pid 6918] write(3, "1000", 4 [pid 5822] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] mkdir("./101", 0777 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6919 attached [pid 6918] <... write resumed>) = 4 [pid 5821] <... mkdir resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6919 [pid 6919] set_robust_list(0x55555eedf6a0, 24 [pid 6918] close(3 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] mkdir("./98", 0777 [pid 6919] <... set_robust_list resumed>) = 0 [pid 6918] <... close resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5820] <... mkdir resumed>) = 0 [pid 6919] chdir("./100" [pid 6918] symlink("/dev/binderfs", "./binderfs" [pid 5822] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6919] <... chdir resumed>) = 0 [pid 6918] <... symlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6919] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] newfstatat(AT_FDCWD, "./100/file2", [pid 5821] close(3executing program [pid 6919] <... prctl resumed>) = 0 [pid 6918] write(1, "executing program\n", 18 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6919] setpgid(0, 0 [pid 6918] <... write resumed>) = 18 [pid 5822] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... ioctl resumed>) = 0 [pid 6918] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 6918] <... futex resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] close(3 [pid 5822] <... openat resumed>) = 4 [pid 6919] <... setpgid resumed>) = 0 [pid 6918] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] newfstatat(4, "", [pid 6918] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6918] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] getdents64(4, [pid 5820] <... close resumed>) = 0 [pid 6918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6918] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] getdents64(4, [pid 6918] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6918] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] close(4 [pid 6918] <... mprotect resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6918] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] rmdir("./100/file2" [pid 6918] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6921 attached ./strace-static-x86_64: Process 6920 attached [pid 6919] <... openat resumed>) = 3 [pid 6918] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6920 [pid 6919] write(3, "1000", 4 [pid 6920] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6922 attached [pid 6919] <... write resumed>) = 4 [pid 6920] <... set_robust_list resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6918] <... clone3 resumed> => {parent_tid=[6922]}, 88) = 6922 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6921 [pid 6918] rt_sigprocmask(SIG_SETMASK, [], [pid 6922] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6920] chdir("./101" [pid 6919] close(3 [pid 6922] <... rseq resumed>) = 0 [pid 6920] <... chdir resumed>) = 0 [pid 6919] <... close resumed>) = 0 [pid 6922] set_robust_list(0x7fbb68bde9a0, 24 [pid 6920] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6919] symlink("/dev/binderfs", "./binderfs" [pid 6922] <... set_robust_list resumed>) = 0 [pid 6920] <... prctl resumed>) = 0 [pid 6921] set_robust_list(0x55555eedf6a0, 24 [pid 6918] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] unlink("./100/binderfs" [pid 6922] rt_sigprocmask(SIG_SETMASK, [], [pid 6921] <... set_robust_list resumed>) = 0 [pid 6920] setpgid(0, 0 [pid 6919] <... symlink resumed>) = 0 [pid 6918] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... unlink resumed>) = 0 [pid 6922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6921] chdir("./98" [pid 6920] <... setpgid resumed>) = 0 executing program [pid 6919] write(1, "executing program\n", 18 [pid 6918] <... futex resumed>) = 0 [pid 6922] memfd_create("syzkaller", 0 [pid 6921] <... chdir resumed>) = 0 [pid 6920] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6919] <... write resumed>) = 18 [pid 5822] getdents64(3, [pid 6918] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6922] <... memfd_create resumed>) = 3 [pid 6921] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6920] <... openat resumed>) = 3 [pid 6919] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6922] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6921] <... prctl resumed>) = 0 [pid 6920] write(3, "1000", 4 [pid 6919] <... futex resumed>) = 0 [pid 5822] close(3 [pid 6922] <... mmap resumed>) = 0x7fbb60600000 [pid 6921] setpgid(0, 0 [pid 6920] <... write resumed>) = 4 [pid 6919] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... close resumed>) = 0 [pid 6922] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6920] close(3 [pid 6919] <... rt_sigaction resumed>NULL, 8) = 0 executing program [pid 6920] <... close resumed>) = 0 [pid 6919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6920] symlink("/dev/binderfs", "./binderfs" [pid 6919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6920] <... symlink resumed>) = 0 [pid 6919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6919] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6920] write(1, "executing program\n", 18 [pid 6919] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6920] <... write resumed>) = 18 [pid 6920] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... write resumed>) = 131072 [pid 6920] <... futex resumed>) = 0 [pid 6919] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6920] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6921] <... setpgid resumed>) = 0 [pid 5822] rmdir("./100"./strace-static-x86_64: Process 6923 attached [pid 6920] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6920] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6919] <... clone3 resumed> => {parent_tid=[6923]}, 88) = 6923 [pid 6923] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6919] rt_sigprocmask(SIG_SETMASK, [], [pid 6923] <... rseq resumed>) = 0 [pid 6921] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6920] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6923] set_robust_list(0x7fbb68bde9a0, 24 [pid 6922] munmap(0x7fbb60600000, 138412032 [pid 6920] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6919] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] mkdir("./101", 0777 [pid 6923] <... set_robust_list resumed>) = 0 [pid 6922] <... munmap resumed>) = 0 [pid 6921] <... openat resumed>) = 3 [pid 6920] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6919] <... futex resumed>) = 0 [pid 6923] rt_sigprocmask(SIG_SETMASK, [], [pid 6921] write(3, "1000", 4 [pid 5822] <... mkdir resumed>) = 0 [pid 6923] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6921] <... write resumed>) = 4 [pid 6920] <... mprotect resumed>) = 0 [pid 6919] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6923] memfd_create("syzkaller", 0 [pid 6922] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6921] close(3 [pid 6920] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... openat resumed>) = 3 [pid 6921] <... close resumed>) = 0 [pid 6923] <... memfd_create resumed>) = 3 [pid 6922] <... openat resumed>) = 4 [pid 6920] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6921] symlink("/dev/binderfs", "./binderfs" [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6922] ioctl(4, LOOP_SET_FD, 3 [pid 6920] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6923] <... mmap resumed>) = 0x7fbb60600000 [pid 6921] <... symlink resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 6923] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] close(3./strace-static-x86_64: Process 6924 attached [pid 6920] <... clone3 resumed> => {parent_tid=[6924]}, 88) = 6924 [pid 6920] rt_sigprocmask(SIG_SETMASK, [], [pid 6924] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] <... rseq resumed>) = 0 [pid 6923] <... write resumed>) = 131072 [pid 6920] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] set_robust_list(0x7fbb68bde9a0, 24 [pid 6920] <... futex resumed>) = 0 [pid 6924] <... set_robust_list resumed>) = 0 [pid 6920] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] rt_sigprocmask(SIG_SETMASK, [], [pid 6923] munmap(0x7fbb60600000, 138412032 [pid 6924] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6923] <... munmap resumed>) = 0 [pid 6921] write(1, "executing program\n", 18 [pid 5822] <... close resumed>) = 0 executing program [pid 6924] memfd_create("syzkaller", 0 [pid 6923] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6924] <... memfd_create resumed>) = 3 [pid 6923] <... openat resumed>) = 4 [pid 6921] <... write resumed>) = 18 [pid 6924] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6923] ioctl(4, LOOP_SET_FD, 3 [pid 6924] <... mmap resumed>) = 0x7fbb60600000 [pid 6921] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6923] <... ioctl resumed>) = 0 [pid 6922] <... ioctl resumed>) = 0 [pid 6921] <... futex resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6924] munmap(0x7fbb60600000, 138412032 [pid 6923] close(3 [pid 6922] close(3./strace-static-x86_64: Process 6925 attached [pid 6924] <... munmap resumed>) = 0 [pid 6923] <... close resumed>) = 0 [pid 6922] <... close resumed>) = 0 [pid 6921] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6925] set_robust_list(0x55555eedf6a0, 24 [pid 6922] close(4 [pid 6921] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6925 [pid 6925] <... set_robust_list resumed>) = 0 [pid 6924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6923] close(4 [pid 6922] <... close resumed>) = 0 [pid 6921] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6925] chdir("./101" [pid 6921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6925] <... chdir resumed>) = 0 [pid 6924] <... openat resumed>) = 4 [pid 6923] <... close resumed>) = 0 [pid 6922] mkdir("./file2", 0777 [pid 6921] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6925] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6924] ioctl(4, LOOP_SET_FD, 3 [pid 6923] mkdir("./file2", 0777 [pid 6922] <... mkdir resumed>) = 0 [pid 6925] <... prctl resumed>) = 0 [pid 6923] <... mkdir resumed>) = 0 [pid 6921] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6925] setpgid(0, 0 [pid 6922] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6921] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6925] <... setpgid resumed>) = 0 [pid 6925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6921] <... mprotect resumed>) = 0 [ 138.633310][ T6922] loop0: detected capacity change from 0 to 256 [ 138.654715][ T6923] loop1: detected capacity change from 0 to 256 [pid 6923] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6925] <... openat resumed>) = 3 [pid 6921] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6925] write(3, "1000", 4) = 4 [pid 6921] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6921] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6925] close(3) = 0 [pid 6925] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6925] write(1, "executing program\n", 18) = 18 [pid 6924] <... ioctl resumed>) = 0 [pid 6925] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6925] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, ./strace-static-x86_64: Process 6926 attached NULL, 8) = 0 [pid 6924] close(3 [pid 6921] <... clone3 resumed> => {parent_tid=[6926]}, 88) = 6926 [pid 6924] <... close resumed>) = 0 [pid 6924] close(4) = 0 [pid 6924] mkdir("./file2", 0777 [pid 6921] rt_sigprocmask(SIG_SETMASK, [], [pid 6924] <... mkdir resumed>) = 0 [pid 6921] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6921] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6921] <... futex resumed>) = 0 [pid 6926] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6921] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6926] <... rseq resumed>) = 0 [pid 6925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6926] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6925] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6924] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6926] rt_sigprocmask(SIG_SETMASK, [], [pid 6925] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6926] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6925] <... mprotect resumed>) = 0 [ 138.693072][ T6924] loop3: detected capacity change from 0 to 256 [ 138.713348][ T6922] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.728734][ T6922] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6926] memfd_create("syzkaller", 0) = 3 [pid 6925] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6922] <... mount resumed>) = 0 [pid 6926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6925] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6922] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6926] <... mmap resumed>) = 0x7fbb60600000 [pid 6925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6924] <... mount resumed>) = 0 [pid 6923] <... mount resumed>) = 0 [pid 6922] <... openat resumed>) = 3 [pid 6923] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6924] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 6927 attached [pid 6926] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6923] chdir("./file2" [pid 6922] chdir("./file2" [pid 6927] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6925] <... clone3 resumed> => {parent_tid=[6927]}, 88) = 6927 [pid 6924] <... openat resumed>) = 3 [pid 6923] <... chdir resumed>) = 0 [pid 6922] <... chdir resumed>) = 0 [pid 6927] <... rseq resumed>) = 0 [pid 6923] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6927] set_robust_list(0x7fbb68bde9a0, 24 [pid 6925] rt_sigprocmask(SIG_SETMASK, [], [pid 6922] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6923] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6927] <... set_robust_list resumed>) = 0 [pid 6925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6924] chdir("./file2" [pid 6923] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6927] rt_sigprocmask(SIG_SETMASK, [], [pid 6925] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... chdir resumed>) = 0 [pid 6923] <... futex resumed>) = 1 [pid 6927] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6922] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6925] <... futex resumed>) = 0 [pid 6923] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6927] memfd_create("syzkaller", 0 [pid 6925] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6924] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6922] <... futex resumed>) = 1 [pid 6919] <... futex resumed>) = 0 [pid 6918] <... futex resumed>) = 0 [pid 6927] <... memfd_create resumed>) = 3 [pid 6922] mkdir("./file3", 0777 [pid 6919] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6918] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6924] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6918] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] <... futex resumed>) = 0 [pid 6919] <... futex resumed>) = 1 [pid 6919] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6923] mkdir("./file3", 0777 [pid 6926] <... write resumed>) = 131072 [ 138.750544][ T6923] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.759892][ T6924] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.764737][ T6923] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 138.776223][ T6924] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6926] munmap(0x7fbb60600000, 138412032) = 0 [pid 6927] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6924] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6922] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6926] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6926] ioctl(4, LOOP_SET_FD, 3 [pid 6927] <... mmap resumed>) = 0x7fbb60600000 [pid 6924] <... futex resumed>) = 1 [pid 6923] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6922] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6920] <... futex resumed>) = 0 [pid 6927] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6924] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6920] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6924] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6924] mkdir("./file3", 0777 [pid 6920] <... futex resumed>) = 0 [pid 6926] <... ioctl resumed>) = 0 [pid 6923] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6920] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6918] <... futex resumed>) = ? [pid 6927] <... write resumed>) = 131072 [pid 6926] close(3 [pid 6922] +++ killed by SIGSEGV +++ [pid 6919] <... futex resumed>) = ? [pid 6918] +++ killed by SIGSEGV +++ [ 138.816414][ T6922] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.826299][ T6923] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.826311][ T6922] exFAT-fs (loop0): Filesystem has been set read-only [ 138.826327][ T6923] exFAT-fs (loop1): Filesystem has been set read-only [ 138.838659][ T6926] loop2: detected capacity change from 0 to 256 [pid 6927] munmap(0x7fbb60600000, 138412032 [pid 6926] <... close resumed>) = 0 [pid 6923] +++ killed by SIGSEGV +++ [pid 6926] close(4) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6918, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6926] mkdir("./file2", 0777) = 0 [pid 6926] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6919] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6919, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5819] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6924] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] umount2("./97", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] <... munmap resumed>) = 0 [pid 6924] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6927] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6927] <... openat resumed>) = 4 [pid 5818] <... openat resumed>) = 3 [pid 6927] ioctl(4, LOOP_SET_FD, 3 [pid 6920] <... futex resumed>) = ? [pid 5818] newfstatat(3, "", [pid 5819] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 138.862593][ T6924] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 138.884658][ T6924] exFAT-fs (loop3): Filesystem has been set read-only [ 138.898320][ T6927] loop4: detected capacity change from 0 to 256 [pid 5818] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6927] <... ioctl resumed>) = 0 [pid 6924] +++ killed by SIGSEGV +++ [pid 6920] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6920, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5821] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6927] close(3 [pid 5821] getdents64(3, [pid 5819] newfstatat(AT_FDCWD, "./100/file2", [pid 6927] <... close resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 4 [pid 6927] close(4 [pid 5819] newfstatat(4, "", [pid 6927] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6927] mkdir("./file2", 0777 [pid 5819] getdents64(4, [pid 6927] <... mkdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6927] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... umount2 resumed>) = 0 [pid 5819] close(4 [pid 5818] newfstatat(AT_FDCWD, "./97/file2", [pid 5821] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] newfstatat(AT_FDCWD, "./101/file2", [pid 5818] umount2("./97/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./100/file2" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./97/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 5821] <... openat resumed>) = 4 [pid 5819] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(4, "", [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [ 138.911612][ T6926] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.933895][ T6926] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] getdents64(4, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] newfstatat(AT_FDCWD, "./100/binderfs", [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 5819] unlink("./100/binderfs") = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 5821] getdents64(4, [pid 5819] getdents64(3, [pid 5818] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] rmdir("./97/file2" [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 6926] <... mount resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./100" [pid 6926] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] close(4 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5819] mkdir("./101", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6927] <... mount resumed>) = 0 [pid 6926] <... openat resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 5818] umount2("./97/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6926] chdir("./file2" [pid 5819] <... openat resumed>) = 3 [pid 6926] <... chdir resumed>) = 0 [pid 6927] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6926] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] rmdir("./101/file2" [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./97/binderfs", [pid 6927] <... openat resumed>) = 3 [pid 6926] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./97/binderfs") = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6927] chdir("./file2" [pid 6926] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] close(3 [pid 5818] getdents64(3, [pid 6927] <... chdir resumed>) = 0 [pid 6926] <... futex resumed>) = 1 [pid 6921] <... futex resumed>) = 0 [pid 5821] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6926] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6921] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6927] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6921] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6927] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6921] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] newfstatat(AT_FDCWD, "./101/binderfs", [pid 6927] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6926] mkdir("./file3", 0777 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6927] <... futex resumed>) = 1 [pid 5818] close(3 [pid 5821] unlink("./101/binderfs" [pid 6927] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6925] <... futex resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6925] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6925] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6927] <... futex resumed>) = 0 [pid 5821] getdents64(3, [pid 6927] mkdir("./file3", 0777 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6928 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 138.955767][ T6927] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 138.972917][ T6927] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.004539][ T6926] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5821] close(3 [pid 5818] rmdir("./97" [pid 5821] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5818] mkdir("./98", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3) = 0 ./strace-static-x86_64: Process 6928 attached [pid 5821] rmdir("./101" [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... rmdir resumed>) = 0 [pid 6928] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 6929 attached [pid 6929] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6929] chdir("./98") = 0 [pid 6929] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6926] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6929] <... prctl resumed>) = 0 [pid 6929] setpgid(0, 0 [pid 6926] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6929] <... setpgid resumed>) = 0 [pid 6928] <... set_robust_list resumed>) = 0 [pid 6927] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6929] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6927] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6921] <... futex resumed>) = ? [pid 6928] chdir("./101" [pid 6925] <... futex resumed>) = ? [pid 6927] +++ killed by SIGSEGV +++ [pid 6926] +++ killed by SIGSEGV +++ [pid 6928] <... chdir resumed>) = 0 [pid 6925] +++ killed by SIGSEGV +++ [pid 6921] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6925, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6928] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6921, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=11 /* 0.11 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6929] <... openat resumed>) = 3 [pid 6928] <... prctl resumed>) = 0 [pid 6929] write(3, "1000", 4) = 4 [pid 6928] setpgid(0, 0 [pid 6929] close(3) = 0 [pid 6928] <... setpgid resumed>) = 0 [pid 6929] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 6928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6929] write(1, "executing program\n", 18) = 18 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6929 [pid 6929] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6928] <... openat resumed>) = 3 [pid 6929] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6928] write(3, "1000", 4 [pid 6929] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6928] <... write resumed>) = 4 [pid 6929] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6928] close(3 [pid 5821] mkdir("./102", 0777 [pid 6928] <... close resumed>) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6929] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6928] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6928] <... symlink resumed>) = 0 executing program [pid 6929] <... mprotect resumed>) = 0 [pid 6928] write(1, "executing program\n", 18 [pid 5822] <... openat resumed>) = 3 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] newfstatat(3, "", [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6928] <... write resumed>) = 18 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6928] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(3, [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6929] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6928] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6928] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] close(3 [pid 5820] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 6929] <... clone3 resumed> => {parent_tid=[6930]}, 88) = 6930 [pid 5820] newfstatat(3, "", [pid 6929] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... close resumed>) = 0 [pid 6929] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(3, [pid 6929] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6929] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6930 attached [ 139.017329][ T6927] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.022196][ T6926] exFAT-fs (loop2): Filesystem has been set read-only [ 139.039239][ T6927] exFAT-fs (loop4): Filesystem has been set read-only [pid 6928] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6931 attached [pid 6930] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6928] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6931] set_robust_list(0x55555eedf6a0, 24 [pid 6928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6931 [pid 5820] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6931] <... set_robust_list resumed>) = 0 [pid 6928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6931] chdir("./102" [pid 6930] <... rseq resumed>) = 0 [pid 6928] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] newfstatat(AT_FDCWD, "./101/file2", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6928] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./98/file2", [pid 6928] <... mprotect resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6928] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6930] set_robust_list(0x7fbb68bde9a0, 24 [pid 6928] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6931] <... chdir resumed>) = 0 [pid 6930] <... set_robust_list resumed>) = 0 [pid 6928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 6932 attached [pid 6931] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6930] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] newfstatat(4, "", [pid 5820] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6931] <... prctl resumed>) = 0 [pid 6930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6928] <... clone3 resumed> => {parent_tid=[6932]}, 88) = 6932 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6928] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] getdents64(4, [pid 5820] <... openat resumed>) = 4 [pid 6928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6928] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 6930] memfd_create("syzkaller", 0 [pid 6928] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6932] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6931] setpgid(0, 0 [pid 6930] <... memfd_create resumed>) = 3 [pid 6928] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] close(4 [pid 5820] newfstatat(4, "", [pid 6932] <... rseq resumed>) = 0 [pid 6931] <... setpgid resumed>) = 0 [pid 6930] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... close resumed>) = 0 [pid 6931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6930] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] rmdir("./101/file2" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6932] set_robust_list(0x7fbb68bde9a0, 24 [pid 6931] <... openat resumed>) = 3 [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6932] <... set_robust_list resumed>) = 0 [pid 6931] write(3, "1000", 4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6932] rt_sigprocmask(SIG_SETMASK, [], [pid 6931] <... write resumed>) = 4 [pid 5822] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5820] getdents64(4, [pid 6932] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6931] close(3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6932] memfd_create("syzkaller", 0 [pid 5822] unlink("./101/binderfs" [pid 6932] <... memfd_create resumed>) = 3 [pid 6931] <... close resumed>) = 0 [pid 6930] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... unlink resumed>) = 0 [pid 5820] getdents64(4, [pid 6932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6931] symlink("/dev/binderfs", "./binderfs" [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3 [pid 6932] <... mmap resumed>) = 0x7fbb60600000 [pid 6931] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] rmdir("./101" [pid 5820] close(4executing program [pid 5822] <... rmdir resumed>) = 0 [pid 6932] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6931] write(1, "executing program\n", 18 [pid 6930] <... write resumed>) = 131072 [pid 5820] <... close resumed>) = 0 [pid 6931] <... write resumed>) = 18 [pid 6930] munmap(0x7fbb60600000, 138412032 [pid 5822] mkdir("./102", 0777 [pid 5820] rmdir("./98/file2" [pid 6931] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] <... munmap resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6931] <... futex resumed>) = 0 [pid 6931] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6930] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 6931] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6930] <... openat resumed>) = 4 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6930] ioctl(4, LOOP_SET_FD, 3 [pid 6931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6932] <... write resumed>) = 131072 [pid 6931] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] close(3 [pid 5820] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6931] <... mprotect resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6932] munmap(0x7fbb60600000, 138412032 [pid 6931] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6930] <... ioctl resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6931] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6930] close(3 [pid 5820] unlink("./98/binderfs" [pid 6932] <... munmap resumed>) = 0 [pid 6931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6930] <... close resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6934 attached ./strace-static-x86_64: Process 6933 attached [pid 6932] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6930] close(4 [pid 5820] getdents64(3, [pid 6934] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6933] set_robust_list(0x55555eedf6a0, 24 [pid 6932] <... openat resumed>) = 4 [pid 6931] <... clone3 resumed> => {parent_tid=[6934]}, 88) = 6934 [pid 6930] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6934] <... rseq resumed>) = 0 [pid 6933] <... set_robust_list resumed>) = 0 [pid 6932] ioctl(4, LOOP_SET_FD, 3 [pid 6931] rt_sigprocmask(SIG_SETMASK, [], [pid 6930] mkdir("./file2", 0777 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6933 [pid 5820] close(3 [pid 6934] set_robust_list(0x7fbb68bde9a0, 24 [pid 6933] chdir("./102" [pid 6931] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6930] <... mkdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6930] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] rmdir("./98" [pid 6931] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] <... set_robust_list resumed>) = 0 [pid 6934] rt_sigprocmask(SIG_SETMASK, [], [pid 6931] <... futex resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6933] <... chdir resumed>) = 0 [pid 6934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] mkdir("./99", 0777 [pid 6933] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6931] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6934] memfd_create("syzkaller", 0 [pid 5820] <... mkdir resumed>) = 0 [pid 6933] <... prctl resumed>) = 0 [pid 6933] setpgid(0, 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6933] <... setpgid resumed>) = 0 [pid 6934] <... memfd_create resumed>) = 3 [pid 6934] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6933] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... openat resumed>) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 6934] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6933] <... openat resumed>) = 3 [pid 6934] munmap(0x7fbb60600000, 138412032) = 0 [pid 5820] <... close resumed>) = 0 [pid 6934] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6934] <... openat resumed>) = 4 [ 139.153153][ T6930] loop0: detected capacity change from 0 to 256 [ 139.174733][ T6932] loop1: detected capacity change from 0 to 256 [pid 6934] ioctl(4, LOOP_SET_FD, 3 [pid 6933] write(3, "1000", 4) = 4 [pid 6932] <... ioctl resumed>) = 0 [pid 6932] close(3) = 0 [pid 6932] close(4) = 0 [pid 6932] mkdir("./file2", 0777 [pid 6933] close(3./strace-static-x86_64: Process 6935 attached ) = 0 [pid 6932] <... mkdir resumed>) = 0 [pid 6935] set_robust_list(0x55555eedf6a0, 24 [pid 6932] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6933] symlink("/dev/binderfs", "./binderfs" [pid 6935] <... set_robust_list resumed>) = 0 [pid 6935] chdir("./99" [pid 6933] <... symlink resumed>) = 0 executing program [pid 6935] <... chdir resumed>) = 0 [pid 6933] write(1, "executing program\n", 18 [pid 6935] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6933] <... write resumed>) = 18 [pid 6935] <... prctl resumed>) = 0 [pid 6935] setpgid(0, 0 [pid 6933] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] <... setpgid resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 6935] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6933] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6935] <... openat resumed>) = 3 [pid 6933] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6935] write(3, "1000", 4 [pid 6933] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6935 [pid 6935] <... write resumed>) = 4 [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6935] close(3 [pid 6933] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6935] <... close resumed>) = 0 [pid 6935] symlink("/dev/binderfs", "./binderfs" [pid 6934] <... ioctl resumed>) = 0 [pid 6933] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6934] close(3executing program [pid 6935] <... symlink resumed>) = 0 [pid 6934] <... close resumed>) = 0 [pid 6933] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6934] close(4 [pid 6933] <... mprotect resumed>) = 0 [pid 6934] <... close resumed>) = 0 [pid 6934] mkdir("./file2", 0777) = 0 [pid 6933] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6934] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6933] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6935] write(1, "executing program\n", 18 [pid 6933] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6935] <... write resumed>) = 18 ./strace-static-x86_64: Process 6936 attached [pid 6935] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6935] <... futex resumed>) = 0 [pid 6933] <... clone3 resumed> => {parent_tid=[6936]}, 88) = 6936 [pid 6936] <... rseq resumed>) = 0 [pid 6935] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [ 139.199330][ T6934] loop3: detected capacity change from 0 to 256 [ 139.219203][ T6930] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6936] set_robust_list(0x7fbb68bde9a0, 24 [pid 6933] rt_sigprocmask(SIG_SETMASK, [], [pid 6936] <... set_robust_list resumed>) = 0 [pid 6935] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6933] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] rt_sigprocmask(SIG_SETMASK, [], [pid 6935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6933] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6935] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6933] <... futex resumed>) = 0 [pid 6933] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6935] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6936] memfd_create("syzkaller", 0 [pid 6935] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6936] <... memfd_create resumed>) = 3 [pid 6935] <... mprotect resumed>) = 0 [pid 6936] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6935] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6936] <... mmap resumed>) = 0x7fbb60600000 [pid 6935] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6935] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6937 attached [ 139.248937][ T6932] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.261926][ T6930] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.279002][ T6934] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6937] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6936] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6935] <... clone3 resumed> => {parent_tid=[6937]}, 88) = 6937 [pid 6935] rt_sigprocmask(SIG_SETMASK, [], [pid 6937] <... rseq resumed>) = 0 [pid 6935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6937] set_robust_list(0x7fbb68bde9a0, 24 [pid 6935] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] <... set_robust_list resumed>) = 0 [pid 6935] <... futex resumed>) = 0 [pid 6935] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6930] <... mount resumed>) = 0 [pid 6930] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6930] chdir("./file2") = 0 [pid 6930] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6937] rt_sigprocmask(SIG_SETMASK, [], [pid 6930] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6930] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6930] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... futex resumed>) = 0 [pid 6937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6936] <... write resumed>) = 131072 [pid 6929] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6930] <... futex resumed>) = 0 [pid 6929] <... futex resumed>) = 1 [pid 6930] mkdir("./file3", 0777 [pid 6929] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] memfd_create("syzkaller", 0 [pid 6936] munmap(0x7fbb60600000, 138412032) = 0 [pid 6937] <... memfd_create resumed>) = 3 [pid 6936] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6932] <... mount resumed>) = 0 [pid 6937] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6936] <... openat resumed>) = 4 [pid 6932] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6937] <... mmap resumed>) = 0x7fbb60600000 [pid 6936] ioctl(4, LOOP_SET_FD, 3 [pid 6932] <... openat resumed>) = 3 [pid 6932] chdir("./file2") = 0 [pid 6932] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6937] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6932] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6932] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6932] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6937] <... write resumed>) = 131072 [pid 6928] <... futex resumed>) = 0 [pid 6928] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6932] <... futex resumed>) = 0 [pid 6928] <... futex resumed>) = 1 [pid 6932] mkdir("./file3", 0777 [ 139.295358][ T6932] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.314076][ T6930] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.325928][ T6934] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.340627][ T6936] loop4: detected capacity change from 0 to 256 [ 139.341918][ T6930] exFAT-fs (loop0): Filesystem has been set read-only [pid 6928] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6937] munmap(0x7fbb60600000, 138412032) = 0 [pid 6936] <... ioctl resumed>) = 0 [pid 6934] <... mount resumed>) = 0 [pid 6934] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6929] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6934] <... openat resumed>) = 3 [pid 6929] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] chdir("./file2" [pid 6929] <... futex resumed>) = 0 [pid 6934] <... chdir resumed>) = 0 [pid 6929] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6934] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6929] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6934] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6929] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6934] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... mprotect resumed>) = 0 [pid 6934] <... futex resumed>) = 1 [pid 6929] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6931] <... futex resumed>) = 0 [pid 6934] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6929] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[6938]}, 88) = 6938 [pid 6929] rt_sigprocmask(SIG_SETMASK, [], [pid 6931] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6929] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6929] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6938 attached [pid 6938] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6938] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6938] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6937] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6936] close(3 [pid 6934] <... futex resumed>) = 0 [pid 6931] <... futex resumed>) = 1 [pid 6938] openat(AT_FDCWD, ".", O_RDONLY [pid 6934] mkdir("./file3", 0777 [pid 6938] <... openat resumed>) = 4 [pid 6937] <... openat resumed>) = 4 [pid 6936] <... close resumed>) = 0 [pid 6931] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] ioctl(4, LOOP_SET_FD, 3 [pid 6936] close(4 [pid 6938] <... futex resumed>) = 1 [pid 6930] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6929] <... futex resumed>) = 0 [pid 6938] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 6929] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6938] <... ioctl resumed>) = 0 [pid 6929] <... futex resumed>) = 0 [pid 6938] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6929] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6938] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6936] <... close resumed>) = 0 [pid 6930] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 139.357841][ T6932] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.381568][ T6934] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.388030][ T6932] exFAT-fs (loop1): Filesystem has been set read-only [ 139.395058][ T6934] exFAT-fs (loop3): Filesystem has been set read-only [pid 6934] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6938] <... futex resumed>) = ? [pid 6937] <... ioctl resumed>) = 0 [pid 6936] mkdir("./file2", 0777 [pid 6932] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6928] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6938] +++ killed by SIGSEGV +++ [pid 6937] close(3 [pid 6928] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6934] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6932] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6928] <... futex resumed>) = -1 (errno 18446744073709551555) [pid 6930] +++ killed by SIGSEGV +++ [pid 6937] <... close resumed>) = 0 [pid 6931] <... futex resumed>) = ? [pid 6929] +++ killed by SIGSEGV +++ [pid 6937] close(4 [pid 6936] <... mkdir resumed>) = 0 [pid 6932] +++ killed by SIGSEGV +++ [pid 6928] +++ killed by SIGSEGV +++ [pid 6937] <... close resumed>) = 0 [pid 6936] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6928, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6929, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6937] mkdir("./file2", 0777 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6934] +++ killed by SIGSEGV +++ [pid 6937] <... mkdir resumed>) = 0 [pid 6931] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6931, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [ 139.405008][ T6937] loop2: detected capacity change from 0 to 256 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... restart_syscall resumed>) = 0 [pid 6937] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 5818] <... restart_syscall resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./98", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 5819] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(3, [pid 5819] newfstatat(AT_FDCWD, "./101/file2", [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... openat resumed>) = 3 [pid 5819] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] newfstatat(3, "", [pid 5819] <... openat resumed>) = 4 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(4, [pid 5821] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 5818] newfstatat(AT_FDCWD, "./98/file2", [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./101/file2" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./98/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./101/binderfs" [pid 5818] openat(AT_FDCWD, "./98/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... unlink resumed>) = 0 [pid 5819] getdents64(3, [pid 5818] <... openat resumed>) = 4 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./101" [pid 5818] newfstatat(4, "", [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] mkdir("./102", 0777 [pid 5821] <... umount2 resumed>) = 0 [pid 6937] <... mount resumed>) = 0 [pid 6936] <... mount resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] getdents64(4, [pid 6937] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6937] <... openat resumed>) = 3 [pid 6936] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6937] chdir("./file2" [pid 6936] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 3 [pid 6937] <... chdir resumed>) = 0 [pid 6936] chdir("./file2" [pid 5821] newfstatat(AT_FDCWD, "./102/file2", [pid 6937] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6936] <... chdir resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6937] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6936] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 6936] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... ioctl resumed>) = 0 [pid 6937] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6936] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6937] <... futex resumed>) = 1 [pid 6936] <... futex resumed>) = 1 [pid 6935] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] close(4 [pid 6936] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./98/file2") = 0 [ 139.446868][ T6937] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.448701][ T6936] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.460600][ T6937] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.485248][ T6936] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] umount2("./98/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6937] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6935] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6933] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 4 [pid 5819] <... close resumed>) = 0 [pid 6936] <... futex resumed>) = 0 [pid 6933] <... futex resumed>) = 1 [pid 5821] newfstatat(4, "", [pid 6936] mkdir("./file3", 0777 [pid 6933] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6937] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6935] <... futex resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./98/binderfs", [pid 6937] mkdir("./file3", 0777 [pid 6935] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 6939 attached [pid 6939] set_robust_list(0x55555eedf6a0, 24 [pid 5821] getdents64(4, [pid 6939] <... set_robust_list resumed>) = 0 [pid 6939] chdir("./102" [pid 6936] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6939 [pid 5818] unlink("./98/binderfs" [pid 6939] <... chdir resumed>) = 0 [pid 6936] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] close(4 [pid 6939] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... close resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6939] <... prctl resumed>) = 0 [pid 6933] <... futex resumed>) = ? [pid 5821] rmdir("./102/file2" [pid 6939] setpgid(0, 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6939] <... setpgid resumed>) = 0 [pid 5818] getdents64(3, [pid 6939] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6939] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6939] write(3, "1000", 4 [pid 5821] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5818] close(3 [pid 6939] <... write resumed>) = 4 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... close resumed>) = 0 [pid 6939] close(3 [pid 5821] unlink("./102/binderfs" [pid 5818] rmdir("./98" [pid 6939] <... close resumed>) = 0 [pid 6937] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... unlink resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 6939] symlink("/dev/binderfs", "./binderfs"executing program [pid 5821] getdents64(3, [pid 6939] <... symlink resumed>) = 0 [pid 6937] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6936] +++ killed by SIGSEGV +++ [pid 6933] +++ killed by SIGSEGV +++ [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6939] write(1, "executing program\n", 18 [pid 5821] close(3 [pid 6939] <... write resumed>) = 18 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6933, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] <... close resumed>) = 0 [pid 6935] <... futex resumed>) = ? [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6939] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6937] +++ killed by SIGSEGV +++ [pid 5821] rmdir("./102" [pid 5818] mkdir("./99", 0777 [pid 6939] <... futex resumed>) = 0 [pid 6935] +++ killed by SIGSEGV +++ [pid 5821] <... rmdir resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 6939] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] mkdir("./103", 0777 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6935, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=8 /* 0.08 s */} --- [pid 6939] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6939] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 6939] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6939] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 3 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6939] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6939] <... mprotect resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 5822] <... umount2 resumed>) = 0 [pid 6939] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... mkdir resumed>) = 0 [pid 5820] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 6939] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6939] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4./strace-static-x86_64: Process 6940 attached ) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6940] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6939] <... clone3 resumed> => {parent_tid=[6940]}, 88) = 6940 [pid 5822] rmdir("./102/file2" [pid 6940] <... rseq resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 6940] set_robust_list(0x7fbb68bde9a0, 24) = 0 ./strace-static-x86_64: Process 6941 attached [pid 6940] rt_sigprocmask(SIG_SETMASK, [], [pid 6939] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6941] set_robust_list(0x55555eedf6a0, 24 [pid 6940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6941 [pid 6941] <... set_robust_list resumed>) = 0 [pid 6939] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... openat resumed>) = 3 [pid 6939] <... futex resumed>) = 0 [pid 6941] chdir("./99" [pid 6940] memfd_create("syzkaller", 0 [pid 6939] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... ioctl resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 6940] <... memfd_create resumed>) = 3 [pid 5822] newfstatat(AT_FDCWD, "./102/binderfs", [pid 6940] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] close(3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6941] <... chdir resumed>) = 0 [pid 6940] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] unlink("./102/binderfs" [pid 6941] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] getdents64(3, [pid 6941] <... prctl resumed>) = 0 [pid 6941] setpgid(0, 0 [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 139.554028][ T6936] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.554112][ T6937] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.572121][ T6936] exFAT-fs (loop4): Filesystem has been set read-only [ 139.580158][ T6937] exFAT-fs (loop2): Filesystem has been set read-only [pid 6941] <... setpgid resumed>) = 0 [pid 6940] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... close resumed>) = 0 [pid 5820] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6941] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6940] <... write resumed>) = 131072 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./102") = 0 ./strace-static-x86_64: Process 6942 attached [pid 6940] munmap(0x7fbb60600000, 138412032) = 0 [pid 5822] mkdir("./103", 0777 [pid 6941] <... openat resumed>) = 3 [pid 6942] set_robust_list(0x55555eedf6a0, 24 [pid 6940] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6942] <... set_robust_list resumed>) = 0 [pid 6941] write(3, "1000", 4 [pid 6940] <... openat resumed>) = 4 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6942 [pid 6942] chdir("./103" [pid 6941] <... write resumed>) = 4 [pid 6940] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... umount2 resumed>) = 0 [pid 6942] <... chdir resumed>) = 0 [pid 6941] close(3 [pid 5822] <... mkdir resumed>) = 0 [pid 5820] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./99/file2", [pid 6941] <... close resumed>) = 0 [pid 6941] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6941] <... symlink resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6942] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] close(3executing program [pid 6942] <... prctl resumed>) = 0 [pid 6941] write(1, "executing program\n", 18 [pid 5822] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 6942] setpgid(0, 0 [pid 5820] <... close resumed>) = 0 [pid 6942] <... setpgid resumed>) = 0 [pid 5820] rmdir("./99/file2" [pid 6942] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... rmdir resumed>) = 0 [pid 6942] <... openat resumed>) = 3 [pid 6942] write(3, "1000", 4 [pid 5820] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6942] <... write resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] newfstatat(AT_FDCWD, "./99/binderfs", [pid 6942] close(3 [pid 6941] <... write resumed>) = 18 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6942] <... close resumed>) = 0 [pid 6942] symlink("/dev/binderfs", "./binderfs" [pid 6941] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] unlink("./99/binderfs" [pid 6941] <... futex resumed>) = 0 [pid 6941] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, ./strace-static-x86_64: Process 6943 attached [pid 6942] <... symlink resumed>) = 0 [pid 6941] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... unlink resumed>) = 0 executing program [pid 6941] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6942] write(1, "executing program\n", 18 [pid 6941] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] getdents64(3, [pid 6943] set_robust_list(0x55555eedf6a0, 24 [pid 6942] <... write resumed>) = 18 [pid 6941] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6943] <... set_robust_list resumed>) = 0 [pid 6942] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6941] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] close(3 [pid 6943] chdir("./103" [pid 6942] <... futex resumed>) = 0 [pid 6940] <... ioctl resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6943 [pid 5820] <... close resumed>) = 0 [pid 6943] <... chdir resumed>) = 0 [pid 6942] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6941] <... mprotect resumed>) = 0 [pid 5820] rmdir("./99" [pid 6943] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6942] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6941] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6940] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 6943] <... prctl resumed>) = 0 [pid 6942] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6941] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6940] <... close resumed>) = 0 [pid 6943] setpgid(0, 0 [pid 6942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6941] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6943] <... setpgid resumed>) = 0 [pid 6942] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6940] close(4 [pid 5820] mkdir("./100", 0777./strace-static-x86_64: Process 6944 attached [pid 6943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6942] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6940] <... close resumed>) = 0 [pid 6944] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6941] <... clone3 resumed> => {parent_tid=[6944]}, 88) = 6944 [pid 5820] <... mkdir resumed>) = 0 [pid 6942] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6941] rt_sigprocmask(SIG_SETMASK, [], [pid 6940] mkdir("./file2", 0777 [pid 6944] <... rseq resumed>) = 0 [pid 6943] <... openat resumed>) = 3 [pid 6942] <... mprotect resumed>) = 0 [pid 6941] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6940] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6944] set_robust_list(0x7fbb68bde9a0, 24 [pid 6942] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6941] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] <... set_robust_list resumed>) = 0 [pid 6943] write(3, "1000", 4 [pid 6942] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6941] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6944] rt_sigprocmask(SIG_SETMASK, [], [pid 6943] <... write resumed>) = 4 [pid 6942] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6940] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6943] close(3 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6941] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6945 attached [pid 6944] memfd_create("syzkaller", 0 [pid 6943] <... close resumed>) = 0 [pid 6942] <... clone3 resumed> => {parent_tid=[6945]}, 88) = 6945 [pid 5820] <... ioctl resumed>) = 0 [pid 6945] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6943] symlink("/dev/binderfs", "./binderfs" [pid 6942] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] close(3 [pid 6945] <... rseq resumed>) = 0 [pid 6943] <... symlink resumed>) = 0 [pid 6944] <... memfd_create resumed>) = 3 [pid 6942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 6945] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6945] rt_sigprocmask(SIG_SETMASK, [], [pid 6942] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6945] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 139.651459][ T6940] loop1: detected capacity change from 0 to 256 [pid 6945] memfd_create("syzkaller", 0 [pid 6942] <... futex resumed>) = 0 [pid 6945] <... memfd_create resumed>) = 3 [pid 6944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6943] write(1, "executing program\n", 18 [pid 6944] <... mmap resumed>) = 0x7fbb60600000 executing program [pid 6943] <... write resumed>) = 18 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6946 attached [pid 6943] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] set_robust_list(0x55555eedf6a0, 24 [pid 6945] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6944] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6943] <... futex resumed>) = 0 [pid 6942] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6946 [pid 6945] <... mmap resumed>) = 0x7fbb60600000 [pid 6943] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6946] <... set_robust_list resumed>) = 0 [pid 6945] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6943] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6946] chdir("./100" [pid 6945] <... write resumed>) = 131072 [pid 6944] <... write resumed>) = 131072 [pid 6943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6946] <... chdir resumed>) = 0 [pid 6945] munmap(0x7fbb60600000, 138412032 [pid 6943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6946] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6945] <... munmap resumed>) = 0 [pid 6943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6944] munmap(0x7fbb60600000, 138412032 [pid 6945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6943] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6945] <... openat resumed>) = 4 [pid 6943] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6945] ioctl(4, LOOP_SET_FD, 3 [pid 6943] <... mprotect resumed>) = 0 [pid 6946] <... prctl resumed>) = 0 [pid 6943] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6947 attached [pid 6946] setpgid(0, 0 [pid 6944] <... munmap resumed>) = 0 [pid 6947] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6946] <... setpgid resumed>) = 0 [pid 6947] <... rseq resumed>) = 0 [pid 6947] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6947] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6946] <... openat resumed>) = 3 [pid 6944] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6943] <... clone3 resumed> => {parent_tid=[6947]}, 88) = 6947 [pid 6946] write(3, "1000", 4 [pid 6944] <... openat resumed>) = 4 [pid 6943] rt_sigprocmask(SIG_SETMASK, [], [pid 6946] <... write resumed>) = 4 [pid 6944] ioctl(4, LOOP_SET_FD, 3 [ 139.704022][ T6940] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.720454][ T6940] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.741330][ T6945] loop3: detected capacity change from 0 to 256 [pid 6946] close(3 [pid 6943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6940] <... mount resumed>) = 0 [pid 6943] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6946] <... close resumed>) = 0 [pid 6943] <... futex resumed>) = 1 [pid 6947] <... futex resumed>) = 0 [pid 6943] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6947] memfd_create("syzkaller", 0 [pid 6946] symlink("/dev/binderfs", "./binderfs" [pid 6947] <... memfd_create resumed>) = 3 [pid 6947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6946] <... symlink resumed>) = 0 [pid 6940] chdir("./file2") = 0 [pid 6940] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6947] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6945] <... ioctl resumed>) = 0 [pid 6940] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6947] <... write resumed>) = 131072 [pid 6940] <... futex resumed>) = 1 [pid 6945] close(3 [pid 6939] <... futex resumed>) = 0 [pid 6945] <... close resumed>) = 0 [pid 6939] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6940] mkdir("./file3", 0777 [pid 6946] write(1, "executing program\n", 18 [pid 6945] close(4executing program [pid 6944] <... ioctl resumed>) = 0 [pid 6939] <... futex resumed>) = 0 [pid 6939] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6945] <... close resumed>) = 0 [pid 6945] mkdir("./file2", 0777 [pid 6946] <... write resumed>) = 18 [pid 6947] munmap(0x7fbb60600000, 138412032) = 0 [pid 6946] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] close(3 [pid 6947] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6946] <... futex resumed>) = 0 [pid 6945] <... mkdir resumed>) = 0 [pid 6944] <... close resumed>) = 0 [pid 6947] <... openat resumed>) = 4 [pid 6947] ioctl(4, LOOP_SET_FD, 3 [pid 6946] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6945] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6944] close(4 [pid 6946] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6944] <... close resumed>) = 0 [pid 6944] mkdir("./file2", 0777 [pid 6946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6944] <... mkdir resumed>) = 0 [pid 6946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6944] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6946] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [ 139.768869][ T6944] loop0: detected capacity change from 0 to 256 [ 139.783907][ T6940] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.804842][ T6940] exFAT-fs (loop1): Filesystem has been set read-only [pid 6946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[6948]}, 88) = 6948 [pid 6946] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6948 attached [pid 6947] <... ioctl resumed>) = 0 [pid 6940] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6948] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6948] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6948] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6948] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6947] close(3) = 0 [pid 6940] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6947] close(4) = 0 [pid 6947] mkdir("./file2", 0777) = 0 [pid 6947] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6946] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6939] <... futex resumed>) = ? [pid 6946] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6946] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6948] <... futex resumed>) = 0 [pid 6948] memfd_create("syzkaller", 0) = 3 [pid 6948] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6948] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6940] +++ killed by SIGSEGV +++ [pid 6939] +++ killed by SIGSEGV +++ [ 139.822877][ T6947] loop4: detected capacity change from 0 to 256 [ 139.836693][ T6945] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.854512][ T6944] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6948] <... write resumed>) = 131072 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6939, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6948] munmap(0x7fbb60600000, 138412032 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6948] <... munmap resumed>) = 0 [pid 6945] <... mount resumed>) = 0 [pid 6944] <... mount resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6948] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6948] ioctl(4, LOOP_SET_FD, 3 [pid 6945] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6944] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6945] <... openat resumed>) = 3 [pid 6945] chdir("./file2" [pid 6944] <... openat resumed>) = 3 [pid 5819] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6944] chdir("./file2" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6944] <... chdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5819] <... openat resumed>) = 3 [pid 6944] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(3, "", [pid 6944] <... futex resumed>) = 1 [pid 6941] <... futex resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6944] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6941] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6944] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6941] <... futex resumed>) = 0 [pid 5819] getdents64(3, [pid 6945] <... chdir resumed>) = 0 [pid 6944] mkdir("./file3", 0777 [pid 6941] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [ 139.872272][ T6945] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.882214][ T6944] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 139.898925][ T6948] loop2: detected capacity change from 0 to 256 [ 139.913831][ T6944] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6945] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6945] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6948] <... ioctl resumed>) = 0 [pid 6948] close(3) = 0 [pid 6948] close(4) = 0 [pid 6945] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... umount2 resumed>) = 0 [pid 6945] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6948] mkdir("./file2", 0777 [pid 6942] <... futex resumed>) = 0 [pid 5819] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6948] <... mkdir resumed>) = 0 [pid 6942] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6948] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6945] <... futex resumed>) = 0 [pid 6942] <... futex resumed>) = 1 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6945] mkdir("./file3", 0777 [pid 6944] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6942] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 139.914382][ T6947] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.925765][ T6944] exFAT-fs (loop0): Filesystem has been set read-only [ 139.953640][ T6947] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] newfstatat(AT_FDCWD, "./102/file2", [pid 6944] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6941] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6947] <... mount resumed>) = 0 [pid 5819] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6947] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6945] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6944] +++ killed by SIGSEGV +++ [pid 6941] +++ killed by SIGSEGV +++ [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6947] <... openat resumed>) = 3 [pid 6945] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6941, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 6947] chdir("./file2" [pid 5819] <... openat resumed>) = 4 [pid 6947] <... chdir resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 6947] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6947] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] getdents64(4, [pid 6947] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6948] <... mount resumed>) = 0 [pid 6942] <... futex resumed>) = ? [pid 6947] <... futex resumed>) = 1 [pid 6943] <... futex resumed>) = 0 [pid 5819] getdents64(4, [pid 6948] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6947] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6945] +++ killed by SIGSEGV +++ [pid 6943] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6942] +++ killed by SIGSEGV +++ [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6948] <... openat resumed>) = 3 [pid 6947] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6943] <... futex resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6942, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] close(4 [pid 6947] mkdir("./file3", 0777 [pid 6943] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] chdir("./file2" [pid 5819] <... close resumed>) = 0 [pid 6948] <... chdir resumed>) = 0 [pid 6948] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6948] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6946] <... futex resumed>) = 0 [pid 6946] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 139.960410][ T6948] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 139.964529][ T6945] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 139.985086][ T6945] exFAT-fs (loop3): Filesystem has been set read-only [ 139.992550][ T6948] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6946] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6948] <... futex resumed>) = 1 [pid 5819] rmdir("./102/file2" [pid 5818] umount2("./99", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6948] mkdir("./file3", 0777 [pid 6947] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6947] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6943] <... futex resumed>) = ? [pid 5821] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 3 [pid 6948] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6947] +++ killed by SIGSEGV +++ [pid 6948] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6943] +++ killed by SIGSEGV +++ [pid 5821] <... openat resumed>) = 3 [pid 5819] newfstatat(AT_FDCWD, "./102/binderfs", [pid 5818] newfstatat(3, "", [pid 6946] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6943, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5821] newfstatat(3, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6948] +++ killed by SIGSEGV +++ [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6946] +++ killed by SIGSEGV +++ [pid 5821] getdents64(3, [pid 5819] unlink("./102/binderfs" [pid 5818] getdents64(3, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... openat resumed>) = 3 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6946, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5819] getdents64(3, [pid 5818] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 140.016399][ T6947] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.026366][ T6947] exFAT-fs (loop4): Filesystem has been set read-only [ 140.042004][ T6948] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.051440][ T6948] exFAT-fs (loop2): Filesystem has been set read-only [pid 5821] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(3, "", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] close(3 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5821] newfstatat(AT_FDCWD, "./103/file2", [pid 5820] <... openat resumed>) = 3 [pid 5819] rmdir("./102" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] newfstatat(AT_FDCWD, "./99/file2", [pid 5822] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(3, "", [pid 5819] <... rmdir resumed>) = 0 [pid 5821] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./99/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] getdents64(3, [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] mkdir("./103", 0777 [pid 5822] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(4, "", [pid 5820] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./99/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] newfstatat(AT_FDCWD, "./103/file2", [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(4, [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5822] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(4, [pid 5819] close(3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5819] <... close resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... close resumed>) = 0 [pid 5820] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5822] newfstatat(4, "", [pid 5821] rmdir("./103/file2" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] getdents64(4, ./strace-static-x86_64: Process 6949 attached [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./100/file2", [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 6949] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 6949] <... set_robust_list resumed>) = 0 [pid 5822] getdents64(4, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6949 [pid 5818] close(4 [pid 6949] chdir("./103" [pid 5822] close(4 [pid 5821] newfstatat(AT_FDCWD, "./103/binderfs", [pid 5820] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... close resumed>) = 0 [pid 6949] <... chdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] rmdir("./99/file2" [pid 6949] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] rmdir("./103/file2" [pid 5821] unlink("./103/binderfs" [pid 5820] <... openat resumed>) = 4 [pid 5818] <... rmdir resumed>) = 0 [pid 6949] <... prctl resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6949] setpgid(0, 0 [pid 5820] newfstatat(4, "", [pid 6949] <... setpgid resumed>) = 0 [pid 5821] getdents64(3, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6949] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(4, [pid 5822] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] close(3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./99/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6949] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6949] write(3, "1000", 4 [pid 5822] newfstatat(AT_FDCWD, "./103/binderfs", [pid 5821] rmdir("./103" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(AT_FDCWD, "./99/binderfs", [pid 6949] <... write resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 6949] close(3 [pid 5820] close(4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6949] <... close resumed>) = 0 [pid 5822] unlink("./103/binderfs" [pid 5820] <... close resumed>) = 0 [pid 5818] unlink("./99/binderfs" [pid 6949] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... unlink resumed>) = 0 [pid 5821] mkdir("./104", 0777 [pid 5820] rmdir("./100/file2" [pid 5818] <... unlink resumed>) = 0 [pid 6949] <... symlink resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] getdents64(3, [pid 5818] getdents64(3, executing program [pid 6949] write(1, "executing program\n", 18 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 5822] close(3 [pid 5818] <... close resumed>) = 0 [pid 6949] <... write resumed>) = 18 [pid 5822] <... close resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] rmdir("./99" [pid 6949] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rmdir("./103" [pid 5821] <... openat resumed>) = 3 [pid 5820] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6949] <... futex resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./100/binderfs", [pid 6949] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... rmdir resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] mkdir("./100", 0777 [pid 6949] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6949] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] unlink("./100/binderfs" [pid 6949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 6949] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] close(3 [pid 5820] getdents64(3, [pid 6949] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] mkdir("./104", 0777 [pid 5821] <... close resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 6949] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6950 attached [pid 6949] <... mprotect resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6950] set_robust_list(0x55555eedf6a0, 24 [pid 6949] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] close(3 [pid 6950] <... set_robust_list resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6950] chdir("./104" [pid 5820] <... close resumed>) = 0 [pid 6950] <... chdir resumed>) = 0 [pid 6949] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6950 [pid 5820] rmdir("./100" [pid 5818] <... ioctl resumed>) = 0 [pid 6949] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6951 attached [pid 6950] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... openat resumed>) = 3 [pid 5818] close(3 [pid 6951] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6949] <... clone3 resumed> => {parent_tid=[6951]}, 88) = 6951 [pid 6951] <... rseq resumed>) = 0 [pid 6951] set_robust_list(0x7fbb68bde9a0, 24 [pid 6949] rt_sigprocmask(SIG_SETMASK, [], [pid 6951] <... set_robust_list resumed>) = 0 [pid 6949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6951] rt_sigprocmask(SIG_SETMASK, [], [pid 6950] <... prctl resumed>) = 0 [pid 6949] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... close resumed>) = 0 [pid 6951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6950] setpgid(0, 0 [pid 6949] <... futex resumed>) = 0 [pid 6951] memfd_create("syzkaller", 0 [pid 6949] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... rmdir resumed>) = 0 [pid 6951] <... memfd_create resumed>) = 3 [pid 6951] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6951] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6950] <... setpgid resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] mkdir("./101", 0777 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6951] <... write resumed>) = 131072 [pid 6950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... mkdir resumed>) = 0 [pid 6950] <... openat resumed>) = 3 [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3 [pid 6950] write(3, "1000", 4 [pid 5822] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6950] <... write resumed>) = 4 [pid 6951] munmap(0x7fbb60600000, 138412032 [pid 6950] close(3 [pid 6951] <... munmap resumed>) = 0 [pid 6950] <... close resumed>) = 0 [pid 6950] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... openat resumed>) = 3 [pid 6951] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6950] <... symlink resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6951] ioctl(4, LOOP_SET_FD, 3executing program ./strace-static-x86_64: Process 6952 attached [pid 6950] write(1, "executing program\n", 18 [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6952 [pid 6952] set_robust_list(0x55555eedf6a0, 24 [pid 6950] <... write resumed>) = 18 [pid 5820] close(3 [pid 6952] <... set_robust_list resumed>) = 0 [pid 6950] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6950] <... futex resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6952] chdir("./100" [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6950] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6953 ./strace-static-x86_64: Process 6954 attached [pid 6952] <... chdir resumed>) = 0 [pid 6950] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6954] set_robust_list(0x55555eedf6a0, 24 [pid 6950] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6954] <... set_robust_list resumed>) = 0 [pid 6952] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6954 [pid 6952] <... prctl resumed>) = 0 [pid 6950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 6953 attached [pid 6952] setpgid(0, 0 [pid 6950] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6954] chdir("./101" [pid 6952] <... setpgid resumed>) = 0 [pid 6950] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6951] <... ioctl resumed>) = 0 [pid 6953] set_robust_list(0x55555eedf6a0, 24 [pid 6951] close(3 [pid 6950] <... mprotect resumed>) = 0 [pid 6953] <... set_robust_list resumed>) = 0 [pid 6954] <... chdir resumed>) = 0 [pid 6953] chdir("./104" [pid 6952] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6951] <... close resumed>) = 0 [pid 6950] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6954] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6953] <... chdir resumed>) = 0 [pid 6954] <... prctl resumed>) = 0 [pid 6953] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6951] close(4 [pid 6950] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6954] setpgid(0, 0 [pid 6953] <... prctl resumed>) = 0 [pid 6952] <... openat resumed>) = 3 [pid 6951] <... close resumed>) = 0 [pid 6950] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6954] <... setpgid resumed>) = 0 [pid 6953] setpgid(0, 0 [pid 6952] write(3, "1000", 4 [pid 6951] mkdir("./file2", 0777 [pid 6953] <... setpgid resumed>) = 0 ./strace-static-x86_64: Process 6955 attached [pid 6953] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6951] <... mkdir resumed>) = 0 [pid 6955] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6953] <... openat resumed>) = 3 [pid 6952] <... write resumed>) = 4 [pid 6951] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6950] <... clone3 resumed> => {parent_tid=[6955]}, 88) = 6955 [pid 6955] <... rseq resumed>) = 0 [pid 6950] rt_sigprocmask(SIG_SETMASK, [], [pid 6955] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6955] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6950] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6955] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6952] close(3 [pid 6950] <... futex resumed>) = 0 [pid 6955] memfd_create("syzkaller", 0 [pid 6953] write(3, "1000", 4 [pid 6950] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6955] <... memfd_create resumed>) = 3 [pid 6953] <... write resumed>) = 4 [pid 6952] <... close resumed>) = 0 [pid 6955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6953] close(3 [pid 6955] <... mmap resumed>) = 0x7fbb60600000 [pid 6953] <... close resumed>) = 0 [pid 6953] symlink("/dev/binderfs", "./binderfs" [pid 6955] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6953] <... symlink resumed>) = 0 [pid 6953] write(1, "executing program\n", 18executing program ) = 18 [pid 6953] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6953] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6955] <... write resumed>) = 131072 [pid 6954] <... openat resumed>) = 3 [pid 6953] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6952] symlink("/dev/binderfs", "./binderfs" [pid 6954] write(3, "1000", 4 [pid 6952] <... symlink resumed>) = 0 [pid 6954] <... write resumed>) = 4 [pid 6953] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6954] close(3 [pid 6953] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6954] <... close resumed>) = 0 [pid 6953] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6955] munmap(0x7fbb60600000, 138412032 [pid 6954] symlink("/dev/binderfs", "./binderfs" [pid 6953] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6955] <... munmap resumed>) = 0 [pid 6953] <... mprotect resumed>) = 0 [pid 6952] write(1, "executing program\n", 18executing program [pid 6954] <... symlink resumed>) = 0 [pid 6953] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6952] <... write resumed>) = 18 [pid 6953] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6955] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6953] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6956 attached [pid 6955] <... openat resumed>) = 4 [ 140.236361][ T6951] loop1: detected capacity change from 0 to 256 [pid 6956] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6955] ioctl(4, LOOP_SET_FD, 3executing program [pid 6956] set_robust_list(0x7fbb68bde9a0, 24 [pid 6954] write(1, "executing program\n", 18 [pid 6952] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6954] <... write resumed>) = 18 [pid 6952] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6954] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6954] <... futex resumed>) = 0 [pid 6952] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6956] <... set_robust_list resumed>) = 0 [pid 6956] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] <... clone3 resumed> => {parent_tid=[6956]}, 88) = 6956 [pid 6956] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6953] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6956] <... futex resumed>) = 0 [pid 6953] <... futex resumed>) = 1 [pid 6956] memfd_create("syzkaller", 0 [pid 6953] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6956] <... memfd_create resumed>) = 3 [pid 6956] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6956] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6955] <... ioctl resumed>) = 0 [pid 6954] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6952] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6956] <... write resumed>) = 131072 [pid 6955] close(3) = 0 [pid 6955] close(4) = 0 [pid 6955] mkdir("./file2", 0777 [pid 6956] munmap(0x7fbb60600000, 138412032 [pid 6955] <... mkdir resumed>) = 0 [pid 6956] <... munmap resumed>) = 0 [pid 6955] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6954] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6952] <... mprotect resumed>) = 0 [pid 6954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6952] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6951] <... mount resumed>) = 0 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6952] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6956] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6954] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6951] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6956] <... openat resumed>) = 4 [pid 6954] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6956] ioctl(4, LOOP_SET_FD, 3 [pid 6954] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 6957 attached [pid 6954] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6952] <... clone3 resumed> => {parent_tid=[6957]}, 88) = 6957 [pid 6951] <... openat resumed>) = 3 [pid 6954] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6952] rt_sigprocmask(SIG_SETMASK, [], [pid 6951] chdir("./file2"./strace-static-x86_64: Process 6958 attached [pid 6954] <... clone3 resumed> => {parent_tid=[6958]}, 88) = 6958 [pid 6952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6951] <... chdir resumed>) = 0 [pid 6958] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6954] rt_sigprocmask(SIG_SETMASK, [], [pid 6952] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6951] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6958] <... rseq resumed>) = 0 [pid 6954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6958] set_robust_list(0x7fbb68bde9a0, 24 [pid 6957] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6954] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6952] <... futex resumed>) = 0 [pid 6951] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6958] <... set_robust_list resumed>) = 0 [pid 6957] <... rseq resumed>) = 0 [pid 6954] <... futex resumed>) = 0 [pid 6952] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6958] rt_sigprocmask(SIG_SETMASK, [], [pid 6951] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6954] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6951] <... futex resumed>) = 1 [pid 6957] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6957] rt_sigprocmask(SIG_SETMASK, [], [pid 6958] memfd_create("syzkaller", 0 [pid 6957] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6951] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6958] <... memfd_create resumed>) = 3 [pid 6957] memfd_create("syzkaller", 0 [pid 6958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6949] <... futex resumed>) = 0 [pid 6958] <... mmap resumed>) = 0x7fbb60600000 [pid 6957] <... memfd_create resumed>) = 3 [pid 6949] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6949] <... futex resumed>) = 1 [pid 6957] <... mmap resumed>) = 0x7fbb60600000 [pid 6951] <... futex resumed>) = 0 [pid 6949] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6958] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [ 140.282446][ T6955] loop3: detected capacity change from 0 to 256 [ 140.291867][ T6951] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 140.305651][ T6951] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 140.321707][ T6956] loop4: detected capacity change from 0 to 256 [pid 6951] mkdir("./file3", 0777 [pid 6957] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 6956] <... ioctl resumed>) = 0 [pid 6956] close(3 [pid 6958] <... write resumed>) = 131072 [pid 6957] munmap(0x7fbb60600000, 138412032 [pid 6956] <... close resumed>) = 0 [pid 6958] munmap(0x7fbb60600000, 138412032 [pid 6957] <... munmap resumed>) = 0 [pid 6956] close(4 [pid 6951] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6956] <... close resumed>) = 0 [pid 6951] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6956] mkdir("./file2", 0777 [pid 6949] <... futex resumed>) = ? [pid 6957] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6956] <... mkdir resumed>) = 0 [pid 6951] +++ killed by SIGSEGV +++ [pid 6949] +++ killed by SIGSEGV +++ [pid 6957] <... openat resumed>) = 4 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6949, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6957] ioctl(4, LOOP_SET_FD, 3 [ 140.341684][ T6951] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.354782][ T6951] exFAT-fs (loop1): Filesystem has been set read-only [ 140.364758][ T6955] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 140.384563][ T6957] loop0: detected capacity change from 0 to 256 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6956] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... restart_syscall resumed>) = 0 [pid 6958] <... munmap resumed>) = 0 [pid 6958] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 6958] ioctl(4, LOOP_SET_FD, 3 [pid 6957] <... ioctl resumed>) = 0 [pid 6957] close(3) = 0 [pid 6957] close(4) = 0 [pid 5819] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6957] mkdir("./file2", 0777 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6957] <... mkdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6957] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6958] <... ioctl resumed>) = 0 [pid 6955] <... mount resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6955] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6958] close(3 [pid 6955] <... openat resumed>) = 3 [pid 6958] <... close resumed>) = 0 [pid 6955] chdir("./file2" [pid 6958] close(4 [pid 6955] <... chdir resumed>) = 0 [pid 6958] <... close resumed>) = 0 [pid 6955] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6958] mkdir("./file2", 0777 [pid 6955] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6958] <... mkdir resumed>) = 0 [pid 6955] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6955] <... futex resumed>) = 1 [ 140.389500][ T6955] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 140.395430][ T6958] loop2: detected capacity change from 0 to 256 [ 140.421928][ T6956] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6955] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6950] <... futex resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6958] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6950] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(AT_FDCWD, "./103/file2", [pid 6950] <... futex resumed>) = 1 [pid 6956] <... mount resumed>) = 0 [pid 6950] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6956] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6955] <... futex resumed>) = 0 [pid 6955] mkdir("./file3", 0777 [pid 6956] chdir("./file2") = 0 [pid 5819] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6956] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6956] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 6956] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6953] <... futex resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 6956] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6953] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6956] mkdir("./file3", 0777 [pid 6953] <... futex resumed>) = 0 [pid 5819] getdents64(4, [pid 6953] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [ 140.436481][ T6957] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 140.449241][ T6956] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 140.461688][ T6957] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 140.475460][ T6955] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5819] rmdir("./103/file2") = 0 [pid 5819] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./103/binderfs" [pid 6957] <... mount resumed>) = 0 [pid 6956] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6955] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6950] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] <... unlink resumed>) = 0 [pid 6950] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6950] <... futex resumed>) = 0 [pid 5819] getdents64(3, [pid 6956] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6955] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6950] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6957] <... openat resumed>) = 3 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6957] chdir("./file2" [pid 5819] close(3 [pid 6957] <... chdir resumed>) = 0 [pid 6950] <... mmap resumed>) = ? [pid 5819] <... close resumed>) = 0 [pid 6957] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5819] rmdir("./103" [pid 6956] +++ killed by SIGSEGV +++ [pid 6955] +++ killed by SIGSEGV +++ [pid 6950] +++ killed by SIGSEGV +++ [pid 5819] <... rmdir resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6950, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5819] mkdir("./104", 0777) = 0 [pid 6957] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6953] <... futex resumed>) = ? [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6953] +++ killed by SIGSEGV +++ [pid 5819] <... openat resumed>) = 3 [pid 6957] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6957] <... futex resumed>) = 1 [pid 6952] <... futex resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6953, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5819] <... ioctl resumed>) = 0 [pid 6952] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6957] mkdir("./file3", 0777 [pid 6952] <... futex resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [ 140.475464][ T6956] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.475490][ T6956] exFAT-fs (loop4): Filesystem has been set read-only [ 140.502165][ T6955] exFAT-fs (loop3): Filesystem has been set read-only [ 140.509476][ T6958] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5819] close(3 [pid 6952] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] <... close resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6959 attached [pid 5822] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6959 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 5821] <... openat resumed>) = 3 [pid 6959] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(3, "", [pid 6959] <... set_robust_list resumed>) = 0 [pid 5822] getdents64(3, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6959] chdir("./104" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(3, [pid 6959] <... chdir resumed>) = 0 [pid 5822] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5821] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6959] setpgid(0, 0 [pid 5822] <... umount2 resumed>) = 0 [pid 6959] <... setpgid resumed>) = 0 [pid 5822] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6959] <... openat resumed>) = 3 [pid 5822] newfstatat(AT_FDCWD, "./104/file2", [pid 6959] write(3, "1000", 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6959] <... write resumed>) = 4 [pid 5822] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = 0 [pid 6959] close(3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6959] <... close resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6959] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... openat resumed>) = 4 [pid 5821] newfstatat(AT_FDCWD, "./104/file2", [pid 6959] <... symlink resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, executing program [pid 6959] write(1, "executing program\n", 18 [pid 5822] getdents64(4, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6959] <... write resumed>) = 18 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 6959] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6959] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5822] close(4 [pid 5821] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] rmdir("./104/file2" [pid 5822] rmdir("./104/file2" [pid 5821] <... rmdir resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5822] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6959] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] newfstatat(AT_FDCWD, "./104/binderfs", [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6959] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./104/binderfs" [pid 6952] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6952] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6952] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] unlink("./104/binderfs" [pid 6952] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6952] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... unlink resumed>) = 0 [pid 6959] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] getdents64(3, [pid 6959] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6952] <... mprotect resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6959] <... mprotect resumed>) = 0 [ 140.557269][ T6957] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.557344][ T6958] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6952] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] close(3 [pid 6952] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 6952] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6959] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] rmdir("./104") = 0 [pid 5821] getdents64(3, [pid 6959] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] mkdir("./105", 0777 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 6960 attached [pid 6959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6958] <... mount resumed>) = 0 [pid 6952] <... clone3 resumed> => {parent_tid=[6960]}, 88) = 6960 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] close(3./strace-static-x86_64: Process 6961 attached ) = 0 [pid 6959] <... clone3 resumed> => {parent_tid=[6961]}, 88) = 6961 [pid 5821] rmdir("./104" [pid 6960] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 6959] rt_sigprocmask(SIG_SETMASK, [], [pid 6958] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6952] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... rmdir resumed>) = 0 [pid 6960] <... rseq resumed>) = 0 [pid 6958] <... openat resumed>) = 3 [pid 6952] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6960] set_robust_list(0x7fbb68bbd9a0, 24 [pid 6958] chdir("./file2" [pid 6952] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6960] <... set_robust_list resumed>) = 0 [pid 6959] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6958] <... chdir resumed>) = 0 [pid 6952] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] mkdir("./105", 0777 [pid 6961] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6960] rt_sigprocmask(SIG_SETMASK, [], [pid 6959] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6958] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6952] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... mkdir resumed>) = 0 [pid 6961] <... rseq resumed>) = 0 [pid 6960] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6959] <... futex resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6961] set_robust_list(0x7fbb68bde9a0, 24 [pid 6960] openat(AT_FDCWD, ".", O_RDONLY [pid 6959] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6958] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... ioctl resumed>) = 0 [pid 6961] <... set_robust_list resumed>) = 0 [pid 6960] <... openat resumed>) = 4 [pid 6958] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] close(3 [pid 6961] rt_sigprocmask(SIG_SETMASK, [], [pid 6958] <... futex resumed>) = 1 [pid 6954] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 6961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6958] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6954] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6962 attached [pid 6961] memfd_create("syzkaller", 0 [pid 6958] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6954] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6962] set_robust_list(0x55555eedf6a0, 24 [pid 6961] <... memfd_create resumed>) = 3 [pid 6957] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6954] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6962 [pid 5821] <... openat resumed>) = 3 [pid 6962] <... set_robust_list resumed>) = 0 [pid 6961] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6957] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] ioctl(3, LOOP_CLR_FD [pid 6962] chdir("./105" [pid 6961] <... mmap resumed>) = 0x7fbb60600000 [pid 6958] mkdir("./file3", 0777 [pid 5821] <... ioctl resumed>) = 0 [pid 6961] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6952] <... futex resumed>) = ? [pid 5821] close(3 [pid 6962] <... chdir resumed>) = 0 [pid 6960] +++ killed by SIGSEGV +++ [pid 6962] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... close resumed>) = 0 [pid 6962] <... prctl resumed>) = 0 [pid 6962] setpgid(0, 0 [pid 6961] <... write resumed>) = 131072 [pid 6962] <... setpgid resumed>) = 0 [pid 6962] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6961] munmap(0x7fbb60600000, 138412032 [pid 6962] <... openat resumed>) = 3 [pid 6961] <... munmap resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6963 attached [pid 6962] write(3, "1000", 4 [pid 6961] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6962] <... write resumed>) = 4 [pid 6962] close(3) = 0 [pid 6962] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6963 [ 140.610011][ T6957] exFAT-fs (loop0): Filesystem has been set read-only [ 140.642785][ T6958] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6961] ioctl(4, LOOP_SET_FD, 3executing program [pid 6963] set_robust_list(0x55555eedf6a0, 24 [pid 6962] write(1, "executing program\n", 18) = 18 [pid 6963] <... set_robust_list resumed>) = 0 [pid 6962] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6963] chdir("./105") = 0 [pid 6963] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6962] <... futex resumed>) = 0 [pid 6963] setpgid(0, 0 [pid 6962] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6963] <... setpgid resumed>) = 0 [pid 6962] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6957] +++ killed by SIGSEGV +++ [pid 6952] +++ killed by SIGSEGV +++ [pid 6963] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6962] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6963] <... openat resumed>) = 3 [pid 6962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6952, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6963] write(3, "1000", 4 [pid 6962] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6963] <... write resumed>) = 4 [pid 6962] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6963] close(3 [pid 6962] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6963] <... close resumed>) = 0 [pid 6962] <... mprotect resumed>) = 0 [pid 6963] symlink("/dev/binderfs", "./binderfs" [pid 6962] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6963] <... symlink resumed>) = 0 [pid 6962] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 6963] write(1, "executing program\n", 18 [pid 6962] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6964 attached [pid 6963] <... write resumed>) = 18 [pid 6963] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6962] <... clone3 resumed> => {parent_tid=[6964]}, 88) = 6964 [pid 6963] <... futex resumed>) = 0 [pid 6962] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... restart_syscall resumed>) = 0 [pid 6963] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6962] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6963] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6962] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6963] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6962] <... futex resumed>) = 0 [pid 5818] umount2("./100", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6964] <... rseq resumed>) = 0 [pid 6963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6962] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6954] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6964] set_robust_list(0x7fbb68bde9a0, 24 [pid 6963] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6961] <... ioctl resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6964] <... set_robust_list resumed>) = 0 [pid 6963] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... openat resumed>) = 3 [pid 6964] rt_sigprocmask(SIG_SETMASK, [], [pid 6963] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6961] close(3 [pid 5818] newfstatat(3, "", [pid 6964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6963] <... mprotect resumed>) = 0 [pid 6961] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6964] memfd_create("syzkaller", 0 [pid 6963] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] getdents64(3, [pid 6964] <... memfd_create resumed>) = 3 [pid 6963] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6961] close(4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6964] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6963] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6964] <... mmap resumed>) = 0x7fbb60600000 [pid 6954] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6965 attached [pid 6964] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6965] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6963] <... clone3 resumed> => {parent_tid=[6965]}, 88) = 6965 [pid 6954] <... futex resumed>) = 0 [pid 6965] <... rseq resumed>) = 0 [pid 6963] rt_sigprocmask(SIG_SETMASK, [], [pid 6961] <... close resumed>) = 0 [pid 6965] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6963] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6965] rt_sigprocmask(SIG_SETMASK, [], [pid 6963] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6963] <... futex resumed>) = 0 [pid 6961] mkdir("./file2", 0777 [pid 6954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6965] memfd_create("syzkaller", 0 [pid 6963] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6961] <... mkdir resumed>) = 0 [pid 6958] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6954] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6964] <... write resumed>) = 131072 [pid 6965] <... memfd_create resumed>) = 3 [pid 6958] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6954] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6961] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6965] <... mmap resumed>) = 0x7fbb60600000 [pid 6954] <... mprotect resumed>) = ? [pid 6965] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] <... umount2 resumed>) = 0 [pid 6964] munmap(0x7fbb60600000, 138412032) = 0 [pid 6958] +++ killed by SIGSEGV +++ [pid 6954] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6954, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6964] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6964] <... openat resumed>) = 4 [pid 6965] <... write resumed>) = 131072 [pid 6964] ioctl(4, LOOP_SET_FD, 3 [ 140.663922][ T6961] loop1: detected capacity change from 0 to 256 [ 140.680214][ T6958] exFAT-fs (loop2): Filesystem has been set read-only [pid 5818] newfstatat(AT_FDCWD, "./100/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./100/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6965] munmap(0x7fbb60600000, 138412032 [pid 6964] <... ioctl resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./100/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6965] <... munmap resumed>) = 0 [pid 6964] close(3 [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 6964] <... close resumed>) = 0 [pid 5820] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6964] close(4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(4, [pid 6965] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6964] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [ 140.722968][ T6964] loop4: detected capacity change from 0 to 256 [ 140.735610][ T6961] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6965] <... openat resumed>) = 4 [pid 6964] mkdir("./file2", 0777 [pid 5820] <... openat resumed>) = 3 [pid 5818] getdents64(4, [pid 6965] ioctl(4, LOOP_SET_FD, 3 [pid 5820] newfstatat(3, "", [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6964] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] close(4 [pid 6964] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] getdents64(3, [pid 5818] <... close resumed>) = 0 [pid 6961] <... mount resumed>) = 0 [pid 6965] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] rmdir("./100/file2" [pid 5820] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6961] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6961] chdir("./file2" [pid 5818] <... rmdir resumed>) = 0 [pid 6961] <... chdir resumed>) = 0 [pid 6961] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] umount2("./100/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6961] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6961] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6961] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6965] close(3 [pid 6959] <... futex resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6959] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] newfstatat(AT_FDCWD, "./100/binderfs", [pid 6965] <... close resumed>) = 0 [pid 6959] <... futex resumed>) = 1 [pid 6961] <... futex resumed>) = 0 [pid 6959] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6965] close(4 [pid 6961] mkdir("./file3", 0777 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 140.765230][ T6965] loop3: detected capacity change from 0 to 256 [ 140.770129][ T6961] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 140.791500][ T6964] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 140.806273][ T6964] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6965] <... close resumed>) = 0 [pid 5818] unlink("./100/binderfs" [pid 6965] mkdir("./file2", 0777) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 6965] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] <... umount2 resumed>) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./100" [pid 6961] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6964] <... mount resumed>) = 0 [pid 5820] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 [pid 6961] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6964] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6959] <... futex resumed>) = ? [ 140.818087][ T6961] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.828234][ T6961] exFAT-fs (loop1): Filesystem has been set read-only [ 140.844567][ T6965] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5818] mkdir("./101", 0777 [pid 6964] chdir("./file2" [pid 6961] +++ killed by SIGSEGV +++ [pid 6959] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... mkdir resumed>) = 0 [pid 6964] <... chdir resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./101/file2", [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6959, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 6964] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6964] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6964] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... ioctl resumed>) = 0 [pid 6964] <... futex resumed>) = 1 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6964] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5818] close(3) = 0 [pid 6962] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... openat resumed>) = 4 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6966 ./strace-static-x86_64: Process 6966 attached [pid 6965] <... mount resumed>) = 0 [pid 6962] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] newfstatat(4, "", [pid 6964] <... futex resumed>) = 0 [pid 6962] <... futex resumed>) = 1 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6964] mkdir("./file3", 0777 [pid 6962] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] getdents64(4, [pid 6965] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] rmdir("./101/file2" [pid 6966] set_robust_list(0x55555eedf6a0, 24 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6966] <... set_robust_list resumed>) = 0 [pid 5820] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(3, "", [pid 6966] chdir("./101" [pid 6965] chdir("./file2" [pid 6964] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6966] <... chdir resumed>) = 0 [pid 6965] <... chdir resumed>) = 0 [pid 6964] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] newfstatat(AT_FDCWD, "./101/binderfs", [pid 5819] getdents64(3, [pid 6966] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6965] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6962] <... futex resumed>) = ? [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6966] <... prctl resumed>) = 0 [pid 6965] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] unlink("./101/binderfs" [pid 5819] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6966] setpgid(0, 0 [pid 6965] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6964] +++ killed by SIGSEGV +++ [pid 6962] +++ killed by SIGSEGV +++ [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 6966] <... setpgid resumed>) = 0 [pid 5820] getdents64(3, [pid 6965] <... futex resumed>) = 1 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6965] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6963] <... futex resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6962, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] close(3 [pid 5819] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6966] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6963] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... close resumed>) = 0 [pid 6966] <... openat resumed>) = 3 [pid 6965] <... futex resumed>) = 0 [pid 6963] <... futex resumed>) = 1 [pid 5820] rmdir("./101" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6965] mkdir("./file3", 0777 [pid 6963] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... rmdir resumed>) = 0 [pid 6966] write(3, "1000", 4 [pid 5820] mkdir("./102", 0777 [pid 5819] newfstatat(AT_FDCWD, "./104/file2", [pid 6966] <... write resumed>) = 4 [pid 6966] close(3 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6966] <... close resumed>) = 0 [ 140.860194][ T6965] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 140.888133][ T6964] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.898413][ T6964] exFAT-fs (loop4): Filesystem has been set read-only [pid 5822] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6966] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... umount2 resumed>) = 0 [pid 5819] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 6966] <... symlink resumed>) = 0 [pid 6965] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... openat resumed>) = 3 [pid 6966] write(1, "executing program\n", 18 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6966] <... write resumed>) = 18 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6966] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... ioctl resumed>) = 0 [pid 6966] <... futex resumed>) = 0 [pid 6966] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(3 [pid 5819] <... openat resumed>) = 4 [pid 6965] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6963] <... futex resumed>) = ? [pid 6966] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6965] +++ killed by SIGSEGV +++ [pid 6963] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... close resumed>) = 0 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6966] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] newfstatat(AT_FDCWD, "./105/file2", [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(4, ./strace-static-x86_64: Process 6967 attached [pid 6966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6963, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6967] set_robust_list(0x55555eedf6a0, 24 [pid 6966] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6967 [pid 5819] close(4 [pid 6967] <... set_robust_list resumed>) = 0 [pid 6966] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6966] <... mprotect resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 6966] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] newfstatat(4, "", [pid 5821] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6966] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6966] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] getdents64(4, [pid 5821] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 6968 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... openat resumed>) = 3 [pid 5819] <... close resumed>) = 0 [pid 6968] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6967] chdir("./102" [pid 6966] <... clone3 resumed> => {parent_tid=[6968]}, 88) = 6968 [pid 5822] getdents64(4, [pid 5821] newfstatat(3, "", [pid 6968] <... rseq resumed>) = 0 [pid 6966] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6968] set_robust_list(0x7fbb68bde9a0, 24 [pid 6966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] close(4 [pid 5821] getdents64(3, [pid 6968] <... set_robust_list resumed>) = 0 [pid 6966] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... close resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6968] rt_sigprocmask(SIG_SETMASK, [], [pid 6966] <... futex resumed>) = 0 [pid 5822] rmdir("./105/file2" [pid 5821] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6968] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6966] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... rmdir resumed>) = 0 [pid 6968] memfd_create("syzkaller", 0 [pid 5822] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6968] <... memfd_create resumed>) = 3 [pid 6967] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = 0 [pid 5819] rmdir("./104/file2" [pid 6967] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5822] newfstatat(AT_FDCWD, "./105/binderfs", [pid 6967] <... prctl resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 6967] setpgid(0, 0 [pid 5822] unlink("./105/binderfs" [pid 5819] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6967] <... setpgid resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... unlink resumed>) = 0 [ 140.923428][ T6965] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 140.933247][ T6965] exFAT-fs (loop3): Filesystem has been set read-only [pid 6967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] newfstatat(AT_FDCWD, "./105/file2", [pid 5819] newfstatat(AT_FDCWD, "./104/binderfs", [pid 6968] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6967] <... openat resumed>) = 3 [pid 5822] getdents64(3, [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6967] write(3, "1000", 4 [pid 5821] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] unlink("./104/binderfs" [pid 6968] <... write resumed>) = 131072 [pid 6967] <... write resumed>) = 4 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... unlink resumed>) = 0 [pid 6967] close(3 [pid 5821] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6968] munmap(0x7fbb60600000, 138412032 [pid 6967] <... close resumed>) = 0 [pid 5822] close(3 [pid 5819] getdents64(3, [pid 5821] <... openat resumed>) = 4 [pid 5822] <... close resumed>) = 0 [pid 6967] symlink("/dev/binderfs", "./binderfs" [pid 5822] rmdir("./105" [pid 5821] newfstatat(4, "", [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6968] <... munmap resumed>) = 0 [pid 6967] <... symlink resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] close(3) = 0 [pid 6968] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6967] write(1, "executing program\n", 18 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] getdents64(4, executing program [pid 6968] <... openat resumed>) = 4 [pid 6967] <... write resumed>) = 18 [pid 5822] mkdir("./106", 0777 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] rmdir("./104" [pid 6968] ioctl(4, LOOP_SET_FD, 3 [pid 6967] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] getdents64(4, [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... rmdir resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 6968] <... ioctl resumed>) = 0 [pid 6967] <... futex resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] mkdir("./105", 0777 [pid 6968] close(3 [pid 6967] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... ioctl resumed>) = 0 [pid 5821] close(4 [pid 5819] <... mkdir resumed>) = 0 [pid 6968] <... close resumed>) = 0 [pid 6967] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... close resumed>) = 0 [pid 5822] close(3 [pid 6968] close(4 [pid 6967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] rmdir("./105/file2") = 0 [pid 6968] <... close resumed>) = 0 [pid 6967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6968] mkdir("./file2", 0777 [pid 6967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6967] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] newfstatat(AT_FDCWD, "./105/binderfs", [pid 6968] <... mkdir resumed>) = 0 [pid 6967] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6968] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6967] <... mprotect resumed>) = 0 [pid 5821] unlink("./105/binderfs" [pid 5819] <... openat resumed>) = 3 [pid 6967] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 6969 attached [pid 6967] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] getdents64(3, [pid 6969] set_robust_list(0x55555eedf6a0, 24 [pid 6967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 6969] <... set_robust_list resumed>) = 0 [pid 5821] close(3./strace-static-x86_64: Process 6970 attached [pid 6969] chdir("./106" [pid 6967] <... clone3 resumed> => {parent_tid=[6970]}, 88) = 6970 [pid 5821] <... close resumed>) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 6970] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6967] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] rmdir("./105" [pid 6970] <... rseq resumed>) = 0 [pid 6969] <... chdir resumed>) = 0 [pid 6967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] close(3 [pid 6969] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6967] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] mkdir("./106", 0777 [pid 6969] <... prctl resumed>) = 0 [pid 6967] <... futex resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 6969] setpgid(0, 0 [pid 6967] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6969] <... setpgid resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 6970] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 6969] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... close resumed>) = 0 [pid 6970] rt_sigprocmask(SIG_SETMASK, [], [ 141.004188][ T6968] loop0: detected capacity change from 0 to 256 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 6971 attached [pid 6970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6969] <... openat resumed>) = 3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6969 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6971 [pid 5821] close(3 [pid 6970] memfd_create("syzkaller", 0) = 3 [pid 6969] write(3, "1000", 4 [pid 6971] set_robust_list(0x55555eedf6a0, 24 [pid 6969] <... write resumed>) = 4 [pid 6969] close(3) = 0 [pid 6969] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6971] <... set_robust_list resumed>) = 0 [pid 6970] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6971] chdir("./105" [pid 6970] <... mmap resumed>) = 0x7fbb60600000 [pid 6970] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6971] <... chdir resumed>) = 0 ./strace-static-x86_64: Process 6972 attached executing program [pid 6971] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6969] write(1, "executing program\n", 18 [pid 6972] set_robust_list(0x55555eedf6a0, 24 [pid 6971] <... prctl resumed>) = 0 [pid 6969] <... write resumed>) = 18 [pid 6972] <... set_robust_list resumed>) = 0 [pid 6969] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6972 [pid 6972] chdir("./106" [pid 6971] setpgid(0, 0 [pid 6970] <... write resumed>) = 131072 [pid 6969] <... futex resumed>) = 0 [pid 6969] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6969] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6972] <... chdir resumed>) = 0 [pid 6971] <... setpgid resumed>) = 0 [pid 6969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6970] munmap(0x7fbb60600000, 138412032 [pid 6972] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6972] <... prctl resumed>) = 0 [pid 6971] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6969] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6972] setpgid(0, 0 [pid 6971] <... openat resumed>) = 3 [pid 6970] <... munmap resumed>) = 0 [pid 6968] <... mount resumed>) = 0 [pid 6972] <... setpgid resumed>) = 0 [pid 6971] write(3, "1000", 4 [pid 6970] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6969] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6971] <... write resumed>) = 4 [pid 6970] <... openat resumed>) = 4 [pid 6968] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6972] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6971] close(3 [pid 6970] ioctl(4, LOOP_SET_FD, 3 [pid 6969] <... mprotect resumed>) = 0 [pid 6968] <... openat resumed>) = 3 [pid 6972] <... openat resumed>) = 3 [pid 6971] <... close resumed>) = 0 [pid 6968] chdir("./file2" [pid 6972] write(3, "1000", 4 [pid 6971] symlink("/dev/binderfs", "./binderfs" [pid 6969] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6968] <... chdir resumed>) = 0 [pid 6969] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6972] <... write resumed>) = 4 [pid 6969] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6973 attached [pid 6972] close(3 [pid 6971] <... symlink resumed>) = 0 executing program [pid 6972] <... close resumed>) = 0 [pid 6969] <... clone3 resumed> => {parent_tid=[6973]}, 88) = 6973 [pid 6972] symlink("/dev/binderfs", "./binderfs" [pid 6971] write(1, "executing program\n", 18 [pid 6973] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6971] <... write resumed>) = 18 [pid 6968] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6973] <... rseq resumed>) = 0 [pid 6972] <... symlink resumed>) = 0 [pid 6971] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] rt_sigprocmask(SIG_SETMASK, [], [pid 6968] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6973] set_robust_list(0x7fbb68bde9a0, 24 [pid 6971] <... futex resumed>) = 0 [pid 6968] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... set_robust_list resumed>) = 0 [ 141.053707][ T6968] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 141.071201][ T6968] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.093863][ T6970] loop2: detected capacity change from 0 to 256 [pid 6971] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6968] <... futex resumed>) = 1 [pid 6966] <... futex resumed>) = 0 [pid 6973] rt_sigprocmask(SIG_SETMASK, [], executing program [pid 6971] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6966] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] write(1, "executing program\n", 18 [pid 6971] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6969] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6972] <... write resumed>) = 18 [pid 6971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6969] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6966] <... futex resumed>) = 0 [pid 6973] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6968] mkdir("./file3", 0777 [pid 6966] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6973] memfd_create("syzkaller", 0 [pid 6972] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6971] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6969] <... futex resumed>) = 0 [pid 6973] <... memfd_create resumed>) = 3 [pid 6973] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6971] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6970] <... ioctl resumed>) = 0 [pid 6973] <... mmap resumed>) = 0x7fbb60600000 [pid 6971] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6970] close(3 [pid 6973] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6972] <... futex resumed>) = 0 [pid 6971] <... mprotect resumed>) = 0 [pid 6970] <... close resumed>) = 0 [pid 6969] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6972] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6971] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6970] close(4 [pid 6971] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6970] <... close resumed>) = 0 [pid 6971] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6970] mkdir("./file2", 0777 [pid 6972] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6970] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 6974 attached [pid 6972] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6971] <... clone3 resumed> => {parent_tid=[6974]}, 88) = 6974 [pid 6970] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6974] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6972] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6971] rt_sigprocmask(SIG_SETMASK, [], [pid 6974] <... rseq resumed>) = 0 [pid 6972] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6974] set_robust_list(0x7fbb68bde9a0, 24 [pid 6971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] <... mprotect resumed>) = 0 [pid 6974] <... set_robust_list resumed>) = 0 [pid 6974] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] <... write resumed>) = 131072 [pid 6972] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6971] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6971] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6972] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6974] memfd_create("syzkaller", 0 [pid 6972] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6973] munmap(0x7fbb60600000, 138412032./strace-static-x86_64: Process 6975 attached [pid 6974] <... memfd_create resumed>) = 3 [pid 6973] <... munmap resumed>) = 0 [pid 6975] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 6975] set_robust_list(0x7fbb68bde9a0, 24 [pid 6974] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6975] <... set_robust_list resumed>) = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 6975] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] ioctl(4, LOOP_SET_FD, 3 [pid 6975] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6974] <... mmap resumed>) = 0x7fbb60600000 [pid 6972] <... clone3 resumed> => {parent_tid=[6975]}, 88) = 6975 [pid 6975] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6974] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6972] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6972] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] <... futex resumed>) = 0 [pid 6972] <... futex resumed>) = 1 [ 141.107394][ T6968] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.136350][ T6968] exFAT-fs (loop0): Filesystem has been set read-only [ 141.144756][ T6973] loop4: detected capacity change from 0 to 256 [pid 6975] memfd_create("syzkaller", 0 [pid 6974] <... write resumed>) = 131072 [pid 6972] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6966] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6966] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6975] <... memfd_create resumed>) = 3 [pid 6966] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6968] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6973] <... ioctl resumed>) = 0 [pid 6968] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6973] close(3) = 0 [pid 6973] close(4) = 0 [pid 6973] mkdir("./file2", 0777) = 0 [pid 6968] +++ killed by SIGSEGV +++ [pid 6975] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6973] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6974] munmap(0x7fbb60600000, 138412032 [pid 6966] +++ killed by SIGSEGV +++ [pid 6974] <... munmap resumed>) = 0 [pid 6974] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6966, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6975] <... write resumed>) = 131072 [pid 6974] <... openat resumed>) = 4 [ 141.153743][ T6970] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 141.187715][ T6973] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 6975] munmap(0x7fbb60600000, 138412032 [pid 6974] ioctl(4, LOOP_SET_FD, 3 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5818] umount2("./101", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6975] <... munmap resumed>) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5818] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./101/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] umount2("./101/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./101/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 6975] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 6975] ioctl(4, LOOP_SET_FD, 3 [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./101/file2") = 0 [pid 5818] umount2("./101/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./101/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./101") = 0 [pid 6970] <... mount resumed>) = 0 [pid 6970] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6975] <... ioctl resumed>) = 0 [pid 6970] <... openat resumed>) = 3 [pid 5818] mkdir("./102", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6970] chdir("./file2" [pid 5818] <... openat resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 6970] <... chdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6975] close(3 [pid 6970] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6974] <... ioctl resumed>) = 0 [pid 6970] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6975] <... close resumed>) = 0 [pid 6970] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6975] close(4 [pid 6974] close(3 [pid 6970] <... futex resumed>) = 1 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6975] <... close resumed>) = 0 [pid 6970] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6975] mkdir("./file2", 0777 [pid 6974] <... close resumed>) = 0 [pid 6967] <... futex resumed>) = 0 [pid 6974] close(4./strace-static-x86_64: Process 6976 attached [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6976 [pid 6975] <... mkdir resumed>) = 0 [pid 6974] <... close resumed>) = 0 [pid 6967] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6976] set_robust_list(0x55555eedf6a0, 24 [ 141.198908][ T6970] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.210367][ T6974] loop1: detected capacity change from 0 to 256 [ 141.227593][ T6975] loop3: detected capacity change from 0 to 256 [ 141.248088][ T6973] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6975] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" executing program [pid 6974] mkdir("./file2", 0777 [pid 6970] <... futex resumed>) = 0 [pid 6967] <... futex resumed>) = 1 [pid 6976] <... set_robust_list resumed>) = 0 [pid 6970] mkdir("./file3", 0777 [pid 6976] chdir("./102") = 0 [pid 6976] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6974] <... mkdir resumed>) = 0 [pid 6976] setpgid(0, 0) = 0 [pid 6967] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6974] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6976] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6976] write(3, "1000", 4) = 4 [pid 6976] close(3) = 0 [pid 6976] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6976] write(1, "executing program\n", 18) = 18 [pid 6976] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6976] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6976] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6976] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6976] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6976] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6976] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6977 attached => {parent_tid=[6977]}, 88) = 6977 [pid 6973] <... mount resumed>) = 0 [pid 6973] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 6973] chdir("./file2") = 0 [pid 6973] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6976] rt_sigprocmask(SIG_SETMASK, [], [pid 6973] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6977] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6973] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] <... rseq resumed>) = 0 [pid 6976] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6973] <... futex resumed>) = 1 [pid 6977] set_robust_list(0x7fbb68bde9a0, 24 [pid 6976] <... futex resumed>) = 0 [pid 6973] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6977] <... set_robust_list resumed>) = 0 [pid 6976] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6977] memfd_create("syzkaller", 0) = 3 [ 141.278751][ T6970] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.302757][ T6974] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 141.315009][ T6975] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6977] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6977] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6967] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6969] <... futex resumed>) = 0 [pid 6967] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6967] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6977] <... write resumed>) = 131072 [pid 6970] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6969] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6967] <... mprotect resumed>) = 0 [pid 6973] <... futex resumed>) = 0 [pid 6970] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6969] <... futex resumed>) = 1 [pid 6967] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6969] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6977] munmap(0x7fbb60600000, 138412032 [ 141.331208][ T6970] exFAT-fs (loop2): Filesystem has been set read-only [ 141.349017][ T6974] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.349186][ T6973] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.358894][ T6975] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6973] mkdir("./file3", 0777 [pid 6977] <... munmap resumed>) = 0 [pid 6967] <... rt_sigprocmask resumed> ) = ? [pid 6977] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6977] ioctl(4, LOOP_SET_FD, 3 [pid 6970] +++ killed by SIGSEGV +++ [pid 6967] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6967, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5820] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5820] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./102/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./102/file2") = 0 [pid 5820] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./102/binderfs", [pid 6974] <... mount resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./102/binderfs" [pid 6974] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... unlink resumed>) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./102") = 0 [pid 5820] mkdir("./103", 0777 [pid 6974] <... openat resumed>) = 3 [pid 6969] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... mkdir resumed>) = 0 [pid 6969] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6974] chdir("./file2" [pid 6977] <... ioctl resumed>) = 0 [pid 6974] <... chdir resumed>) = 0 [pid 6973] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6969] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6977] close(3 [pid 6974] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6969] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6977] <... close resumed>) = 0 [pid 6974] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6973] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6969] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5820] <... openat resumed>) = 3 [pid 6977] close(4 [pid 6974] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6977] <... close resumed>) = 0 [pid 6974] <... futex resumed>) = 1 [pid 6971] <... futex resumed>) = 0 [pid 6977] mkdir("./file2", 0777 [pid 6975] <... mount resumed>) = 0 [pid 6974] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6973] +++ killed by SIGSEGV +++ [pid 6971] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6969] +++ killed by SIGSEGV +++ [pid 5820] ioctl(3, LOOP_CLR_FD [pid 6977] <... mkdir resumed>) = 0 [pid 6975] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6971] <... futex resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6969, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5820] <... ioctl resumed>) = 0 [pid 6974] mkdir("./file3", 0777 [pid 6971] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6975] <... openat resumed>) = 3 [pid 5820] close(3 [pid 6975] chdir("./file2" [pid 5820] <... close resumed>) = 0 [pid 6977] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6975] <... chdir resumed>) = 0 [pid 6975] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6975] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6972] <... futex resumed>) = 0 [pid 6975] mkdir("./file3", 0777 [pid 6972] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 141.372200][ T6977] loop0: detected capacity change from 0 to 256 [ 141.400679][ T6973] exFAT-fs (loop4): Filesystem has been set read-only [ 141.421944][ T6974] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 ./strace-static-x86_64: Process 6978 attached [pid 6972] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6978 [pid 5822] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6978] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6978] chdir("./103") = 0 [pid 6978] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6978] setpgid(0, 0) = 0 [pid 6978] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6978] <... openat resumed>) = 3 [pid 5822] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6978] write(3, "1000", 4) = 4 [pid 5822] <... openat resumed>) = 3 [pid 6978] close(3 [pid 5822] newfstatat(3, "", [pid 6978] <... close resumed>) = 0 [pid 6978] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6978] write(1, "executing program\n", 18) = 18 [pid 6978] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6978] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 6978] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6978] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 6978] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6978] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6978] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6979 attached => {parent_tid=[6979]}, 88) = 6979 [pid 6978] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] getdents64(3, [pid 6978] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6979] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6978] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... rseq resumed>) = 0 [pid 6978] <... futex resumed>) = 0 [pid 6979] set_robust_list(0x7fbb68bde9a0, 24 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6978] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6979] <... set_robust_list resumed>) = 0 [pid 6979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6979] memfd_create("syzkaller", 0) = 3 [pid 6979] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6979] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] <... umount2 resumed>) = 0 [pid 6979] <... write resumed>) = 131072 [ 141.438479][ T6975] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.448126][ T6974] exFAT-fs (loop1): Filesystem has been set read-only [ 141.466212][ T6975] exFAT-fs (loop3): Filesystem has been set read-only [pid 6979] munmap(0x7fbb60600000, 138412032 [pid 6974] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6975] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6974] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6971] <... futex resumed>) = -1 EIO (Input/output error) [pid 5822] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6972] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6979] <... munmap resumed>) = 0 [pid 6975] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6974] +++ killed by SIGSEGV +++ [pid 6971] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6971, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6972] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6972] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 6972] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6979] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6977] <... mount resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./106/file2", [pid 6972] <... mprotect resumed>) = ? [pid 6979] <... openat resumed>) = 4 [pid 6977] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6979] ioctl(4, LOOP_SET_FD, 3 [pid 6977] <... openat resumed>) = 3 [pid 6975] +++ killed by SIGSEGV +++ [pid 6972] +++ killed by SIGSEGV +++ [pid 5822] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6977] chdir("./file2") = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6977] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6977] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6972, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 6977] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6976] <... futex resumed>) = 0 [pid 6977] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6976] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6979] <... ioctl resumed>) = 0 [pid 6977] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6976] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5819] <... openat resumed>) = 3 [pid 6979] close(3 [pid 6977] mkdir("./file3", 0777 [pid 6976] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6979] <... close resumed>) = 0 [ 141.487300][ T6977] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 141.502120][ T6977] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.518227][ T6979] loop2: detected capacity change from 0 to 256 [ 141.527962][ T6977] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6979] close(4 [pid 6977] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] newfstatat(4, "", [pid 5819] newfstatat(3, "", [pid 6979] <... close resumed>) = 0 [pid 6977] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6979] mkdir("./file2", 0777 [pid 6976] <... futex resumed>) = ? [pid 5822] getdents64(4, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [pid 6977] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] getdents64(4, [pid 5819] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6979] <... mkdir resumed>) = 0 [pid 6976] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = 0 [pid 6979] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] close(4 [pid 5821] <... openat resumed>) = 3 [pid 5819] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6976, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5822] <... close resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5822] rmdir("./106/file2" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(AT_FDCWD, "./105/file2", [pid 5822] <... rmdir resumed>) = 0 [pid 5821] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5819] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5822] unlink("./106/binderfs" [pid 5819] newfstatat(4, "", [pid 5818] umount2("./102", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, [pid 5819] getdents64(4, [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] close(3 [pid 5821] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5822] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5822] rmdir("./106" [pid 5819] close(4 [pid 5818] newfstatat(3, "", [pid 5822] <... rmdir resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./106/file2", [pid 5819] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] rmdir("./105/file2" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] mkdir("./107", 0777 [pid 5821] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... rmdir resumed>) = 0 [pid 5818] getdents64(3, [pid 5822] <... mkdir resumed>) = 0 [pid 5819] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./105/binderfs" [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... unlink resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [ 141.538110][ T6977] exFAT-fs (loop0): Filesystem has been set read-only [ 141.577223][ T6979] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5819] getdents64(3, [pid 5822] close(3 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5821] newfstatat(4, "", [pid 5822] <... close resumed>) = 0 [pid 5819] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... close resumed>) = 0 [pid 5821] getdents64(4, [pid 5818] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] rmdir("./105" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(4, [pid 5818] newfstatat(AT_FDCWD, "./102/file2", [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6979] <... mount resumed>) = 0 [pid 5821] close(4 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6979] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... close resumed>) = 0 [pid 5818] umount2("./102/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] rmdir("./106/file2" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] mkdir("./106", 0777 [pid 5818] openat(AT_FDCWD, "./102/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6979] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6980 attached [pid 6979] chdir("./file2" [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 6979] <... chdir resumed>) = 0 [pid 5821] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(4, "", [pid 6979] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6980] set_robust_list(0x55555eedf6a0, 24 [pid 6979] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6980] <... set_robust_list resumed>) = 0 [pid 6979] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6980 [pid 5821] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] getdents64(4, [pid 6980] chdir("./107" [pid 6979] <... futex resumed>) = 1 [pid 6978] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6980] <... chdir resumed>) = 0 [pid 6979] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6978] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... openat resumed>) = 3 [pid 5821] unlink("./106/binderfs" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6980] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6979] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6978] <... futex resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] getdents64(4, [pid 6980] <... prctl resumed>) = 0 [pid 6979] mkdir("./file3", 0777 [pid 6978] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... unlink resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 5821] getdents64(3, [pid 5818] close(4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./106") = 0 [pid 5821] mkdir("./107", 0777) = 0 [pid 5818] <... close resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5819] close(3 [pid 5818] rmdir("./102/file2" [pid 6980] setpgid(0, 0 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 6980] <... setpgid resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5818] umount2("./102/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6979] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6980] <... openat resumed>) = 3 [pid 6979] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] newfstatat(AT_FDCWD, "./102/binderfs", [pid 6980] write(3, "1000", 4./strace-static-x86_64: Process 6981 attached [pid 6978] <... futex resumed>) = ? [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./102/binderfs" [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6981 ./strace-static-x86_64: Process 6982 attached [pid 6981] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... unlink resumed>) = 0 [pid 6981] <... set_robust_list resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6982 [pid 5818] getdents64(3, [pid 6982] set_robust_list(0x55555eedf6a0, 24 [pid 6981] chdir("./106" [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6982] <... set_robust_list resumed>) = 0 [pid 6981] <... chdir resumed>) = 0 [pid 5818] close(3 [pid 6982] chdir("./107" [pid 6981] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6982] <... chdir resumed>) = 0 [ 141.594708][ T6979] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.622993][ T6979] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.633383][ T6979] exFAT-fs (loop2): Filesystem has been set read-only [pid 6981] setpgid(0, 0 [pid 6982] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6981] <... setpgid resumed>) = 0 [pid 6982] <... prctl resumed>) = 0 [pid 6981] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... close resumed>) = 0 [pid 6982] setpgid(0, 0) = 0 [pid 6981] <... openat resumed>) = 3 [pid 5818] rmdir("./102" [pid 6980] <... write resumed>) = 4 [pid 6982] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6981] write(3, "1000", 4 [pid 6980] close(3 [pid 5818] <... rmdir resumed>) = 0 [pid 6980] <... close resumed>) = 0 [pid 6982] <... openat resumed>) = 3 [pid 6981] <... write resumed>) = 4 [pid 6980] symlink("/dev/binderfs", "./binderfs" [pid 6979] +++ killed by SIGSEGV +++ [pid 6978] +++ killed by SIGSEGV +++ [pid 5818] mkdir("./103", 0777 [pid 6981] close(3 [pid 6982] write(3, "1000", 4 [pid 6981] <... close resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6978, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6982] <... write resumed>) = 4 [pid 6981] symlink("/dev/binderfs", "./binderfs" [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... mkdir resumed>) = 0 [pid 6982] close(3 [pid 6981] <... symlink resumed>) = 0 [pid 6980] <... symlink resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6982] <... close resumed>) = 0 executing program [pid 6981] write(1, "executing program\n", 18 [pid 6982] symlink("/dev/binderfs", "./binderfs" [pid 6981] <... write resumed>) = 18 executing program [pid 6980] write(1, "executing program\n", 18 [pid 5818] <... openat resumed>) = 3 [pid 6982] <... symlink resumed>) = 0 [pid 6981] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] <... write resumed>) = 18 executing program [pid 6982] write(1, "executing program\n", 18 [pid 6981] <... futex resumed>) = 0 [pid 6982] <... write resumed>) = 18 [pid 6981] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6982] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6980] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 6982] <... futex resumed>) = 0 [pid 6981] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6980] <... futex resumed>) = 0 [pid 6982] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... ioctl resumed>) = 0 [pid 6982] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] close(3 [pid 6982] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6981] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6981] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6982] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6981] <... mprotect resumed>) = 0 [pid 6982] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6981] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 6982] <... mprotect resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6982] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6981] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6981] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] newfstatat(3, "", ./strace-static-x86_64: Process 6984 attached ./strace-static-x86_64: Process 6983 attached [pid 6982] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6984] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6982] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6985 attached [pid 6984] <... rseq resumed>) = 0 [pid 6981] <... clone3 resumed> => {parent_tid=[6984]}, 88) = 6984 [pid 6980] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] getdents64(3, [pid 6985] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6984] set_robust_list(0x7fbb68bde9a0, 24 [pid 6983] set_robust_list(0x55555eedf6a0, 24 [pid 6981] rt_sigprocmask(SIG_SETMASK, [], [pid 6980] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6983 [pid 6985] <... rseq resumed>) = 0 [pid 6984] <... set_robust_list resumed>) = 0 [pid 6982] <... clone3 resumed> => {parent_tid=[6985]}, 88) = 6985 [pid 6981] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6985] set_robust_list(0x7fbb68bde9a0, 24 [pid 6984] rt_sigprocmask(SIG_SETMASK, [], [pid 6980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6983] <... set_robust_list resumed>) = 0 [pid 6985] <... set_robust_list resumed>) = 0 [pid 6984] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6982] rt_sigprocmask(SIG_SETMASK, [], [pid 6981] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] rt_sigprocmask(SIG_SETMASK, [], [pid 6984] memfd_create("syzkaller", 0 [pid 6982] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6981] <... futex resumed>) = 0 [pid 6985] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6982] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6981] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6985] memfd_create("syzkaller", 0 [pid 6984] <... memfd_create resumed>) = 3 [pid 6983] chdir("./103" [pid 6982] <... futex resumed>) = 0 [pid 6983] <... chdir resumed>) = 0 [pid 6982] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6983] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6983] <... prctl resumed>) = 0 [pid 6985] <... memfd_create resumed>) = 3 [pid 6984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6983] setpgid(0, 0 [pid 6985] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6984] <... mmap resumed>) = 0x7fbb60600000 [pid 6985] <... mmap resumed>) = 0x7fbb60600000 [pid 6985] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6984] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6983] <... setpgid resumed>) = 0 [pid 6980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6985] <... write resumed>) = 131072 [pid 6983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6980] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6980] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6984] <... write resumed>) = 131072 [pid 6983] <... openat resumed>) = 3 [pid 6980] <... mprotect resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./103/file2", [pid 6985] munmap(0x7fbb60600000, 138412032) = 0 [pid 6985] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6984] munmap(0x7fbb60600000, 138412032 [pid 6985] <... openat resumed>) = 4 [pid 6984] <... munmap resumed>) = 0 [pid 6984] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 6985] ioctl(4, LOOP_SET_FD, 3 [pid 6984] <... openat resumed>) = 4 [pid 6984] ioctl(4, LOOP_SET_FD, 3 [pid 6983] write(3, "1000", 4 [pid 6980] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6983] <... write resumed>) = 4 [pid 6980] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 6986 attached [pid 6983] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6986] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6983] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6986] <... rseq resumed>) = 0 [pid 6983] symlink("/dev/binderfs", "./binderfs" [pid 6980] <... clone3 resumed> => {parent_tid=[6986]}, 88) = 6986 [pid 5820] <... openat resumed>) = 4 executing program [pid 6983] <... symlink resumed>) = 0 [pid 6986] set_robust_list(0x7fbb68bde9a0, 24 [pid 5820] newfstatat(4, "", [pid 6986] <... set_robust_list resumed>) = 0 [pid 6983] write(1, "executing program\n", 18 [pid 6980] rt_sigprocmask(SIG_SETMASK, [], [pid 6986] rt_sigprocmask(SIG_SETMASK, [], [pid 6983] <... write resumed>) = 18 [pid 6980] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6986] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6983] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6980] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(4, [pid 6986] memfd_create("syzkaller", 0 [pid 6983] <... futex resumed>) = 0 [pid 6980] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6980] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] getdents64(4, [pid 6983] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6986] <... memfd_create resumed>) = 3 [pid 6983] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6983] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] close(4 [pid 6986] <... mmap resumed>) = 0x7fbb60600000 [pid 6983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 6985] <... ioctl resumed>) = 0 [pid 6986] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6984] <... ioctl resumed>) = 0 [pid 6983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] rmdir("./103/file2" [pid 6986] <... write resumed>) = 131072 [pid 6984] close(3 [pid 6983] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6985] close(3) = 0 [pid 6985] close(4 [pid 6984] <... close resumed>) = 0 [pid 6983] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... rmdir resumed>) = 0 [pid 6985] <... close resumed>) = 0 [pid 6984] close(4 [pid 6985] mkdir("./file2", 0777 [pid 6984] <... close resumed>) = 0 [pid 6985] <... mkdir resumed>) = 0 [pid 6984] mkdir("./file2", 0777 [pid 6986] munmap(0x7fbb60600000, 138412032 [pid 6984] <... mkdir resumed>) = 0 [pid 6986] <... munmap resumed>) = 0 [pid 6985] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6984] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6983] <... mprotect resumed>) = 0 [pid 6986] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6983] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6986] <... openat resumed>) = 4 [pid 6983] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6987 attached [pid 6986] ioctl(4, LOOP_SET_FD, 3 [pid 6983] <... clone3 resumed> => {parent_tid=[6987]}, 88) = 6987 [pid 6983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [ 141.744254][ T6985] loop3: detected capacity change from 0 to 256 [ 141.752435][ T6984] loop1: detected capacity change from 0 to 256 [pid 5820] unlink("./103/binderfs" [pid 6983] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... unlink resumed>) = 0 [pid 6987] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6983] <... futex resumed>) = 0 [pid 6987] <... rseq resumed>) = 0 [pid 6983] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] getdents64(3, [pid 6987] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 6987] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] close(3 [pid 6987] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./103" [pid 6987] memfd_create("syzkaller", 0 [pid 5820] <... rmdir resumed>) = 0 [pid 6987] <... memfd_create resumed>) = 3 [pid 6987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6986] <... ioctl resumed>) = 0 [pid 5820] mkdir("./104", 0777 [pid 6987] <... mmap resumed>) = 0x7fbb60600000 [pid 6986] close(3 [pid 5820] <... mkdir resumed>) = 0 [pid 6987] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6986] <... close resumed>) = 0 [pid 6986] close(4 [ 141.799733][ T6986] loop4: detected capacity change from 0 to 256 [ 141.815246][ T6985] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 141.830806][ T6985] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6986] <... close resumed>) = 0 [pid 6987] <... write resumed>) = 131072 [pid 6985] <... mount resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 6986] mkdir("./file2", 0777) = 0 [pid 6986] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6987] munmap(0x7fbb60600000, 138412032 [pid 6985] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 6985] <... openat resumed>) = 3 [pid 6987] <... munmap resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 6984] <... mount resumed>) = 0 [pid 6984] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6984] chdir("./file2") = 0 [pid 6984] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6984] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6984] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6988 attached [pid 6985] chdir("./file2" [pid 6981] <... futex resumed>) = 0 [pid 6988] set_robust_list(0x55555eedf6a0, 24 [pid 6985] <... chdir resumed>) = 0 [pid 6981] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6988 [pid 6988] <... set_robust_list resumed>) = 0 [pid 6987] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6985] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6985] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6985] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6984] <... futex resumed>) = 0 [pid 6981] <... futex resumed>) = 1 [pid 6988] chdir("./104" [pid 6987] <... openat resumed>) = 4 [pid 6984] mkdir("./file3", 0777 [pid 6982] <... futex resumed>) = 0 [ 141.845081][ T6984] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 141.858989][ T6984] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.885957][ T6986] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6981] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6982] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... futex resumed>) = 0 [pid 6982] <... futex resumed>) = 1 [pid 6985] mkdir("./file3", 0777 [pid 6982] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... chdir resumed>) = 0 [pid 6987] ioctl(4, LOOP_SET_FD, 3 [pid 6986] <... mount resumed>) = 0 [pid 6988] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6987] <... ioctl resumed>) = 0 [pid 6986] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6987] close(3) = 0 [pid 6986] <... openat resumed>) = 3 [pid 6988] <... prctl resumed>) = 0 [pid 6987] close(4 [pid 6986] chdir("./file2" [pid 6988] setpgid(0, 0 [pid 6987] <... close resumed>) = 0 [pid 6986] <... chdir resumed>) = 0 [pid 6988] <... setpgid resumed>) = 0 [pid 6987] mkdir("./file2", 0777 [pid 6986] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6988] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6986] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6988] <... openat resumed>) = 3 [pid 6987] <... mkdir resumed>) = 0 [pid 6986] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6988] write(3, "1000", 4 [pid 6987] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6988] <... write resumed>) = 4 [pid 6986] <... futex resumed>) = 1 [pid 6980] <... futex resumed>) = 0 [pid 6988] close(3 [pid 6986] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6988] <... close resumed>) = 0 [pid 6988] symlink("/dev/binderfs", "./binderfs" [pid 6980] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6986] <... futex resumed>) = 0 [pid 6980] <... futex resumed>) = 1 [pid 6988] <... symlink resumed>) = 0 executing program [pid 6988] write(1, "executing program\n", 18 [pid 6986] mkdir("./file3", 0777 [ 141.900396][ T6986] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 141.912949][ T6985] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.920817][ T6987] loop0: detected capacity change from 0 to 256 [ 141.923318][ T6984] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6980] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6988] <... write resumed>) = 18 [pid 6982] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6982] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6982] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6981] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6982] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6981] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6982] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6981] <... futex resumed>) = 0 [pid 6988] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6985] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6982] <... mprotect resumed>) = 0 [pid 6981] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6988] <... futex resumed>) = 0 [pid 6985] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6988] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6981] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6988] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6981] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 6985] +++ killed by SIGSEGV +++ [pid 6988] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6984] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6981] <... mprotect resumed>) = 0 [pid 6982] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6982, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 6988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6986] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6984] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6981] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6988] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6986] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6980] <... futex resumed>) = ? [pid 5821] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6986] +++ killed by SIGSEGV +++ [pid 6980] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6980, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 6984] +++ killed by SIGSEGV +++ [pid 6981] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [ 141.949892][ T6986] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 141.954553][ T6985] exFAT-fs (loop3): Filesystem has been set read-only [ 141.970025][ T6984] exFAT-fs (loop1): Filesystem has been set read-only [ 141.976931][ T6986] exFAT-fs (loop4): Filesystem has been set read-only [ 141.987023][ T6987] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 6988] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6981, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] <... openat resumed>) = 3 [pid 6988] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6988] <... mprotect resumed>) = 0 [pid 6987] <... mount resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6988] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6987] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6988] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6988] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6989 attached [pid 6987] <... openat resumed>) = 3 [pid 6988] <... clone3 resumed> => {parent_tid=[6989]}, 88) = 6989 [pid 6989] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6988] rt_sigprocmask(SIG_SETMASK, [], [pid 6987] chdir("./file2" [pid 5822] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6989] <... rseq resumed>) = 0 [pid 6988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6987] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6989] set_robust_list(0x7fbb68bde9a0, 24 [pid 6988] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6987] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6989] <... set_robust_list resumed>) = 0 [pid 6988] <... futex resumed>) = 0 [pid 6987] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6989] rt_sigprocmask(SIG_SETMASK, [], [pid 6988] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6987] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] newfstatat(3, "", [pid 5821] newfstatat(AT_FDCWD, "./107/file2", [pid 6987] <... futex resumed>) = 1 [pid 6983] <... futex resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 6983] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6983] <... futex resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6987] mkdir("./file3", 0777 [pid 6983] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6989] memfd_create("syzkaller", 0 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 6989] <... memfd_create resumed>) = 3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6989] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6987] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... openat resumed>) = 4 [pid 6989] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] <... umount2 resumed>) = 0 [pid 6987] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6983] <... futex resumed>) = ? [pid 6989] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6987] +++ killed by SIGSEGV +++ [pid 6983] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(4, "", [pid 5819] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = 0 [pid 5822] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6989] <... write resumed>) = 131072 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./106/file2", [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6983, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 6989] munmap(0x7fbb60600000, 138412032 [pid 5822] newfstatat(AT_FDCWD, "./107/file2", [pid 5821] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6989] <... munmap resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] umount2("./103", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6989] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, [pid 5818] <... openat resumed>) = 3 [pid 6989] <... openat resumed>) = 4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5822] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] close(4 [pid 5818] newfstatat(3, "", [pid 5819] newfstatat(4, "", [pid 6989] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... openat resumed>) = 4 [pid 5821] <... close resumed>) = 0 [ 142.004866][ T6987] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 142.028010][ T6987] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 142.037369][ T6987] exFAT-fs (loop0): Filesystem has been set read-only [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 5818] getdents64(3, [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(4, [pid 5818] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 6989] <... ioctl resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5821] rmdir("./107/file2" [pid 5818] <... umount2 resumed>) = 0 [pid 6989] close(3) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] rmdir("./106/file2" [pid 5818] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6989] close(4) = 0 [pid 6989] mkdir("./file2", 0777 [pid 5822] getdents64(4, [pid 6989] <... mkdir resumed>) = 0 [pid 6989] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./103/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./103/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] openat(AT_FDCWD, "./103/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] unlink("./106/binderfs" [pid 5818] <... openat resumed>) = 4 [pid 5819] <... unlink resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 5819] getdents64(3, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5818] getdents64(4, [pid 5819] rmdir("./106" [pid 5821] newfstatat(AT_FDCWD, "./107/binderfs", [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... close resumed>) = 0 [pid 5821] unlink("./107/binderfs" [pid 5822] rmdir("./107/file2" [pid 5821] <... unlink resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5819] mkdir("./107", 0777 [pid 5818] getdents64(4, [pid 5821] rmdir("./107" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] close(4 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./103/file2" [pid 5822] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 5822] unlink("./107/binderfs" [pid 5821] mkdir("./108", 0777 [pid 5822] <... unlink resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./107") = 0 [ 142.077102][ T6989] loop2: detected capacity change from 0 to 256 [ 142.099454][ T6989] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 6989] <... mount resumed>) = 0 [pid 5822] mkdir("./108", 0777 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] umount2("./103/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6989] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5819] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 6989] <... openat resumed>) = 3 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6989] chdir("./file2" [pid 5818] newfstatat(AT_FDCWD, "./103/binderfs", [pid 6989] <... chdir resumed>) = 0 [pid 5821] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 6989] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] unlink("./103/binderfs" [pid 6989] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... unlink resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 6989] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(3, [pid 6989] <... futex resumed>) = 1 [pid 6988] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 142.122559][ T6989] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6988] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6989] mkdir("./file3", 0777 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5818] close(3./strace-static-x86_64: Process 6990 attached ./strace-static-x86_64: Process 6991 attached [pid 6988] <... futex resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 6988] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] close(3 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 6991 [pid 5822] <... close resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] rmdir("./103"./strace-static-x86_64: Process 6992 attached [pid 6991] set_robust_list(0x55555eedf6a0, 24 [pid 6990] set_robust_list(0x55555eedf6a0, 24 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 6990 [pid 5818] <... rmdir resumed>) = 0 [pid 6992] set_robust_list(0x55555eedf6a0, 24 [pid 6991] <... set_robust_list resumed>) = 0 [pid 6990] <... set_robust_list resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 6992 [pid 5818] mkdir("./104", 0777 [pid 6992] <... set_robust_list resumed>) = 0 [pid 6991] chdir("./108" [pid 6990] chdir("./107" [pid 5818] <... mkdir resumed>) = 0 [pid 6991] <... chdir resumed>) = 0 [pid 6992] chdir("./108" [pid 6991] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6990] <... chdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6991] <... prctl resumed>) = 0 [pid 6990] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 6991] setpgid(0, 0 [pid 5818] <... openat resumed>) = 3 [pid 6991] <... setpgid resumed>) = 0 [pid 6990] <... prctl resumed>) = 0 [pid 6992] <... chdir resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 6991] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6990] setpgid(0, 0 [pid 6992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6991] <... openat resumed>) = 3 [pid 6990] <... setpgid resumed>) = 0 [pid 5818] close(3 [pid 6992] setpgid(0, 0) = 0 [pid 6990] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... close resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6990] <... openat resumed>) = 3 ./strace-static-x86_64: Process 6993 attached [pid 6992] <... openat resumed>) = 3 [pid 6991] write(3, "1000", 4 [pid 6990] write(3, "1000", 4 [pid 6992] write(3, "1000", 4) = 4 [pid 6991] <... write resumed>) = 4 [pid 6990] <... write resumed>) = 4 [pid 6992] close(3 [pid 6990] close(3 [pid 6993] set_robust_list(0x55555eedf6a0, 24 [pid 6992] <... close resumed>) = 0 [pid 6990] <... close resumed>) = 0 [pid 6993] <... set_robust_list resumed>) = 0 [pid 6992] symlink("/dev/binderfs", "./binderfs" [pid 6991] close(3 [pid 6990] symlink("/dev/binderfs", "./binderfs" [pid 6993] chdir("./104" [pid 6992] <... symlink resumed>) = 0 [pid 6991] <... close resumed>) = 0 [pid 6990] <... symlink resumed>) = 0 executing program executing program [pid 6993] <... chdir resumed>) = 0 [pid 6991] symlink("/dev/binderfs", "./binderfs" [pid 6990] write(1, "executing program\n", 18 [pid 6993] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6993] setpgid(0, 0 [pid 6991] <... symlink resumed>) = 0 [pid 6990] <... write resumed>) = 18 [pid 6992] write(1, "executing program\n", 18 [pid 6993] <... setpgid resumed>) = 0 [pid 6990] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 6993 [pid 6993] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 6992] <... write resumed>) = 18 [pid 6991] write(1, "executing program\n", 18executing program [pid 6990] <... futex resumed>) = 0 [pid 6993] <... openat resumed>) = 3 [pid 6992] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... write resumed>) = 18 [pid 6993] write(3, "1000", 4 [pid 6992] <... futex resumed>) = 0 [pid 6990] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6989] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6993] <... write resumed>) = 4 [pid 6992] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6991] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6993] close(3 [pid 6992] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6990] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6989] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6991] <... futex resumed>) = 0 [pid 6993] <... close resumed>) = 0 [pid 6992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6993] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6988] <... futex resumed>) = ? [pid 6992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6991] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6993] write(1, "executing program\n", 18 [pid 6992] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6991] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6990] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6989] +++ killed by SIGSEGV +++ [pid 6988] +++ killed by SIGSEGV +++ executing program [pid 6993] <... write resumed>) = 18 [pid 6992] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6991] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6990] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6988, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6993] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... mprotect resumed>) = 0 [pid 6993] <... futex resumed>) = 0 [pid 6991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] <... mprotect resumed>) = 0 [pid 6993] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6991] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6993] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6993] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6991] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6990] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6991] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 6992] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6993] <... mmap resumed>) = 0x7fbb68bbe000 [pid 6993] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6993] <... mprotect resumed>) = 0 [ 142.163174][ T6989] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 142.187932][ T6989] exFAT-fs (loop2): Filesystem has been set read-only [pid 6993] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6992] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6991] <... mprotect resumed>) = 0 [pid 6990] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6991] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 6994 attached [], 8) = 0 [pid 6994] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6992] <... clone3 resumed> => {parent_tid=[6994]}, 88) = 6994 [pid 5820] <... openat resumed>) = 3 [pid 6994] <... rseq resumed>) = 0 [pid 6993] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6992] rt_sigprocmask(SIG_SETMASK, [], [pid 6991] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 6990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] newfstatat(3, "", ./strace-static-x86_64: Process 6995 attached [pid 6994] set_robust_list(0x7fbb68bde9a0, 24 [pid 6993] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 6997 attached ./strace-static-x86_64: Process 6996 attached [pid 6995] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] <... clone3 resumed> => {parent_tid=[6995]}, 88) = 6995 [pid 6995] <... rseq resumed>) = 0 [pid 6993] <... clone3 resumed> => {parent_tid=[6996]}, 88) = 6996 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6995] set_robust_list(0x7fbb68bde9a0, 24 [pid 6993] rt_sigprocmask(SIG_SETMASK, [], [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6995] <... set_robust_list resumed>) = 0 [pid 6993] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] rt_sigprocmask(SIG_SETMASK, [], [pid 6993] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] <... futex resumed>) = 0 [pid 6995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6993] <... futex resumed>) = 0 [pid 6990] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6995] memfd_create("syzkaller", 0 [pid 6993] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6995] <... memfd_create resumed>) = 3 [pid 6995] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6992] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6994] <... set_robust_list resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6994] rt_sigprocmask(SIG_SETMASK, [], [pid 6992] <... futex resumed>) = 0 [pid 6997] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6996] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6992] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6991] <... clone3 resumed> => {parent_tid=[6997]}, 88) = 6997 [pid 6991] rt_sigprocmask(SIG_SETMASK, [], [pid 6996] <... rseq resumed>) = 0 [pid 6991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] getdents64(3, [pid 6996] set_robust_list(0x7fbb68bde9a0, 24 [pid 6991] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... rseq resumed>) = 0 [pid 6996] <... set_robust_list resumed>) = 0 [pid 6991] <... futex resumed>) = 0 [pid 6996] rt_sigprocmask(SIG_SETMASK, [], [pid 6994] memfd_create("syzkaller", 0 [pid 6991] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6997] set_robust_list(0x7fbb68bde9a0, 24 [pid 6996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6994] <... memfd_create resumed>) = 3 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 6994] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 6997] <... set_robust_list resumed>) = 0 [pid 6996] memfd_create("syzkaller", 0 [pid 6995] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6994] <... mmap resumed>) = 0x7fbb60600000 [pid 6995] <... write resumed>) = 131072 [pid 6995] munmap(0x7fbb60600000, 138412032 [pid 6997] rt_sigprocmask(SIG_SETMASK, [], [pid 6996] <... memfd_create resumed>) = 3 [pid 6994] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6997] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6997] memfd_create("syzkaller", 0 [pid 6995] <... munmap resumed>) = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 6995] ioctl(4, LOOP_SET_FD, 3 [pid 6997] <... memfd_create resumed>) = 3 [pid 6996] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6994] <... write resumed>) = 131072 [pid 6997] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 6996] <... write resumed>) = 131072 [pid 6995] <... ioctl resumed>) = 0 [pid 6994] munmap(0x7fbb60600000, 138412032 [pid 6997] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6995] close(3 [pid 6994] <... munmap resumed>) = 0 [pid 6997] <... write resumed>) = 131072 [pid 6996] munmap(0x7fbb60600000, 138412032 [pid 6995] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 6995] close(4 [pid 5820] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6996] <... munmap resumed>) = 0 [pid 6997] munmap(0x7fbb60600000, 138412032 [pid 6995] <... close resumed>) = 0 [pid 6994] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6995] mkdir("./file2", 0777 [pid 5820] newfstatat(AT_FDCWD, "./104/file2", [pid 6994] <... openat resumed>) = 4 [pid 6997] <... munmap resumed>) = 0 [pid 6995] <... mkdir resumed>) = 0 [pid 6994] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 6995] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 6996] <... openat resumed>) = 4 [pid 5820] getdents64(4, [pid 6996] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 6997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6994] <... ioctl resumed>) = 0 [pid 5820] close(4 [pid 6997] <... openat resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./104/file2" [pid 6997] ioctl(4, LOOP_SET_FD, 3 [pid 6994] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 5820] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./104/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./104") = 0 [pid 5820] mkdir("./105", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3) = 0 [pid 6997] <... ioctl resumed>) = 0 [pid 6996] <... ioctl resumed>) = 0 [pid 6994] <... close resumed>) = 0 [pid 6994] close(4 [pid 6996] close(3 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 6997] close(3 [pid 6996] <... close resumed>) = 0 [pid 6994] <... close resumed>) = 0 ./strace-static-x86_64: Process 6998 attached [ 142.283963][ T6995] loop1: detected capacity change from 0 to 256 [ 142.305561][ T6994] loop4: detected capacity change from 0 to 256 [ 142.309722][ T6996] loop0: detected capacity change from 0 to 256 [ 142.321392][ T6997] loop3: detected capacity change from 0 to 256 [pid 6997] <... close resumed>) = 0 [pid 6996] close(4 [pid 6994] mkdir("./file2", 0777 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 6998 [pid 6994] <... mkdir resumed>) = 0 [pid 6994] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6996] <... close resumed>) = 0 [pid 6996] mkdir("./file2", 0777) = 0 [pid 6997] close(4 [pid 6996] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6997] <... close resumed>) = 0 [pid 6997] mkdir("./file2", 0777) = 0 [pid 6997] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6998] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 6998] chdir("./105") = 0 [ 142.344502][ T6995] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.371392][ T6995] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6998] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6998] setpgid(0, 0 [pid 6995] <... mount resumed>) = 0 [pid 6995] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6998] <... setpgid resumed>) = 0 [pid 6995] <... openat resumed>) = 3 [pid 6995] chdir("./file2") = 0 [pid 6995] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 6995] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6995] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6995] <... futex resumed>) = 0 [pid 6990] <... futex resumed>) = 1 [pid 6995] mkdir("./file3", 0777 [pid 6990] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6998] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 142.388658][ T6997] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.388936][ T6994] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.414657][ T6997] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 142.424078][ T6995] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 142.424188][ T6994] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 6998] write(3, "1000", 4 [pid 6997] <... mount resumed>) = 0 [pid 6994] <... mount resumed>) = 0 [pid 6990] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6990] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6998] <... write resumed>) = 4 [pid 6990] <... mmap resumed>) = 0x7fbb68b9d000 [pid 6990] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITEexecuting program [pid 6998] close(3 [pid 6990] <... mprotect resumed>) = 0 [pid 6997] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6994] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6990] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6998] <... close resumed>) = 0 [pid 6990] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6998] symlink("/dev/binderfs", "./binderfs" [pid 6994] <... openat resumed>) = 3 [pid 6990] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 6997] <... openat resumed>) = 3 [pid 6990] <... clone3 resumed> => {parent_tid=[6999]}, 88) = 6999 [pid 6990] rt_sigprocmask(SIG_SETMASK, [], [pid 6998] <... symlink resumed>) = 0 [pid 6997] chdir("./file2" [pid 6994] chdir("./file2" [pid 6998] write(1, "executing program\n", 18 [pid 6997] <... chdir resumed>) = 0 [pid 6994] <... chdir resumed>) = 0 [pid 6990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6990] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6999 attached [pid 6999] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 6999] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 6999] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6999] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 6999] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6990] <... futex resumed>) = 0 [pid 6990] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6990] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6995] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6999] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 6995] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6990] <... futex resumed>) = ? [pid 6998] <... write resumed>) = 18 [pid 6997] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 6994] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 6995] +++ killed by SIGSEGV +++ [pid 6994] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6999] +++ killed by SIGSEGV +++ [pid 6998] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6997] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 6994] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6990] +++ killed by SIGSEGV +++ [pid 6994] <... futex resumed>) = 1 [pid 6997] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6992] <... futex resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6990, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 6998] <... futex resumed>) = 0 [pid 6997] <... futex resumed>) = 1 [pid 6994] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6998] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 6992] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6991] <... futex resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 6998] <... rt_sigaction resumed>NULL, 8) = 0 [pid 6997] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6994] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6992] <... futex resumed>) = 0 [pid 6991] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... restart_syscall resumed>) = 0 [pid 6998] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 6997] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6994] mkdir("./file3", 0777 [pid 6992] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6991] <... futex resumed>) = 0 [pid 6998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6997] mkdir("./file3", 0777 [pid 5819] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6991] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6998] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 142.442894][ T6995] exFAT-fs (loop1): Filesystem has been set read-only [ 142.450706][ T6996] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.478930][ T6997] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6998] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6998] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... openat resumed>) = 3 [pid 6998] <... mprotect resumed>) = 0 [pid 5819] newfstatat(3, "", [pid 6998] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6998] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] getdents64(3, [pid 6998] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 7000 attached [pid 6998] <... clone3 resumed> => {parent_tid=[7000]}, 88) = 7000 [pid 5819] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7000] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 6998] rt_sigprocmask(SIG_SETMASK, [], [pid 7000] <... rseq resumed>) = 0 [pid 6998] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7000] set_robust_list(0x7fbb68bde9a0, 24 [pid 6998] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7000] <... set_robust_list resumed>) = 0 [pid 6998] <... futex resumed>) = 0 [pid 6997] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7000] rt_sigprocmask(SIG_SETMASK, [], [pid 6998] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7000] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7000] memfd_create("syzkaller", 0 [pid 6997] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7000] <... memfd_create resumed>) = 3 [pid 6991] <... futex resumed>) = ? [pid 7000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7000] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 6996] <... mount resumed>) = 0 [pid 6994] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6992] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6997] +++ killed by SIGSEGV +++ [pid 6991] +++ killed by SIGSEGV +++ [pid 6996] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 6994] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6992] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6991, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 6996] <... openat resumed>) = 3 [pid 6992] <... futex resumed>) = ? [pid 7000] <... write resumed>) = 131072 [pid 6996] chdir("./file2" [pid 7000] munmap(0x7fbb60600000, 138412032 [pid 6996] <... chdir resumed>) = 0 [pid 5821] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 7000] <... munmap resumed>) = 0 [pid 6996] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 6996] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(AT_FDCWD, "./107/file2", [pid 6996] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 6996] <... futex resumed>) = 1 [pid 6994] +++ killed by SIGSEGV +++ [pid 6993] <... futex resumed>) = 0 [pid 6992] +++ killed by SIGSEGV +++ [pid 5821] newfstatat(3, "", [pid 5819] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6996] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6993] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6992, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7000] <... openat resumed>) = 4 [pid 6996] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6993] <... futex resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] getdents64(3, [pid 5819] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... openat resumed>) = 4 [pid 5821] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 6993] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 142.488974][ T6994] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 142.499591][ T6997] exFAT-fs (loop3): Filesystem has been set read-only [ 142.506850][ T6996] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 142.520430][ T6994] exFAT-fs (loop4): Filesystem has been set read-only [pid 5819] getdents64(4, [pid 7000] ioctl(4, LOOP_SET_FD, 3 [pid 6996] mkdir("./file3", 0777 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./107/file2") = 0 [pid 5819] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./107/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./107") = 0 [pid 5819] mkdir("./108", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [pid 5821] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... close resumed>) = 0 [pid 7000] <... ioctl resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7000] close(3) = 0 [pid 7000] close(4) = 0 [pid 7000] mkdir("./file2", 0777) = 0 [pid 5822] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(AT_FDCWD, "./108/file2", [pid 6996] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 6993] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7000] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 6993] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 6996] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 6993] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 6993] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] newfstatat(3, "", [pid 5821] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 6993] <... mmap resumed>) = ? [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", [ 142.551923][ T7000] loop2: detected capacity change from 0 to 256 [ 142.552128][ T6996] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 142.568717][ T6996] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] getdents64(3, [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7001 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7001 attached [pid 6996] +++ killed by SIGSEGV +++ [pid 6993] +++ killed by SIGSEGV +++ [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6993, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 5818] umount2("./104", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] rmdir("./108/file2" [pid 7001] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... openat resumed>) = 3 [pid 7001] <... set_robust_list resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 5822] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./108/file2") = 0 [pid 5822] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./108/binderfs" [pid 5821] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] <... unlink resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./108/binderfs" [pid 5822] getdents64(3, [pid 5821] <... unlink resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(3, [pid 5822] close(3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] close(3) = 0 [pid 5822] rmdir("./108" [pid 5821] rmdir("./108" [pid 7001] chdir("./108" [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] getdents64(3, [pid 5821] mkdir("./109", 0777 [pid 7001] <... chdir resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7001] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7000] <... mount resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7001] <... prctl resumed>) = 0 [pid 7000] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] mkdir("./109", 0777 [pid 5821] <... openat resumed>) = 3 [pid 5818] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7001] setpgid(0, 0 [pid 7000] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7001] <... setpgid resumed>) = 0 [pid 7000] chdir("./file2" [pid 7001] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7000] <... chdir resumed>) = 0 [pid 7001] <... openat resumed>) = 3 [pid 7000] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7001] write(3, "1000", 4 [pid 7000] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7001] <... write resumed>) = 4 [pid 7000] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7001] close(3 [pid 7000] <... futex resumed>) = 1 [pid 7001] <... close resumed>) = 0 [pid 7000] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6998] <... futex resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 7001] symlink("/dev/binderfs", "./binderfs" [pid 6998] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] close(3 [pid 5818] <... umount2 resumed>) = 0 [pid 7001] <... symlink resumed>) = 0 [pid 7000] <... futex resumed>) = 0 [ 142.607040][ T7000] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.622968][ T7000] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 142.646257][ T7000] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 6998] <... futex resumed>) = 1 [pid 7000] mkdir("./file3", 0777 [pid 6998] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... close resumed>) = 0 [pid 5818] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... ioctl resumed>) = 0 executing program [pid 7001] write(1, "executing program\n", 18) = 18 [pid 7001] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7001] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7001] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7001] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 7002 attached ) = 0x7fbb68bbe000 [pid 5822] close(3 [pid 5818] newfstatat(AT_FDCWD, "./104/file2", [pid 7002] set_robust_list(0x55555eedf6a0, 24 [pid 7001] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7001] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7001] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7003 attached => {parent_tid=[7003]}, 88) = 7003 [pid 7001] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... close resumed>) = 0 [pid 7003] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7002] <... set_robust_list resumed>) = 0 [pid 7001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7002 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7003] <... rseq resumed>) = 0 [pid 7001] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7003] set_robust_list(0x7fbb68bde9a0, 24 [pid 7001] <... futex resumed>) = 0 [pid 7000] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] umount2("./104/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] <... set_robust_list resumed>) = 0 [pid 7001] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7003] rt_sigprocmask(SIG_SETMASK, [], [pid 7002] chdir("./109" [pid 7000] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7003] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7002] <... chdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./104/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7003] memfd_create("syzkaller", 0) = 3 [pid 7002] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7000] +++ killed by SIGSEGV +++ [pid 6998] <... futex resumed>) = ? [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... openat resumed>) = 4 [pid 7002] <... prctl resumed>) = 0 [pid 7003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7003] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7002] setpgid(0, 0 [pid 6998] +++ killed by SIGSEGV +++ [pid 5818] newfstatat(4, "", [pid 7002] <... setpgid resumed>) = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6998, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 7002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7003] <... write resumed>) = 131072 ./strace-static-x86_64: Process 7004 attached [pid 7002] <... openat resumed>) = 3 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] getdents64(4, [pid 7003] munmap(0x7fbb60600000, 138412032 [pid 7002] write(3, "1000", 4 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7004 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7004] set_robust_list(0x55555eedf6a0, 24 [pid 7003] <... munmap resumed>) = 0 [pid 7002] <... write resumed>) = 4 [pid 5818] close(4 [pid 7004] <... set_robust_list resumed>) = 0 [pid 7002] close(3 [pid 5820] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7004] chdir("./109" [pid 7003] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7002] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 7004] <... chdir resumed>) = 0 [pid 7003] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7004] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7002] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... openat resumed>) = 3 [ 142.655486][ T7000] exFAT-fs (loop2): Filesystem has been set read-only [pid 5818] rmdir("./104/file2" [pid 7004] <... prctl resumed>) = 0 [pid 7003] ioctl(4, LOOP_SET_FD, 3 [pid 7002] <... symlink resumed>) = 0 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7004] setpgid(0, 0 [pid 7003] <... ioctl resumed>) = 0 executing program [pid 7002] write(1, "executing program\n", 18 [pid 5820] getdents64(3, [pid 5818] <... rmdir resumed>) = 0 [pid 7002] <... write resumed>) = 18 [pid 7004] <... setpgid resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./104/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7002] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7003] close(3 [pid 7004] <... openat resumed>) = 3 [pid 7002] <... futex resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./104/binderfs", [pid 7004] write(3, "1000", 4 [pid 7002] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7003] <... close resumed>) = 0 [pid 7002] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7003] close(4 [pid 7002] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] newfstatat(AT_FDCWD, "./105/file2", [pid 5818] unlink("./104/binderfs" [pid 7003] <... close resumed>) = 0 [pid 7002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7003] mkdir("./file2", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7003] <... mkdir resumed>) = 0 [pid 7002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... unlink resumed>) = 0 [pid 7002] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7004] <... write resumed>) = 4 [pid 7003] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7002] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(3, [pid 7004] close(3 [pid 5820] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7004] <... close resumed>) = 0 [pid 7004] symlink("/dev/binderfs", "./binderfs" [pid 7002] <... mprotect resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5818] close(3 [pid 7004] <... symlink resumed>) = 0 [pid 7002] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] newfstatat(4, "", [pid 5818] <... close resumed>) = 0 [pid 7002] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] rmdir("./104" [pid 7004] write(1, "executing program\n", 18 [pid 7002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] getdents64(4, executing program ./strace-static-x86_64: Process 7005 attached [pid 7004] <... write resumed>) = 18 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... rmdir resumed>) = 0 [pid 7005] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7004] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [ 142.709399][ T7003] loop1: detected capacity change from 0 to 256 [pid 7002] <... clone3 resumed> => {parent_tid=[7005]}, 88) = 7005 [pid 5820] getdents64(4, [pid 7005] <... rseq resumed>) = 0 [pid 7004] <... futex resumed>) = 0 [pid 7002] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] mkdir("./105", 0777 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7005] set_robust_list(0x7fbb68bde9a0, 24 [pid 7004] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] close(4 [pid 5818] <... mkdir resumed>) = 0 [pid 7005] <... set_robust_list resumed>) = 0 [pid 7004] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7002] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... close resumed>) = 0 [pid 7005] rt_sigprocmask(SIG_SETMASK, [], [pid 7004] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7002] <... futex resumed>) = 0 [pid 5820] rmdir("./105/file2" [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7005] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7002] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] <... rmdir resumed>) = 0 [pid 7005] memfd_create("syzkaller", 0 [pid 7004] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... openat resumed>) = 3 [pid 5820] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7005] <... memfd_create resumed>) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7005] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7004] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... ioctl resumed>) = 0 [pid 7004] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] newfstatat(AT_FDCWD, "./105/binderfs", [pid 5818] close(3 [pid 7005] <... mmap resumed>) = 0x7fbb60600000 [pid 7005] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7004] <... mprotect resumed>) = 0 [pid 5820] unlink("./105/binderfs" [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7004] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... unlink resumed>) = 0 ./strace-static-x86_64: Process 7006 attached [pid 7004] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7003] <... mount resumed>) = 0 [pid 5820] getdents64(3, [pid 7006] set_robust_list(0x55555eedf6a0, 24 [pid 7005] <... write resumed>) = 131072 [pid 7004] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7003] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7007 attached [pid 7006] <... set_robust_list resumed>) = 0 [pid 7005] munmap(0x7fbb60600000, 138412032 [pid 5820] close(3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7006 [pid 7006] chdir("./105" [pid 7005] <... munmap resumed>) = 0 [pid 7004] <... clone3 resumed> => {parent_tid=[7007]}, 88) = 7007 [pid 5820] <... close resumed>) = 0 [pid 7007] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7006] <... chdir resumed>) = 0 [pid 7005] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7004] rt_sigprocmask(SIG_SETMASK, [], [pid 7003] <... openat resumed>) = 3 [pid 5820] rmdir("./105" [pid 7007] <... rseq resumed>) = 0 [pid 7006] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7005] <... openat resumed>) = 4 [pid 7004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7003] chdir("./file2" [pid 5820] <... rmdir resumed>) = 0 [pid 7007] set_robust_list(0x7fbb68bde9a0, 24 [pid 7006] <... prctl resumed>) = 0 [pid 7004] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] mkdir("./106", 0777 [pid 7007] <... set_robust_list resumed>) = 0 [ 142.751978][ T7003] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.765823][ T7003] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7005] ioctl(4, LOOP_SET_FD, 3 [pid 7007] rt_sigprocmask(SIG_SETMASK, [], [pid 7006] setpgid(0, 0 [pid 7004] <... futex resumed>) = 0 [pid 7003] <... chdir resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 7007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7005] <... ioctl resumed>) = 0 [pid 7004] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7003] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7007] memfd_create("syzkaller", 0 [pid 7005] close(3 [pid 7003] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7005] <... close resumed>) = 0 [pid 7005] close(4) = 0 [pid 7005] mkdir("./file2", 0777 [pid 7007] <... memfd_create resumed>) = 3 [pid 7006] <... setpgid resumed>) = 0 [pid 7003] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7005] <... mkdir resumed>) = 0 [pid 7003] <... futex resumed>) = 1 [pid 7001] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 7007] <... mmap resumed>) = 0x7fbb60600000 [pid 7003] mkdir("./file3", 0777 [pid 7001] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 7006] <... openat resumed>) = 3 [pid 7005] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7001] <... futex resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 7001] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] close(3 [ 142.801177][ T7005] loop3: detected capacity change from 0 to 256 [ 142.841339][ T7003] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7006] write(3, "1000", 4 [pid 7007] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7006] <... write resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7006] close(3 [pid 7007] <... write resumed>) = 131072 [pid 7006] <... close resumed>) = 0 ./strace-static-x86_64: Process 7008 attached [pid 7007] munmap(0x7fbb60600000, 138412032 [pid 7006] symlink("/dev/binderfs", "./binderfs" [pid 7003] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7008 [pid 7008] set_robust_list(0x55555eedf6a0, 24 [pid 7007] <... munmap resumed>) = 0 [pid 7008] <... set_robust_list resumed>) = 0 [pid 7007] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7006] <... symlink resumed>) = 0 [pid 7003] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7006] write(1, "executing program\n", 18 [pid 7001] <... futex resumed>) = ? [pid 7007] <... openat resumed>) = 4 executing program [pid 7006] <... write resumed>) = 18 [pid 7006] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7006] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7008] chdir("./106" [pid 7007] ioctl(4, LOOP_SET_FD, 3 [pid 7006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7003] +++ killed by SIGSEGV +++ [pid 7001] +++ killed by SIGSEGV +++ [pid 7008] <... chdir resumed>) = 0 [pid 7006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7001, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7006] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7006] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7006] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... restart_syscall resumed>) = 0 [pid 7006] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7008] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7008] <... prctl resumed>) = 0 [pid 7007] <... ioctl resumed>) = 0 [pid 7006] <... clone3 resumed> => {parent_tid=[7009]}, 88) = 7009 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7009 attached [pid 7008] setpgid(0, 0 [pid 7007] close(3 [pid 7006] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7009] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7008] <... setpgid resumed>) = 0 [pid 7007] <... close resumed>) = 0 [pid 7006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... openat resumed>) = 3 [pid 7009] <... rseq resumed>) = 0 [pid 7008] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7007] close(4 [pid 7006] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(3, "", [pid 7009] set_robust_list(0x7fbb68bde9a0, 24 [pid 7008] <... openat resumed>) = 3 [pid 7007] <... close resumed>) = 0 [pid 7006] <... futex resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7009] <... set_robust_list resumed>) = 0 [pid 7008] write(3, "1000", 4 [pid 7007] mkdir("./file2", 0777 [pid 7006] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] getdents64(3, [pid 7009] rt_sigprocmask(SIG_SETMASK, [], [pid 7008] <... write resumed>) = 4 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7008] close(3 [pid 7007] <... mkdir resumed>) = 0 [pid 7009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7008] <... close resumed>) = 0 [pid 7007] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7009] memfd_create("syzkaller", 0 [pid 7008] symlink("/dev/binderfs", "./binderfs" [pid 7005] <... mount resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 7009] <... memfd_create resumed>) = 3 [pid 7008] <... symlink resumed>) = 0 [pid 7005] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7009] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7009] <... mmap resumed>) = 0x7fbb60600000 executing program [pid 5819] newfstatat(AT_FDCWD, "./108/file2", [pid 7009] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7008] write(1, "executing program\n", 18 [pid 7005] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7008] <... write resumed>) = 18 [pid 7005] chdir("./file2" [pid 5819] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7008] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7005] <... chdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7005] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7008] <... futex resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7008] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7005] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7008] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7008] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7005] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] close(4 [pid 7008] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7005] <... futex resumed>) = 1 [pid 7002] <... futex resumed>) = 0 [ 142.844464][ T7005] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.859733][ T7003] exFAT-fs (loop1): Filesystem has been set read-only [ 142.874677][ T7005] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 142.892522][ T7007] loop4: detected capacity change from 0 to 256 [pid 5819] <... close resumed>) = 0 [pid 7009] <... write resumed>) = 131072 [pid 7008] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7005] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7002] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] rmdir("./108/file2" [pid 7009] munmap(0x7fbb60600000, 138412032 [pid 7002] <... futex resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 7005] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7002] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7008] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7008] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7005] mkdir("./file3", 0777 [pid 5819] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./108/binderfs") = 0 [pid 5819] getdents64(3, [pid 7008] <... mprotect resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 7008] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... close resumed>) = 0 [pid 7008] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] rmdir("./108" [pid 7008] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7010 attached [pid 7010] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7008] <... clone3 resumed> => {parent_tid=[7010]}, 88) = 7010 [pid 5819] <... rmdir resumed>) = 0 [pid 7009] <... munmap resumed>) = 0 [pid 7009] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7009] ioctl(4, LOOP_SET_FD, 3 [pid 7010] <... rseq resumed>) = 0 [pid 7008] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] mkdir("./109", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [pid 7008] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 142.933068][ T7007] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 142.952035][ T7005] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 142.956660][ T7009] loop0: detected capacity change from 0 to 256 [ 142.961249][ T7005] exFAT-fs (loop3): Filesystem has been set read-only [pid 5819] <... close resumed>) = 0 [pid 7010] set_robust_list(0x7fbb68bde9a0, 24 [pid 7009] <... ioctl resumed>) = 0 [pid 7008] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] close(3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7009] <... close resumed>) = 0 ./strace-static-x86_64: Process 7011 attached [pid 7009] close(4 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7011 [pid 7010] <... set_robust_list resumed>) = 0 [pid 7009] <... close resumed>) = 0 [pid 7008] <... futex resumed>) = 0 [pid 7010] rt_sigprocmask(SIG_SETMASK, [], [pid 7008] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7010] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7009] mkdir("./file2", 0777 [pid 7010] memfd_create("syzkaller", 0 [pid 7009] <... mkdir resumed>) = 0 [pid 7011] set_robust_list(0x55555eedf6a0, 24 [pid 7010] <... memfd_create resumed>) = 3 [pid 7009] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7011] <... set_robust_list resumed>) = 0 [pid 7010] <... mmap resumed>) = 0x7fbb60600000 [pid 7011] chdir("./109") = 0 [pid 7011] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7011] setpgid(0, 0) = 0 [pid 7011] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7010] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7002] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7002] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7010] <... write resumed>) = 131072 [pid 7002] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 7012 attached [pid 7010] munmap(0x7fbb60600000, 138412032 [pid 7011] write(3, "1000", 4 [pid 7002] <... clone3 resumed> => {parent_tid=[7012]}, 88) = 7012 [pid 7011] <... write resumed>) = 4 [pid 7002] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] close(3 [pid 7002] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7002] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... close resumed>) = 0 [pid 7002] <... futex resumed>) = 0 [pid 7011] symlink("/dev/binderfs", "./binderfs" [pid 7010] <... munmap resumed>) = 0 [pid 7002] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7011] <... symlink resumed>) = 0 [pid 7012] <... rseq resumed>) = 0 [pid 7012] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7010] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7012] <... set_robust_list resumed>) = 0 [ 142.975963][ T7007] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) executing program [pid 7005] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7012] rt_sigprocmask(SIG_SETMASK, [], [pid 7011] write(1, "executing program\n", 18 [pid 7010] <... openat resumed>) = 4 [pid 7007] <... mount resumed>) = 0 [pid 7012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7010] ioctl(4, LOOP_SET_FD, 3 [pid 7012] openat(AT_FDCWD, ".", O_RDONLY [pid 7007] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7012] <... openat resumed>) = 4 [pid 7007] <... openat resumed>) = 3 [pid 7007] chdir("./file2" [pid 7011] <... write resumed>) = 18 [pid 7007] <... chdir resumed>) = 0 [pid 7011] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7007] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7011] <... futex resumed>) = 0 [pid 7007] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7011] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7007] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7007] <... futex resumed>) = 1 [pid 7004] <... futex resumed>) = 0 [pid 7011] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7007] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7004] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7004] <... futex resumed>) = 0 [pid 7011] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7007] mkdir("./file3", 0777 [pid 7011] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7004] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7012] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7012] <... futex resumed>) = 1 [pid 7005] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7002] <... futex resumed>) = 0 [pid 7002] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7011] <... mprotect resumed>) = 0 [pid 7002] <... futex resumed>) = ? [pid 7011] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7011] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7013]}, 88) = 7013 [pid 7012] +++ killed by SIGSEGV +++ [pid 7011] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7013 attached [pid 7010] <... ioctl resumed>) = 0 [pid 7010] close(3 [pid 7013] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7011] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7013] <... rseq resumed>) = 0 [pid 7011] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7010] <... close resumed>) = 0 [pid 7013] set_robust_list(0x7fbb68bde9a0, 24 [pid 7011] <... futex resumed>) = 0 [pid 7013] <... set_robust_list resumed>) = 0 [pid 7011] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7010] close(4 [pid 7013] memfd_create("syzkaller", 0) = 3 [pid 7013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7005] +++ killed by SIGSEGV +++ [pid 7002] +++ killed by SIGSEGV +++ [pid 7010] <... close resumed>) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7002, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7010] mkdir("./file2", 0777 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", [pid 7013] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 7010] <... mkdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7013] <... write resumed>) = 131072 [ 143.008571][ T7009] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.023640][ T7010] loop2: detected capacity change from 0 to 256 [ 143.027753][ T7007] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.045735][ T7009] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7013] munmap(0x7fbb60600000, 138412032 [pid 7010] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7013] <... munmap resumed>) = 0 [pid 7013] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7007] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7013] close(3 [pid 7009] <... mount resumed>) = 0 [pid 7004] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... umount2 resumed>) = 0 [pid 7009] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7007] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7004] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7009] <... openat resumed>) = 3 [pid 7004] <... futex resumed>) = ? [pid 7013] <... close resumed>) = 0 [pid 7009] chdir("./file2" [pid 7007] +++ killed by SIGSEGV +++ [pid 7004] +++ killed by SIGSEGV +++ [pid 7009] <... chdir resumed>) = 0 [pid 5821] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7009] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7009] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] newfstatat(AT_FDCWD, "./109/file2", [pid 7009] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7013] close(4 [pid 7009] <... futex resumed>) = 1 [pid 7006] <... futex resumed>) = 0 [pid 5821] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7013] <... close resumed>) = 0 [pid 7009] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7006] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7009] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 143.070664][ T7007] exFAT-fs (loop4): Filesystem has been set read-only [ 143.080938][ T7013] loop1: detected capacity change from 0 to 256 [ 143.104889][ T7010] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7013] mkdir("./file2", 0777 [pid 7009] mkdir("./file3", 0777 [pid 7006] <... futex resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7004, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7006] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... openat resumed>) = 4 [pid 7013] <... mkdir resumed>) = 0 [pid 7009] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] newfstatat(4, "", [pid 5822] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7013] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7010] <... mount resumed>) = 0 [pid 7009] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] getdents64(4, [pid 7010] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5822] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7010] chdir("./file2" [pid 7006] <... futex resumed>) = ? [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(4, [pid 5822] newfstatat(AT_FDCWD, "./109/file2", [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 143.120270][ T7010] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 143.130153][ T7009] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.142107][ T7009] exFAT-fs (loop0): Filesystem has been set read-only [pid 5822] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7010] <... chdir resumed>) = 0 [pid 7009] +++ killed by SIGSEGV +++ [pid 7006] +++ killed by SIGSEGV +++ [pid 5821] close(4 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7006, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] newfstatat(4, "", [pid 5818] umount2("./105", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7010] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7010] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] <... close resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, [pid 5818] getdents64(3, [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] rmdir("./109/file2" [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7010] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./105/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./105/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./105/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4) = 0 [pid 5818] rmdir("./105/file2") = 0 [pid 5818] umount2("./105/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./105/binderfs") = 0 [pid 5818] getdents64(3, [pid 7013] <... mount resumed>) = 0 [pid 7010] <... futex resumed>) = 1 [pid 7008] <... futex resumed>) = 0 [pid 5822] getdents64(4, [pid 5821] <... rmdir resumed>) = 0 [pid 7010] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7008] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7013] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7008] <... futex resumed>) = 0 [pid 5822] close(4 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] close(3 [pid 7013] <... openat resumed>) = 3 [pid 7010] mkdir("./file3", 0777 [pid 7008] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... close resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./109/binderfs", [pid 5818] <... close resumed>) = 0 [pid 7013] chdir("./file2" [pid 5822] rmdir("./109/file2" [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7013] <... chdir resumed>) = 0 [pid 5818] rmdir("./105" [pid 5822] <... rmdir resumed>) = 0 [pid 5821] unlink("./109/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] close(3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... close resumed>) = 0 [pid 7013] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] newfstatat(AT_FDCWD, "./109/binderfs", [pid 5818] <... rmdir resumed>) = 0 [pid 7013] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] rmdir("./109" [pid 5818] mkdir("./106", 0777 [pid 7010] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] <... mkdir resumed>) = 0 [pid 7010] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 143.163285][ T7013] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.179546][ T7013] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 143.203259][ T7010] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.212328][ T7010] exFAT-fs (loop2): Filesystem has been set read-only [pid 7013] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7011] <... futex resumed>) = 0 [pid 7008] <... futex resumed>) = ? [pid 5822] unlink("./109/binderfs" [pid 5821] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7011] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7013] mkdir("./file3", 0777 [pid 5822] <... unlink resumed>) = 0 [pid 5821] mkdir("./110", 0777 [pid 7011] <... futex resumed>) = 0 [pid 7011] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7010] +++ killed by SIGSEGV +++ [pid 7008] +++ killed by SIGSEGV +++ [pid 5822] getdents64(3, [pid 5821] <... mkdir resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7008, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] <... ioctl resumed>) = 0 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5818] close(3 [pid 5822] close(3 [pid 5818] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./109") = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7014 attached [pid 5822] mkdir("./110", 0777 [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5821] close(3 [pid 7014] set_robust_list(0x55555eedf6a0, 24 [pid 5820] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] newfstatat(3, "", [pid 5822] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7014 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] getdents64(3, [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] close(3 [pid 5820] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7014] <... set_robust_list resumed>) = 0 [pid 7014] chdir("./106" [pid 5820] <... umount2 resumed>) = 0 [pid 7014] <... chdir resumed>) = 0 [pid 5820] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7014] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7013] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7014] <... prctl resumed>) = 0 [pid 7013] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- executing program [pid 7014] setpgid(0, 0 [pid 5822] <... close resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7014] <... setpgid resumed>) = 0 [pid 7011] <... futex resumed>) = ? [pid 7014] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7013] +++ killed by SIGSEGV +++ [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7014] <... openat resumed>) = 3 [pid 7014] write(3, "1000", 4) = 4 [pid 7014] close(3) = 0 [pid 7014] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7014] write(1, "executing program\n", 18) = 18 ./strace-static-x86_64: Process 7015 attached [pid 7014] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7011] +++ killed by SIGSEGV +++ [pid 7015] set_robust_list(0x55555eedf6a0, 24 [pid 7014] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7011, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7015] <... set_robust_list resumed>) = 0 [pid 7014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7015 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7015] chdir("./110" [pid 7014] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7014] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7014] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] newfstatat(AT_FDCWD, "./106/file2", [pid 7015] <... chdir resumed>) = 0 [pid 7014] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7015] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7014] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7016 attached [pid 7015] <... prctl resumed>) = 0 [pid 5820] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7016] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7015] setpgid(0, 0 [pid 7014] <... clone3 resumed> => {parent_tid=[7016]}, 88) = 7016 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7016] <... rseq resumed>) = 0 [pid 7015] <... setpgid resumed>) = 0 [pid 7014] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7016] set_robust_list(0x7fbb68bde9a0, 24 [pid 7015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7016] <... set_robust_list resumed>) = 0 [pid 7014] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7016] rt_sigprocmask(SIG_SETMASK, [], [pid 7014] <... futex resumed>) = 0 [pid 7016] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7014] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7016] memfd_create("syzkaller", 0 [pid 7015] <... openat resumed>) = 3 [pid 7016] <... memfd_create resumed>) = 3 [pid 7016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 executing program [pid 7016] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 7017 attached [pid 7015] write(3, "1000", 4 [pid 5820] <... openat resumed>) = 4 [pid 7015] <... write resumed>) = 4 [pid 7015] close(3) = 0 [pid 7015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 7015] write(1, "executing program\n", 18 [pid 7016] <... write resumed>) = 131072 [pid 7015] <... write resumed>) = 18 [pid 5819] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7015] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7015] <... futex resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 7017] set_robust_list(0x55555eedf6a0, 24 [pid 7016] munmap(0x7fbb60600000, 138412032 [pid 7015] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7017 [pid 5820] newfstatat(4, "", [pid 7017] <... set_robust_list resumed>) = 0 [pid 7015] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] newfstatat(3, "", [pid 7017] chdir("./110" [pid 7016] <... munmap resumed>) = 0 [pid 7015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] getdents64(4, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 143.233537][ T7013] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.257765][ T7013] exFAT-fs (loop1): Filesystem has been set read-only [pid 7017] <... chdir resumed>) = 0 [pid 7015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(3, [pid 7016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7016] ioctl(4, LOOP_SET_FD, 3 [pid 7017] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] getdents64(4, [pid 7017] <... prctl resumed>) = 0 [pid 7015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7017] setpgid(0, 0 [pid 5820] close(4 [pid 7017] <... setpgid resumed>) = 0 [pid 7017] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7015] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... close resumed>) = 0 [pid 5819] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./106/file2" [pid 7015] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7017] <... openat resumed>) = 3 [pid 7015] <... mprotect resumed>) = 0 [pid 7015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7018]}, 88) = 7018 [pid 7015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7015] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... rmdir resumed>) = 0 [pid 7017] write(3, "1000", 4 [pid 7015] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7018 attached [pid 7015] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7018] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 7018] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7018] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7018] memfd_create("syzkaller", 0) = 3 [pid 7017] <... write resumed>) = 4 [pid 5820] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 7018] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7018] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7017] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7016] <... ioctl resumed>) = 0 [pid 7017] <... close resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./106/binderfs", [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7016] close(3) = 0 [pid 7016] close(4) = 0 [pid 7016] mkdir("./file2", 0777 [pid 7018] <... write resumed>) = 131072 [pid 7016] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7017] symlink("/dev/binderfs", "./binderfs" [pid 5819] newfstatat(AT_FDCWD, "./109/file2", [pid 7018] munmap(0x7fbb60600000, 138412032 [pid 7017] <... symlink resumed>) = 0 [pid 7016] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] unlink("./106/binderfs" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 7017] write(1, "executing program\n", 18 [pid 5820] <... unlink resumed>) = 0 [pid 5819] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7018] <... munmap resumed>) = 0 [pid 7017] <... write resumed>) = 18 [pid 7017] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7017] <... futex resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 143.318345][ T7016] loop0: detected capacity change from 0 to 256 [pid 7017] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7017] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] close(3 [pid 5819] <... openat resumed>) = 4 [pid 7018] <... openat resumed>) = 4 [pid 7018] ioctl(4, LOOP_SET_FD, 3 [pid 7017] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... close resumed>) = 0 [pid 5819] newfstatat(4, "", [pid 7017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] rmdir("./106" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] getdents64(4, [pid 7018] <... ioctl resumed>) = 0 [pid 7017] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] mkdir("./107", 0777 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7017] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] getdents64(4, [pid 7018] close(3) = 0 [pid 7017] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 7018] close(4) = 0 [pid 7018] mkdir("./file2", 0777) = 0 [pid 7017] <... mprotect resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] rmdir("./109/file2" [pid 7018] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... rmdir resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 7017] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... ioctl resumed>) = 0 [pid 5819] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] close(3 [ 143.370241][ T7016] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.384367][ T7018] loop3: detected capacity change from 0 to 256 [ 143.393928][ T7016] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] newfstatat(AT_FDCWD, "./109/binderfs", [pid 7016] <... mount resumed>) = 0 [pid 7017] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7017] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] unlink("./109/binderfs" [pid 7016] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 5819] <... unlink resumed>) = 0 [pid 7016] chdir("./file2") = 0 [pid 7016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7016] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7014] <... futex resumed>) = 0 [pid 7014] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7014] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7016] mkdir("./file3", 0777./strace-static-x86_64: Process 7020 attached ./strace-static-x86_64: Process 7019 attached [pid 7017] <... clone3 resumed> => {parent_tid=[7020]}, 88) = 7020 [pid 5819] getdents64(3, [pid 7020] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7019] set_robust_list(0x55555eedf6a0, 24 [pid 7017] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7019 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7020] <... rseq resumed>) = 0 [pid 7020] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7020] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7020] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7019] <... set_robust_list resumed>) = 0 [pid 7017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] close(3 [pid 7019] chdir("./107" [pid 7017] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./109" [pid 7019] <... chdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 7019] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7017] <... futex resumed>) = 1 [pid 7017] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7019] setpgid(0, 0 [pid 5819] mkdir("./110", 0777 [pid 7020] <... futex resumed>) = 0 [pid 7019] <... setpgid resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 7020] memfd_create("syzkaller", 0 [pid 7019] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7019] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7019] write(3, "1000", 4 [pid 5819] <... ioctl resumed>) = 0 [pid 7019] <... write resumed>) = 4 [pid 5819] close(3 [pid 7019] close(3 [pid 5819] <... close resumed>) = 0 [pid 7020] <... memfd_create resumed>) = 3 [pid 7019] <... close resumed>) = 0 [pid 7018] <... mount resumed>) = 0 [pid 7016] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7020] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7019] symlink("/dev/binderfs", "./binderfs" [pid 7018] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7016] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7014] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) ./strace-static-x86_64: Process 7021 attached [pid 7020] <... mmap resumed>) = 0x7fbb60600000 [pid 7019] <... symlink resumed>) = 0 [pid 7018] <... openat resumed>) = 3 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7021 executing program [pid 7019] write(1, "executing program\n", 18 [pid 7020] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7019] <... write resumed>) = 18 [pid 7018] chdir("./file2" [pid 7019] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7018] <... chdir resumed>) = 0 [pid 7019] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7019] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7019] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7020] <... write resumed>) = 131072 [pid 7019] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7018] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7019] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7018] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7019] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7021] set_robust_list(0x55555eedf6a0, 24 [pid 7019] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7018] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7021] <... set_robust_list resumed>) = 0 [pid 7019] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7022 attached [pid 7021] chdir("./110" [pid 7020] munmap(0x7fbb60600000, 138412032 [pid 7018] <... futex resumed>) = 1 [pid 7016] +++ killed by SIGSEGV +++ [pid 7015] <... futex resumed>) = 0 [pid 7014] +++ killed by SIGSEGV +++ [pid 7021] <... chdir resumed>) = 0 [pid 7015] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7018] mkdir("./file3", 0777 [pid 7015] <... futex resumed>) = 0 [ 143.415798][ T7018] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.440815][ T7016] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.449249][ T7018] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 143.455726][ T7016] exFAT-fs (loop0): Filesystem has been set read-only [pid 7021] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7022] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 7021] <... prctl resumed>) = 0 [pid 7020] <... munmap resumed>) = 0 [pid 7019] <... clone3 resumed> => {parent_tid=[7022]}, 88) = 7022 [pid 7015] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7014, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7022] set_robust_list(0x7fbb68bde9a0, 24 [pid 7021] setpgid(0, 0 [pid 7019] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7022] <... set_robust_list resumed>) = 0 [pid 7019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 7022] rt_sigprocmask(SIG_SETMASK, [], [pid 7019] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7022] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7019] <... futex resumed>) = 0 [pid 7022] memfd_create("syzkaller", 0 [pid 7019] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7022] <... memfd_create resumed>) = 3 [pid 5818] umount2("./106", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7022] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7022] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7022] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7021] <... setpgid resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 7021] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7020] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7020] <... openat resumed>) = 4 [pid 7020] ioctl(4, LOOP_SET_FD, 3 [pid 5818] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7022] <... write resumed>) = 131072 [pid 7022] munmap(0x7fbb60600000, 138412032 [pid 7021] <... openat resumed>) = 3 [pid 7020] <... ioctl resumed>) = 0 [pid 7021] write(3, "1000", 4) = 4 [pid 7020] close(3 [pid 7021] close(3 [pid 7020] <... close resumed>) = 0 [pid 7022] <... munmap resumed>) = 0 [pid 7021] <... close resumed>) = 0 [pid 7018] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] <... umount2 resumed>) = 0 [pid 7022] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 5818] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7022] ioctl(4, LOOP_SET_FD, 3 [pid 7021] symlink("/dev/binderfs", "./binderfs" [pid 7020] close(4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7021] <... symlink resumed>) = 0 [pid 7018] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5818] newfstatat(AT_FDCWD, "./106/file2", [pid 7020] <... close resumed>) = 0 [pid 7015] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7015] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7020] mkdir("./file2", 0777 [pid 7015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 7020] <... mkdir resumed>) = 0 [pid 7021] write(1, "executing program\n", 18 [pid 7015] <... mmap resumed>) = ? [pid 5818] umount2("./106/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] <... write resumed>) = 18 [pid 7018] +++ killed by SIGSEGV +++ [pid 7015] +++ killed by SIGSEGV +++ [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./106/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, [pid 7021] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7020] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7015, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7021] <... futex resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7021] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] getdents64(4, [pid 7021] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7021] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] close(4) = 0 [pid 5818] rmdir("./106/file2" [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7021] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] umount2("./106/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7021] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7021] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] newfstatat(AT_FDCWD, "./106/binderfs", [pid 7021] <... mprotect resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7021] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] unlink("./106/binderfs" [pid 7021] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 7021] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3./strace-static-x86_64: Process 7023 attached [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 7023] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7022] <... ioctl resumed>) = 0 [pid 7021] <... clone3 resumed> => {parent_tid=[7023]}, 88) = 7023 [pid 5821] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] rmdir("./106" [pid 7023] <... rseq resumed>) = 0 [pid 7022] close(3 [pid 7021] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 7023] set_robust_list(0x7fbb68bde9a0, 24 [pid 7022] <... close resumed>) = 0 [pid 5821] newfstatat(3, "", [pid 5818] mkdir("./107", 0777 [pid 7023] <... set_robust_list resumed>) = 0 [ 143.502822][ T7018] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.516027][ T7020] loop4: detected capacity change from 0 to 256 [ 143.517964][ T7018] exFAT-fs (loop3): Filesystem has been set read-only [ 143.544497][ T7022] loop2: detected capacity change from 0 to 256 [pid 7022] close(4 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7023] rt_sigprocmask(SIG_SETMASK, [], [pid 7022] <... close resumed>) = 0 [pid 7021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 7023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7023] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7022] mkdir("./file2", 0777) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 7022] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... close resumed>) = 0 [pid 7021] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(3, [pid 7021] <... futex resumed>) = 1 [pid 7021] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7024 [pid 7023] <... futex resumed>) = 0 [pid 7023] memfd_create("syzkaller", 0) = 3 [pid 7023] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7023] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072./strace-static-x86_64: Process 7024 attached [ 143.575161][ T7020] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.594104][ T7022] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.607865][ T7020] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7024] set_robust_list(0x55555eedf6a0, 24 [pid 7023] <... write resumed>) = 131072 [pid 7020] <... mount resumed>) = 0 [pid 7024] <... set_robust_list resumed>) = 0 [pid 7020] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7024] chdir("./107" [pid 7020] <... openat resumed>) = 3 [pid 7020] chdir("./file2" [pid 7024] <... chdir resumed>) = 0 [pid 7024] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7020] <... chdir resumed>) = 0 [pid 7024] <... prctl resumed>) = 0 [pid 7020] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7024] setpgid(0, 0 [pid 7020] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7024] <... setpgid resumed>) = 0 [pid 7022] <... mount resumed>) = 0 [pid 7020] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] munmap(0x7fbb60600000, 138412032) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... umount2 resumed>) = 0 [pid 7020] <... futex resumed>) = 1 [pid 7023] <... openat resumed>) = 4 [pid 7017] <... futex resumed>) = 0 [pid 7024] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7020] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7023] ioctl(4, LOOP_SET_FD, 3 [pid 7022] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7020] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7017] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7020] mkdir("./file3", 0777 [pid 7017] <... futex resumed>) = 0 [pid 7017] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7023] <... ioctl resumed>) = 0 [pid 7024] <... openat resumed>) = 3 [pid 7022] <... openat resumed>) = 3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7024] write(3, "1000", 4 [pid 7022] chdir("./file2" [pid 7020] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7024] <... write resumed>) = 4 [pid 7023] close(3 [pid 7022] <... chdir resumed>) = 0 [pid 7020] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7024] close(3 [pid 7023] <... close resumed>) = 0 [pid 7022] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7017] <... futex resumed>) = ? [pid 5821] <... openat resumed>) = 4 [pid 7024] <... close resumed>) = 0 [pid 7023] close(4 [pid 7022] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7020] +++ killed by SIGSEGV +++ [pid 7017] +++ killed by SIGSEGV +++ [pid 7024] symlink("/dev/binderfs", "./binderfs" [pid 7022] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7023] <... close resumed>) = 0 [pid 7023] mkdir("./file2", 0777 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7017, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 7024] <... symlink resumed>) = 0 [pid 7022] <... futex resumed>) = 1 [pid 7024] write(1, "executing program\n", 18 [pid 7023] <... mkdir resumed>) = 0 executing program [pid 7022] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 7024] <... write resumed>) = 18 [pid 5822] <... restart_syscall resumed>) = 0 [pid 7024] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7024] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7024] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7023] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7019] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(4, "", [pid 7024] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7019] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7022] <... futex resumed>) = 0 [pid 7019] <... futex resumed>) = 1 [pid 5822] <... openat resumed>) = 3 [pid 7024] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [ 143.617912][ T7022] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 143.641919][ T7023] loop1: detected capacity change from 0 to 256 [ 143.642195][ T7020] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.660097][ T7020] exFAT-fs (loop4): Filesystem has been set read-only [pid 7022] mkdir("./file3", 0777 [pid 7019] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] newfstatat(3, "", [pid 5821] getdents64(4, [pid 7024] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7024] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7024] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] getdents64(3, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(4, [pid 5822] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7024] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] close(4 [pid 7024] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7025 attached [pid 5821] <... close resumed>) = 0 [pid 7024] <... clone3 resumed> => {parent_tid=[7025]}, 88) = 7025 [pid 7024] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] rmdir("./110/file2" [pid 7024] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7025] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7024] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... rmdir resumed>) = 0 [pid 5822] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./110/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5821] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] rmdir("./110/file2" [pid 5821] newfstatat(AT_FDCWD, "./110/binderfs", [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./110/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5822] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./110/binderfs", [pid 7024] <... futex resumed>) = 0 [pid 7025] <... rseq resumed>) = 0 [pid 7025] set_robust_list(0x7fbb68bde9a0, 24 [pid 7024] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./110/binderfs" [pid 7025] <... set_robust_list resumed>) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 7025] rt_sigprocmask(SIG_SETMASK, [], [pid 7022] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7025] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] rmdir("./110" [pid 7025] memfd_create("syzkaller", 0 [pid 7022] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] <... rmdir resumed>) = 0 [ 143.685481][ T7022] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.706153][ T7023] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.714594][ T7022] exFAT-fs (loop2): Filesystem has been set read-only [pid 5822] getdents64(3, [pid 7025] <... memfd_create resumed>) = 3 [pid 7019] <... futex resumed>) = ? [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] mkdir("./111", 0777 [pid 7025] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7022] +++ killed by SIGSEGV +++ [pid 5822] close(3 [pid 5821] <... mkdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 7025] <... mmap resumed>) = 0x7fbb60600000 [pid 5822] rmdir("./110") = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 7025] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7023] <... mount resumed>) = 0 [pid 7019] +++ killed by SIGSEGV +++ [pid 5822] mkdir("./111", 0777 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7019, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7023] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... mkdir resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7025] <... write resumed>) = 131072 [pid 7023] <... openat resumed>) = 3 [pid 5820] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7023] chdir("./file2" [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7025] munmap(0x7fbb60600000, 138412032 [pid 7023] <... chdir resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7025] <... munmap resumed>) = 0 [pid 7023] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 3 [pid 5820] newfstatat(3, "", ./strace-static-x86_64: Process 7026 attached {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7023] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5820] getdents64(3, [pid 7025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7023] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7026] set_robust_list(0x55555eedf6a0, 24 [pid 7023] <... futex resumed>) = 1 [pid 7021] <... futex resumed>) = 0 [pid 5820] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7025] <... openat resumed>) = 4 [pid 5822] close(3 [pid 7026] <... set_robust_list resumed>) = 0 [pid 7023] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7021] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] chdir("./111" [pid 7025] ioctl(4, LOOP_SET_FD, 3 [pid 7021] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 7021] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7026 [ 143.730788][ T7023] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7026] <... chdir resumed>) = 0 [pid 7026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7026] setpgid(0, 0) = 0 [pid 7026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7023] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... umount2 resumed>) = 0 [pid 7026] <... openat resumed>) = 3 [pid 7026] write(3, "1000", 4) = 4 [pid 7026] close(3) = 0 ./strace-static-x86_64: Process 7027 attached [pid 7026] symlink("/dev/binderfs", "./binderfs" [pid 7023] mkdir("./file3", 0777executing program [pid 5820] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7027] set_robust_list(0x55555eedf6a0, 24 [pid 7026] <... symlink resumed>) = 0 [pid 7027] <... set_robust_list resumed>) = 0 [pid 7027] chdir("./111") = 0 [pid 7026] write(1, "executing program\n", 18 [pid 7027] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7026] <... write resumed>) = 18 [pid 7027] <... prctl resumed>) = 0 [pid 7026] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] setpgid(0, 0 [pid 7026] <... futex resumed>) = 0 [pid 7027] <... setpgid resumed>) = 0 [pid 7026] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7027] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7026] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7027] <... openat resumed>) = 3 [pid 7026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7027 [pid 5820] newfstatat(AT_FDCWD, "./107/file2", [pid 7026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7026] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7027] write(3, "1000", 4 [pid 7026] <... mprotect resumed>) = 0 [pid 7027] <... write resumed>) = 4 [pid 7026] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7027] close(3) = 0 [pid 7026] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7027] symlink("/dev/binderfs", "./binderfs" [pid 7026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7025] <... ioctl resumed>) = 0 [pid 7025] close(3 [pid 5820] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7028 attached [pid 7027] <... symlink resumed>) = 0 [pid 7025] <... close resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7025] close(4 [pid 5820] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7026] <... clone3 resumed> => {parent_tid=[7028]}, 88) = 7028 [pid 7025] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 4 executing program [pid 7025] mkdir("./file2", 0777 [pid 7027] write(1, "executing program\n", 18 [pid 7028] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7027] <... write resumed>) = 18 [pid 7028] <... rseq resumed>) = 0 [pid 7026] rt_sigprocmask(SIG_SETMASK, [], [pid 7028] set_robust_list(0x7fbb68bde9a0, 24 [pid 7027] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7026] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7025] <... mkdir resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 7028] <... set_robust_list resumed>) = 0 [pid 7027] <... futex resumed>) = 0 [pid 7026] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7025] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7028] rt_sigprocmask(SIG_SETMASK, [], [pid 7027] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7026] <... futex resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7028] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7027] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7026] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7028] memfd_create("syzkaller", 0 [pid 7027] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] getdents64(4, [pid 7027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [ 143.781874][ T7025] loop0: detected capacity change from 0 to 256 [ 143.795024][ T7023] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7028] <... memfd_create resumed>) = 3 [pid 7027] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] getdents64(4, [pid 7028] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7027] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7021] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7028] <... mmap resumed>) = 0x7fbb60600000 [pid 7027] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7027] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7027] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7029 attached [pid 7028] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7023] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7021] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] close(4 [pid 7028] <... write resumed>) = 131072 [pid 7029] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7028] munmap(0x7fbb60600000, 138412032 [pid 7027] <... clone3 resumed> => {parent_tid=[7029]}, 88) = 7029 [pid 7023] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7021] <... futex resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 7029] <... rseq resumed>) = 0 [pid 5820] rmdir("./107/file2" [pid 7027] rt_sigprocmask(SIG_SETMASK, [], [pid 7029] set_robust_list(0x7fbb68bde9a0, 24 [pid 7028] <... munmap resumed>) = 0 [pid 7027] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 7027] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7028] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7027] <... futex resumed>) = 0 [pid 7029] <... set_robust_list resumed>) = 0 [pid 7028] <... openat resumed>) = 4 [pid 7027] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7023] +++ killed by SIGSEGV +++ [pid 7021] +++ killed by SIGSEGV +++ [pid 5820] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7028] ioctl(4, LOOP_SET_FD, 3 [pid 7029] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7021, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7029] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(AT_FDCWD, "./107/binderfs", [ 143.824577][ T7023] exFAT-fs (loop1): Filesystem has been set read-only [ 143.840712][ T7025] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 143.863366][ T7028] loop3: detected capacity change from 0 to 256 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7029] memfd_create("syzkaller", 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7029] <... memfd_create resumed>) = 3 [pid 5820] unlink("./107/binderfs" [pid 5819] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7029] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5820] <... unlink resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] <... umount2 resumed>) = 0 [pid 7029] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7029] <... write resumed>) = 131072 [pid 7028] <... ioctl resumed>) = 0 [pid 7025] <... mount resumed>) = 0 [pid 5820] close(3 [pid 5819] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./107") = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7029] munmap(0x7fbb60600000, 138412032 [pid 7028] close(3 [pid 7025] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] mkdir("./108", 0777 [pid 7025] <... openat resumed>) = 3 [pid 5820] <... mkdir resumed>) = 0 [pid 7025] chdir("./file2" [pid 7029] <... munmap resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7025] <... chdir resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./110/file2", [pid 7025] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] <... openat resumed>) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7025] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... ioctl resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7028] <... close resumed>) = 0 [pid 7025] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] close(3 [pid 5819] <... openat resumed>) = 4 [pid 7029] <... openat resumed>) = 4 [pid 7028] close(4 [pid 7025] <... futex resumed>) = 1 [pid 7024] <... futex resumed>) = 0 [ 143.868897][ T7025] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5819] newfstatat(4, "", [pid 7029] ioctl(4, LOOP_SET_FD, 3 [pid 7028] <... close resumed>) = 0 [pid 7025] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7024] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7029] <... ioctl resumed>) = 0 [pid 7025] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7024] <... futex resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] getdents64(4, [pid 7028] mkdir("./file2", 0777 [pid 7025] mkdir("./file3", 0777 [pid 7024] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7028] <... mkdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7028] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./110/file2") = 0 [pid 5819] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7030 [pid 5819] newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./110/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./110") = 0 [pid 5819] mkdir("./111", 0777./strace-static-x86_64: Process 7030 attached [pid 7030] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 7030] chdir("./108" [ 143.910935][ T7029] loop4: detected capacity change from 0 to 256 [ 143.922983][ T7025] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 143.939048][ T7025] exFAT-fs (loop0): Filesystem has been set read-only [pid 7029] close(3 [pid 7030] <... chdir resumed>) = 0 [pid 7029] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7030] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7025] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... openat resumed>) = 3 [pid 7029] close(4 [pid 7030] <... prctl resumed>) = 0 [pid 7030] setpgid(0, 0) = 0 [pid 7030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7029] <... close resumed>) = 0 [pid 7025] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7029] mkdir("./file2", 0777 [pid 5819] <... ioctl resumed>) = 0 [pid 7030] <... openat resumed>) = 3 [pid 7029] <... mkdir resumed>) = 0 [pid 7024] <... futex resumed>) = ? [pid 5819] close(3 [pid 7030] write(3, "1000", 4 [pid 7029] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7030] <... write resumed>) = 4 [pid 5819] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7030] close(3./strace-static-x86_64: Process 7031 attached ) = 0 [pid 7025] +++ killed by SIGSEGV +++ [pid 7024] +++ killed by SIGSEGV +++ [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7031 [pid 7030] symlink("/dev/binderfs", "./binderfs" [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7024, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 7030] <... symlink resumed>) = 0 [pid 7031] set_robust_list(0x55555eedf6a0, 24 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7031] <... set_robust_list resumed>) = 0 [pid 7030] write(1, "executing program\n", 18executing program [pid 7031] chdir("./111" [pid 7030] <... write resumed>) = 18 [pid 7030] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] <... chdir resumed>) = 0 [pid 7030] <... futex resumed>) = 0 [ 143.951373][ T7028] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7030] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7031] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] <... restart_syscall resumed>) = 0 [pid 7031] <... prctl resumed>) = 0 [pid 7030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] umount2("./107", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7028] <... mount resumed>) = 0 [pid 7028] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7028] chdir("./file2") = 0 [pid 7028] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7028] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7028] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7029] <... mount resumed>) = 0 [pid 7030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7031] setpgid(0, 0 [pid 7029] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7026] <... futex resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 7031] <... setpgid resumed>) = 0 [pid 7030] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7026] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7031] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7030] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7029] <... openat resumed>) = 3 [pid 7028] <... futex resumed>) = 0 [pid 7026] <... futex resumed>) = 1 [ 143.992238][ T7029] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.004700][ T7028] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.020023][ T7029] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7031] <... openat resumed>) = 3 [pid 7030] <... mprotect resumed>) = 0 [pid 7028] mkdir("./file3", 0777 [pid 7026] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] chdir("./file2" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7031] write(3, "1000", 4 [pid 7030] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7029] <... chdir resumed>) = 0 [pid 7031] <... write resumed>) = 4 [pid 7031] close(3) = 0 [pid 7029] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7031] symlink("/dev/binderfs", "./binderfs" [pid 7030] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7029] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7031] <... symlink resumed>) = 0 [pid 7030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7029] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7027] <... futex resumed>) = 0 [pid 7027] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7027] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7029] <... futex resumed>) = 1 ./strace-static-x86_64: Process 7032 attached [pid 7031] write(1, "executing program\n", 18 [pid 7030] <... clone3 resumed> => {parent_tid=[7032]}, 88) = 7032 [pid 7029] mkdir("./file3", 0777 [pid 5818] newfstatat(AT_FDCWD, "./107/file2", executing program [pid 7032] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7031] <... write resumed>) = 18 [pid 7030] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7032] <... rseq resumed>) = 0 [pid 7031] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] umount2("./107/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7032] set_robust_list(0x7fbb68bde9a0, 24 [pid 7031] <... futex resumed>) = 0 [pid 7030] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7032] <... set_robust_list resumed>) = 0 [pid 7031] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7030] <... futex resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./107/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7032] rt_sigprocmask(SIG_SETMASK, [], [pid 7031] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7030] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] <... openat resumed>) = 4 [pid 7032] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7031] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7032] memfd_create("syzkaller", 0 [pid 7031] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7031] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] newfstatat(4, "", [pid 7031] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7032] <... memfd_create resumed>) = 3 [pid 7031] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] getdents64(4, [pid 7031] <... mprotect resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7032] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7031] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] getdents64(4, [pid 7032] <... mmap resumed>) = 0x7fbb60600000 [pid 7032] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7028] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7031] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7031] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7033]}, 88) = 7033 [pid 7031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7031] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7031] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7032] <... write resumed>) = 131072 ./strace-static-x86_64: Process 7033 attached [pid 7029] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7028] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5818] close(4 [pid 7029] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7027] <... futex resumed>) = ? [pid 7033] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7032] munmap(0x7fbb60600000, 138412032 [pid 7026] <... futex resumed>) = ? [pid 5818] <... close resumed>) = 0 [pid 7033] <... rseq resumed>) = 0 [pid 7033] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7029] +++ killed by SIGSEGV +++ [pid 7027] +++ killed by SIGSEGV +++ [pid 7033] memfd_create("syzkaller", 0 [pid 7032] <... munmap resumed>) = 0 [pid 7033] <... memfd_create resumed>) = 3 [pid 7033] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7028] +++ killed by SIGSEGV +++ [pid 7026] +++ killed by SIGSEGV +++ [pid 7033] <... mmap resumed>) = 0x7fbb60600000 [ 144.050055][ T7028] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.059364][ T7028] exFAT-fs (loop3): Filesystem has been set read-only [ 144.066761][ T7029] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.076858][ T7029] exFAT-fs (loop4): Filesystem has been set read-only [pid 5818] rmdir("./107/file2" [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7027, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 7033] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7032] <... openat resumed>) = 4 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7026, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] <... rmdir resumed>) = 0 [pid 7032] ioctl(4, LOOP_SET_FD, 3 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5818] umount2("./107/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7033] <... write resumed>) = 131072 [pid 5821] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 7033] munmap(0x7fbb60600000, 138412032 [pid 5821] newfstatat(3, "", [pid 7033] <... munmap resumed>) = 0 [pid 7032] <... ioctl resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7032] close(3) = 0 [pid 7032] close(4) = 0 [pid 7032] mkdir("./file2", 0777) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./107/binderfs" [pid 7032] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... unlink resumed>) = 0 [pid 5821] getdents64(3, [pid 7033] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7033] <... openat resumed>) = 4 [pid 7033] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./111/file2", [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./107" [pid 5822] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] mkdir("./108", 0777 [pid 5822] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 7033] <... ioctl resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... close resumed>) = 0 [pid 7033] close(3 [pid 5822] <... openat resumed>) = 3 [pid 5821] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7033] <... close resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 7033] close(4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7033] <... close resumed>) = 0 [pid 7033] mkdir("./file2", 0777 [pid 5822] getdents64(3, [pid 5821] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7033] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7034 attached [ 144.131154][ T7032] loop2: detected capacity change from 0 to 256 [ 144.147701][ T7033] loop1: detected capacity change from 0 to 256 [ 144.151650][ T7032] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7033] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", [pid 5822] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5822] newfstatat(4, "", [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7034 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./111/file2") = 0 [pid 5822] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./111/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./111") = 0 [pid 7034] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7034] <... set_robust_list resumed>) = 0 [pid 5821] getdents64(4, [pid 7034] chdir("./108" [pid 5822] mkdir("./112", 0777 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7034] <... chdir resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7034] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] close(4 [pid 7034] setpgid(0, 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 7034] <... setpgid resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] rmdir("./111/file2" [pid 5822] <... ioctl resumed>) = 0 [pid 5822] close(3 [pid 7034] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... close resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 7034] <... openat resumed>) = 3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7034] write(3, "1000", 4 [pid 5821] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./111/binderfs", ./strace-static-x86_64: Process 7035 attached [pid 7034] <... write resumed>) = 4 [pid 7032] <... mount resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7032] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] unlink("./111/binderfs" [pid 7034] close(3 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7035 [pid 5821] <... unlink resumed>) = 0 [pid 7034] <... close resumed>) = 0 [pid 5821] getdents64(3, [pid 7034] symlink("/dev/binderfs", "./binderfs" [pid 7032] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7032] chdir("./file2" [pid 7035] set_robust_list(0x55555eedf6a0, 24 [pid 7034] <... symlink resumed>) = 0 [pid 7033] <... mount resumed>) = 0 [pid 7032] <... chdir resumed>) = 0 [pid 5821] close(3 [pid 7033] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7032] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... close resumed>) = 0 [pid 7033] <... openat resumed>) = 3 [pid 7032] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] rmdir("./111" [pid 7033] chdir("./file2" [pid 7032] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... set_robust_list resumed>) = 0 [pid 7035] chdir("./112") = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 7032] <... futex resumed>) = 1 [pid 7033] <... chdir resumed>) = 0 [pid 7030] <... futex resumed>) = 0 [pid 5821] mkdir("./112", 0777 [pid 7032] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7035] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7033] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7035] <... prctl resumed>) = 0 [pid 7035] setpgid(0, 0) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 7035] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7033] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7030] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... openat resumed>) = 3 [pid 7033] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7032] <... futex resumed>) = 0 [pid 7030] <... futex resumed>) = 1 [pid 7035] write(3, "1000", 4 [pid 7033] <... futex resumed>) = 1 [pid 7035] <... write resumed>) = 4 [pid 7034] write(1, "executing program\n", 18executing program [pid 7033] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7032] mkdir("./file3", 0777 [pid 7031] <... futex resumed>) = 0 [pid 7030] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7035] close(3) = 0 [ 144.186444][ T7032] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.211510][ T7033] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.225150][ T7033] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) executing program [pid 7035] symlink("/dev/binderfs", "./binderfs" [pid 7034] <... write resumed>) = 18 [pid 7033] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7031] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 7033] mkdir("./file3", 0777 [pid 7031] <... futex resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7034] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... symlink resumed>) = 0 [pid 7034] <... futex resumed>) = 0 [pid 7031] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... ioctl resumed>) = 0 [pid 7035] write(1, "executing program\n", 18 [pid 7034] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] close(3 [pid 7035] <... write resumed>) = 18 [pid 7034] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7035] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7035] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7035] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7034] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... close resumed>) = 0 [pid 7035] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7036 attached => {parent_tid=[7036]}, 88) = 7036 [pid 7036] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], [pid 7036] <... rseq resumed>) = 0 [pid 7035] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7036] set_robust_list(0x7fbb68bde9a0, 24 [pid 7034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7036] <... set_robust_list resumed>) = 0 [pid 7035] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7036] rt_sigprocmask(SIG_SETMASK, [], [pid 7035] <... futex resumed>) = 0 [pid 7036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7035] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7036] memfd_create("syzkaller", 0) = 3 [pid 7036] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7036] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7032] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 7037 attached [pid 7034] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7034] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7030] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7037 [pid 7037] set_robust_list(0x55555eedf6a0, 24 [pid 7036] <... write resumed>) = 131072 [pid 7034] <... mprotect resumed>) = 0 [pid 7032] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7030] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7036] munmap(0x7fbb60600000, 138412032) = 0 [pid 7034] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7032] +++ killed by SIGSEGV +++ [pid 7030] +++ killed by SIGSEGV +++ [ 144.255541][ T7032] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.280825][ T7032] exFAT-fs (loop2): Filesystem has been set read-only [ 144.282155][ T7033] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7037] <... set_robust_list resumed>) = 0 [pid 7034] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7030, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7036] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7036] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7036] ioctl(4, LOOP_SET_FD, 3 [pid 5820] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7038 attached [pid 7037] chdir("./112" [pid 7033] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7031] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... openat resumed>) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7038] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7037] <... chdir resumed>) = 0 [pid 7034] <... clone3 resumed> => {parent_tid=[7038]}, 88) = 7038 [pid 7033] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7031] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = 0 [pid 7034] rt_sigprocmask(SIG_SETMASK, [], [pid 7038] <... rseq resumed>) = 0 [pid 7037] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7034] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7031] <... futex resumed>) = ? [pid 7038] set_robust_list(0x7fbb68bde9a0, 24 [pid 7034] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7033] +++ killed by SIGSEGV +++ [pid 7036] <... ioctl resumed>) = 0 [pid 5820] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7038] <... set_robust_list resumed>) = 0 [pid 7034] <... futex resumed>) = 0 [pid 7038] rt_sigprocmask(SIG_SETMASK, [], [pid 7037] <... prctl resumed>) = 0 [pid 7034] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7031] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7038] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(AT_FDCWD, "./108/file2", [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7031, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7037] setpgid(0, 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7037] <... setpgid resumed>) = 0 [pid 5820] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7038] memfd_create("syzkaller", 0 [pid 7036] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7038] <... memfd_create resumed>) = 3 [pid 7037] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7036] <... close resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 7036] close(4) = 0 [pid 5820] newfstatat(4, "", [pid 7038] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7037] <... openat resumed>) = 3 [pid 7036] mkdir("./file2", 0777 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7038] <... mmap resumed>) = 0x7fbb60600000 [pid 7037] write(3, "1000", 4 [pid 7036] <... mkdir resumed>) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7036] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] close(4 [pid 7038] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7037] <... write resumed>) = 4 [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./108/file2" [pid 7038] <... write resumed>) = 131072 [pid 7037] close(3 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 7038] munmap(0x7fbb60600000, 138412032 [pid 7037] <... close resumed>) = 0 [pid 7038] <... munmap resumed>) = 0 [pid 7037] symlink("/dev/binderfs", "./binderfs" [pid 5820] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7037] <... symlink resumed>) = 0 [pid 7038] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7038] <... openat resumed>) = 4 [ 144.313150][ T7033] exFAT-fs (loop1): Filesystem has been set read-only [ 144.320950][ T7036] loop4: detected capacity change from 0 to 256 [pid 7037] write(1, "executing program\n", 18) = 18 [pid 7037] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] ioctl(4, LOOP_SET_FD, 3 [pid 7037] <... futex resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./108/binderfs", [pid 5819] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7037] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7037] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7037] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7037] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 5819] <... openat resumed>) = 3 [pid 7037] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] unlink("./108/binderfs" [pid 7037] <... mprotect resumed>) = 0 [pid 5819] newfstatat(3, "", [pid 7037] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7037] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] getdents64(3, ./strace-static-x86_64: Process 7039 attached 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7039] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7037] <... clone3 resumed> => {parent_tid=[7039]}, 88) = 7039 [pid 5819] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7039] <... rseq resumed>) = 0 [pid 7037] rt_sigprocmask(SIG_SETMASK, [], [pid 7039] set_robust_list(0x7fbb68bde9a0, 24 [pid 7037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7039] <... set_robust_list resumed>) = 0 [pid 7037] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] rt_sigprocmask(SIG_SETMASK, [], [pid 7037] <... futex resumed>) = 0 [pid 7039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7037] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7039] memfd_create("syzkaller", 0 [pid 5819] <... umount2 resumed>) = 0 [pid 7039] <... memfd_create resumed>) = 3 [pid 5820] <... unlink resumed>) = 0 [pid 5819] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7039] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7039] <... mmap resumed>) = 0x7fbb60600000 [pid 5819] newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7039] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7039] <... write resumed>) = 131072 [pid 7039] munmap(0x7fbb60600000, 138412032) = 0 [pid 7038] <... ioctl resumed>) = 0 [pid 7039] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7038] close(3 [pid 7039] <... openat resumed>) = 4 [pid 7038] <... close resumed>) = 0 [pid 7039] ioctl(4, LOOP_SET_FD, 3 [pid 7038] close(4 [pid 5820] getdents64(3, [pid 5819] <... openat resumed>) = 4 [pid 7038] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] newfstatat(4, "", [pid 7038] mkdir("./file2", 0777 [pid 5820] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7038] <... mkdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(4, [pid 7038] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] rmdir("./108" [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./111/file2" [pid 5820] mkdir("./109", 0777 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./111/binderfs", [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7039] <... ioctl resumed>) = 0 [ 144.362721][ T7038] loop0: detected capacity change from 0 to 256 [ 144.384689][ T7036] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.395509][ T7039] loop3: detected capacity change from 0 to 256 [pid 7039] close(3) = 0 [pid 7039] close(4) = 0 [pid 7039] mkdir("./file2", 0777) = 0 [pid 7039] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7036] <... mount resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] unlink("./111/binderfs" [pid 7036] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... ioctl resumed>) = 0 [pid 7036] <... openat resumed>) = 3 [ 144.422111][ T7036] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.435498][ T7038] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.450060][ T7038] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.456509][ T7039] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5820] close(3 [pid 5819] <... unlink resumed>) = 0 [pid 7036] chdir("./file2" [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./111") = 0 [pid 5819] mkdir("./112", 0777) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7036] <... chdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 7036] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7036] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... ioctl resumed>) = 0 [pid 7038] <... mount resumed>) = 0 [pid 7036] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] close(3 [pid 7038] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7036] <... futex resumed>) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7038] <... openat resumed>) = 3 [pid 7036] mkdir("./file3", 0777 [pid 7035] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7038] chdir("./file2" [pid 7035] <... futex resumed>) = 0 [pid 7038] <... chdir resumed>) = 0 [pid 7035] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7038] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7038] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7038] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 7040 attached [pid 7034] <... futex resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7040 [pid 7039] <... mount resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7040] set_robust_list(0x55555eedf6a0, 24 [pid 7039] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7034] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 7041 attached [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7041 [pid 7041] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 7041] chdir("./112") = 0 [pid 7041] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7041] setpgid(0, 0) = 0 [pid 7041] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7041] write(3, "1000", 4) = 4 [pid 7041] close(3) = 0 [pid 7041] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7040] chdir("./109" [pid 7039] <... openat resumed>) = 3 [pid 7034] <... futex resumed>) = 1 [pid 7040] <... chdir resumed>) = 0 [pid 7039] chdir("./file2" [pid 7034] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7040] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7039] <... chdir resumed>) = 0 [pid 7041] write(1, "executing program\n", 18 [pid 7040] <... prctl resumed>) = 0 executing program [pid 7039] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7038] <... futex resumed>) = 0 [pid 7041] <... write resumed>) = 18 [pid 7038] mkdir("./file3", 0777 [pid 7041] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] setpgid(0, 0 [pid 7039] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7041] <... futex resumed>) = 0 [ 144.472308][ T7039] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.485243][ T7036] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.511729][ T7038] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7041] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7040] <... setpgid resumed>) = 0 [pid 7039] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7039] <... futex resumed>) = 1 [pid 7037] <... futex resumed>) = 0 [pid 7039] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7037] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7039] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7037] <... futex resumed>) = 0 [pid 7037] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7039] mkdir("./file3", 0777 [pid 7040] <... openat resumed>) = 3 [pid 7041] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7040] write(3, "1000", 4) = 4 [pid 7041] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7041] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7041] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7041] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7040] close(3 [pid 7041] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7041] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7035] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7035] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7041] <... clone3 resumed> => {parent_tid=[7042]}, 88) = 7042 [pid 7035] <... futex resumed>) = 0 [pid 7041] rt_sigprocmask(SIG_SETMASK, [], [pid 7035] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7041] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7035] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7041] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7041] <... futex resumed>) = 0 [pid 7035] <... mprotect resumed>) = 0 [pid 7041] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7035] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7040] <... close resumed>) = 0 ./strace-static-x86_64: Process 7042 attached executing program [pid 7040] symlink("/dev/binderfs", "./binderfs" [pid 7035] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7035] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7042] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7040] <... symlink resumed>) = 0 [pid 7042] <... rseq resumed>) = 0 [pid 7040] write(1, "executing program\n", 18 [pid 7042] set_robust_list(0x7fbb68bde9a0, 24 [pid 7040] <... write resumed>) = 18 [pid 7042] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 7043 attached [pid 7042] rt_sigprocmask(SIG_SETMASK, [], [pid 7040] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] <... clone3 resumed> => {parent_tid=[7043]}, 88) = 7043 [pid 7035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7035] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7035] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7043] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7040] <... futex resumed>) = 0 [pid 7039] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7036] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7034] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7043] <... rseq resumed>) = 0 [pid 7034] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7043] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7040] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7034] <... futex resumed>) = 0 [pid 7043] <... set_robust_list resumed>) = 0 [pid 7042] memfd_create("syzkaller", 0 [pid 7040] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7034] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7043] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 7040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7034] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7043] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... memfd_create resumed>) = 3 [pid 7034] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7043] <... futex resumed>) = 1 [pid 7035] <... futex resumed>) = 0 [pid 7043] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7035] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7043] <... ioctl resumed>) = 0 [pid 7035] <... futex resumed>) = 0 [pid 7043] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7034] <... mprotect resumed>) = 0 [pid 7040] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7042] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7043] <... futex resumed>) = 0 [pid 7035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7043] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7040] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7038] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7034] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7040] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7042] <... mmap resumed>) = 0x7fbb60600000 [pid 7039] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7037] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7036] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7034] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7040] <... mprotect resumed>) = 0 [pid 7038] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7037] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7035] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7043] <... futex resumed>) = ? [pid 7040] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7037] <... futex resumed>) = 0 [pid 7043] +++ killed by SIGSEGV +++ [pid 7042] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7040] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7038] +++ killed by SIGSEGV +++ [pid 7036] +++ killed by SIGSEGV +++ [pid 7035] +++ killed by SIGSEGV +++ [pid 7042] <... write resumed>) = 131072 [pid 7039] +++ killed by SIGSEGV +++ ./strace-static-x86_64: Process 7044 attached [pid 7044] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7035, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7042] munmap(0x7fbb60600000, 138412032 [pid 7040] <... clone3 resumed> => {parent_tid=[7044]}, 88) = 7044 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 7040] rt_sigprocmask(SIG_SETMASK, [], [pid 7044] set_robust_list(0x7fbb68bde9a0, 24 [pid 7040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7044] <... set_robust_list resumed>) = 0 [pid 7044] rt_sigprocmask(SIG_SETMASK, [], [pid 7040] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7042] <... munmap resumed>) = 0 [pid 7040] <... futex resumed>) = 0 [pid 7037] +++ killed by SIGSEGV +++ [pid 7034] +++ killed by SIGSEGV +++ [pid 7044] memfd_create("syzkaller", 0 [pid 7042] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7040] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7037, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 7042] <... openat resumed>) = 4 [ 144.525118][ T7039] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.529231][ T7036] exFAT-fs (loop4): Filesystem has been set read-only [ 144.551870][ T7039] exFAT-fs (loop3): Filesystem has been set read-only [ 144.555057][ T7038] exFAT-fs (loop0): Filesystem has been set read-only [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7042] ioctl(4, LOOP_SET_FD, 3 [pid 7044] <... memfd_create resumed>) = 3 [pid 7044] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7034, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7044] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7044] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5818] umount2("./108", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", [pid 7042] <... ioctl resumed>) = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 7042] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7044] <... write resumed>) = 131072 [pid 7042] <... close resumed>) = 0 [pid 7044] munmap(0x7fbb60600000, 138412032 [pid 5822] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, [pid 7044] <... munmap resumed>) = 0 [pid 7042] close(4 [pid 5821] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7044] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7042] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 5818] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7044] <... openat resumed>) = 4 [pid 7042] mkdir("./file2", 0777 [pid 5822] newfstatat(3, "", [pid 5821] newfstatat(3, "", [pid 7044] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 7044] <... ioctl resumed>) = 0 [pid 7042] <... mkdir resumed>) = 0 [pid 5822] getdents64(3, [pid 5821] getdents64(3, [pid 7044] close(3 [pid 7042] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7044] <... close resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7044] close(4 [pid 5822] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7044] <... close resumed>) = 0 [pid 7044] mkdir("./file2", 0777) = 0 [pid 5818] newfstatat(AT_FDCWD, "./108/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./108/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./108/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7044] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5818] close(4) = 0 [pid 5821] <... umount2 resumed>) = 0 [ 144.596726][ T7042] loop1: detected capacity change from 0 to 256 [ 144.614593][ T7044] loop2: detected capacity change from 0 to 256 [pid 5818] rmdir("./108/file2") = 0 [pid 5822] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./108/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./108/binderfs") = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./108") = 0 [pid 5818] mkdir("./109", 0777 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] <... mkdir resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./112/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", [pid 5822] newfstatat(AT_FDCWD, "./112/file2", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(4, [pid 5818] <... openat resumed>) = 3 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5821] close(4 [pid 5818] <... ioctl resumed>) = 0 [pid 5821] <... close resumed>) = 0 [pid 5821] rmdir("./112/file2" [pid 5818] close(3 [pid 5821] <... rmdir resumed>) = 0 [ 144.642378][ T7042] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.660028][ T7044] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.674467][ T7042] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5818] <... close resumed>) = 0 [pid 5822] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./112/binderfs", [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7045 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./112/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3./strace-static-x86_64: Process 7045 attached [pid 5822] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... close resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5821] rmdir("./112" [pid 7045] set_robust_list(0x55555eedf6a0, 24 [pid 7042] <... mount resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 5821] <... rmdir resumed>) = 0 [pid 7045] <... set_robust_list resumed>) = 0 [pid 7044] <... mount resumed>) = 0 [pid 7042] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] mkdir("./113", 0777 [pid 7045] chdir("./109" [pid 5822] getdents64(4, [pid 7045] <... chdir resumed>) = 0 [pid 7044] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7042] <... openat resumed>) = 3 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... mkdir resumed>) = 0 [pid 7045] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7044] <... openat resumed>) = 3 [pid 7042] chdir("./file2" [pid 7045] <... prctl resumed>) = 0 [pid 7044] chdir("./file2" [pid 7042] <... chdir resumed>) = 0 [pid 5822] getdents64(4, [pid 7045] setpgid(0, 0 [pid 7044] <... chdir resumed>) = 0 [pid 7042] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7045] <... setpgid resumed>) = 0 [pid 7044] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7042] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] close(4 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7044] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7042] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... close resumed>) = 0 [pid 7045] <... openat resumed>) = 3 [pid 7044] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7042] <... futex resumed>) = 1 [pid 7041] <... futex resumed>) = 0 [pid 5822] rmdir("./112/file2" [pid 5821] <... openat resumed>) = 3 [pid 7045] write(3, "1000", 4 [pid 7044] <... futex resumed>) = 1 [pid 7042] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7041] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7040] <... futex resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7045] <... write resumed>) = 4 [pid 7044] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7042] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 144.685391][ T7044] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7041] <... futex resumed>) = 0 [pid 7040] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7045] close(3 [pid 7044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7042] mkdir("./file3", 0777 [pid 7041] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7040] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... ioctl resumed>) = 0 [pid 7045] <... close resumed>) = 0 [pid 7044] mkdir("./file3", 0777 [pid 5821] close(3) = 0 [pid 7045] symlink("/dev/binderfs", "./binderfs" [pid 7040] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] newfstatat(AT_FDCWD, "./112/binderfs", [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7046 attached [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 executing program [pid 7046] set_robust_list(0x55555eedf6a0, 24 [pid 7045] <... symlink resumed>) = 0 [pid 7045] write(1, "executing program\n", 18 [pid 5822] unlink("./112/binderfs" [pid 7045] <... write resumed>) = 18 [pid 7046] <... set_robust_list resumed>) = 0 [pid 7046] chdir("./113") = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7046 [pid 7046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7046] setpgid(0, 0) = 0 [pid 7046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7045] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... unlink resumed>) = 0 [pid 7046] write(3, "1000", 4) = 4 [pid 7046] close(3) = 0 [pid 7046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7045] <... futex resumed>) = 0 [pid 7044] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7042] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] getdents64(3, [pid 7045] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7044] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7046] write(1, "executing program\n", 18 [pid 7042] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 executing program [pid 7046] <... write resumed>) = 18 [pid 7045] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7041] <... futex resumed>) = ? [pid 7040] <... futex resumed>) = ? [pid 5822] close(3 [pid 7046] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7046] <... futex resumed>) = 0 [pid 7046] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7046] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7047 attached [pid 7042] +++ killed by SIGSEGV +++ [pid 7041] +++ killed by SIGSEGV +++ [pid 5822] <... close resumed>) = 0 [pid 7047] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7046] <... clone3 resumed> => {parent_tid=[7047]}, 88) = 7047 [pid 7045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7044] +++ killed by SIGSEGV +++ [pid 7040] +++ killed by SIGSEGV +++ [pid 5822] rmdir("./112" [pid 7045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7041, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7040, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7045] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... restart_syscall resumed>) = 0 [pid 7045] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... rmdir resumed>) = 0 [pid 7047] <... rseq resumed>) = 0 [pid 7046] rt_sigprocmask(SIG_SETMASK, [], [pid 7045] <... mprotect resumed>) = 0 [pid 5822] mkdir("./113", 0777 [pid 5819] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7047] set_robust_list(0x7fbb68bde9a0, 24 [pid 7046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7045] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... mkdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7045] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] newfstatat(3, "", ./strace-static-x86_64: Process 7048 attached [pid 5822] <... ioctl resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7048] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7046] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7045] <... clone3 resumed> => {parent_tid=[7048]}, 88) = 7048 [pid 5822] close(3 [pid 5819] getdents64(3, [pid 7048] <... rseq resumed>) = 0 [pid 7047] <... set_robust_list resumed>) = 0 [pid 7046] <... futex resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7048] set_robust_list(0x7fbb68bde9a0, 24 [pid 7047] rt_sigprocmask(SIG_SETMASK, [], [pid 7046] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7045] rt_sigprocmask(SIG_SETMASK, [], [pid 7048] <... set_robust_list resumed>) = 0 [pid 7047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7048] rt_sigprocmask(SIG_SETMASK, [], [pid 7045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7047] memfd_create("syzkaller", 0 [pid 7045] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... restart_syscall resumed>) = 0 ./strace-static-x86_64: Process 7049 attached [pid 7048] memfd_create("syzkaller", 0 [pid 7047] <... memfd_create resumed>) = 3 [pid 7045] <... futex resumed>) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7049 [pid 5819] <... umount2 resumed>) = 0 [pid 7049] set_robust_list(0x55555eedf6a0, 24 [pid 7048] <... memfd_create resumed>) = 3 [pid 7047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7045] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7049] <... set_robust_list resumed>) = 0 [pid 7048] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7047] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7049] chdir("./113" [pid 7048] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7049] <... chdir resumed>) = 0 [pid 7048] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7047] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [ 144.728022][ T7042] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.738513][ T7044] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 144.749213][ T7042] exFAT-fs (loop1): Filesystem has been set read-only [ 144.756907][ T7044] exFAT-fs (loop2): Filesystem has been set read-only [pid 5820] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(AT_FDCWD, "./112/file2", [pid 7049] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] <... openat resumed>) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7049] <... prctl resumed>) = 0 [pid 5820] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7049] setpgid(0, 0 [pid 7048] <... write resumed>) = 131072 [pid 7049] <... setpgid resumed>) = 0 [pid 5819] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7047] <... write resumed>) = 131072 [pid 7049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7048] munmap(0x7fbb60600000, 138412032 [pid 7047] munmap(0x7fbb60600000, 138412032 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7049] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7049] write(3, "1000", 4 [pid 5820] newfstatat(AT_FDCWD, "./109/file2", [pid 7049] <... write resumed>) = 4 [pid 7048] <... munmap resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... openat resumed>) = 4 [pid 7049] close(3 [pid 7047] <... munmap resumed>) = 0 [pid 5820] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7049] <... close resumed>) = 0 [pid 7047] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7049] symlink("/dev/binderfs", "./binderfs" [pid 7048] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7047] <... openat resumed>) = 4 [pid 5820] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] newfstatat(4, "", [pid 7049] <... symlink resumed>) = 0 [pid 7048] <... openat resumed>) = 4 [pid 7047] ioctl(4, LOOP_SET_FD, 3 [pid 5820] <... openat resumed>) = 4 [pid 7049] write(1, "executing program\n", 18 [pid 7048] ioctl(4, LOOP_SET_FD, 3 [pid 5820] newfstatat(4, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./109/file2") = 0 [pid 5820] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./109/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./109") = 0 [pid 5820] mkdir("./110", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 executing program [pid 5820] close(3 [pid 7049] <... write resumed>) = 18 [pid 7048] <... ioctl resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(4, [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7049] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7050 attached ) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7050] set_robust_list(0x55555eedf6a0, 24 [pid 7049] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7050 [pid 5819] getdents64(4, [pid 7050] <... set_robust_list resumed>) = 0 [pid 7050] chdir("./110") = 0 [pid 7050] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7050] setpgid(0, 0 [pid 7049] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7047] <... ioctl resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7047] close(3 [pid 5819] close(4 [pid 7049] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7048] close(3 [pid 5819] <... close resumed>) = 0 [pid 7049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7048] <... close resumed>) = 0 [pid 5819] rmdir("./112/file2" [pid 7050] <... setpgid resumed>) = 0 [pid 7049] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7050] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7048] close(4 [pid 7049] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... rmdir resumed>) = 0 [pid 7050] <... openat resumed>) = 3 [pid 7049] <... mprotect resumed>) = 0 [pid 7048] <... close resumed>) = 0 [pid 7047] <... close resumed>) = 0 [pid 5819] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7050] write(3, "1000", 4) = 4 [pid 7049] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7048] mkdir("./file2", 0777 [pid 7047] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7050] close(3 [pid 7049] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7050] <... close resumed>) = 0 [pid 7048] <... mkdir resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./112/binderfs", [pid 7050] symlink("/dev/binderfs", "./binderfs" [pid 7049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7048] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7047] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7051 attached [pid 7050] <... symlink resumed>) = 0 [pid 7047] mkdir("./file2", 0777executing program [pid 5819] unlink("./112/binderfs" [pid 7049] <... clone3 resumed> => {parent_tid=[7051]}, 88) = 7051 [pid 7047] <... mkdir resumed>) = 0 [pid 7049] rt_sigprocmask(SIG_SETMASK, [], [pid 7047] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7051] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5819] <... unlink resumed>) = 0 [pid 5819] getdents64(3, [pid 7050] write(1, "executing program\n", 18 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7051] <... rseq resumed>) = 0 [pid 7050] <... write resumed>) = 18 [pid 5819] close(3 [pid 7051] set_robust_list(0x7fbb68bde9a0, 24 [pid 7050] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 144.823677][ T7047] loop3: detected capacity change from 0 to 256 [ 144.831453][ T7048] loop0: detected capacity change from 0 to 256 [pid 7051] <... set_robust_list resumed>) = 0 [pid 7050] <... futex resumed>) = 0 [pid 7049] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... close resumed>) = 0 [pid 7051] rt_sigprocmask(SIG_SETMASK, [], [pid 7050] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7049] <... futex resumed>) = 0 [pid 7050] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] rmdir("./112" [pid 7050] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... rmdir resumed>) = 0 [pid 7050] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] mkdir("./113", 0777 [pid 7050] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... mkdir resumed>) = 0 [pid 7050] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7050] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7050] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... ioctl resumed>) = 0 [pid 7050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] close(3) = 0 ./strace-static-x86_64: Process 7052 attached [pid 7051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7049] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7051] memfd_create("syzkaller", 0 [pid 7050] <... clone3 resumed> => {parent_tid=[7052]}, 88) = 7052 [pid 7050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7050] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7052] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7051] <... memfd_create resumed>) = 3 [pid 7052] <... rseq resumed>) = 0 [pid 7050] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7052] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7052] memfd_create("syzkaller", 0./strace-static-x86_64: Process 7053 attached ) = 3 [pid 7052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7053] set_robust_list(0x55555eedf6a0, 24 [pid 7051] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7053] <... set_robust_list resumed>) = 0 [pid 7052] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7053] chdir("./113" [pid 7051] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7053 [pid 7053] <... chdir resumed>) = 0 [pid 7052] <... write resumed>) = 131072 [pid 7053] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7053] setpgid(0, 0) = 0 [pid 7053] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7052] munmap(0x7fbb60600000, 138412032) = 0 [pid 7053] write(3, "1000", 4) = 4 [pid 7053] close(3) = 0 [pid 7053] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 7052] ioctl(4, LOOP_SET_FD, 3executing program [pid 7053] write(1, "executing program\n", 18) = 18 [ 144.872029][ T7048] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 144.898569][ T7048] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.904485][ T7047] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7053] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] <... write resumed>) = 131072 [pid 7053] <... futex resumed>) = 0 [pid 7053] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7048] <... mount resumed>) = 0 [pid 7053] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7051] munmap(0x7fbb60600000, 138412032 [pid 7048] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7053] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7048] <... openat resumed>) = 3 [pid 7053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7048] chdir("./file2" [pid 7053] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7048] <... chdir resumed>) = 0 [pid 7053] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7048] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7053] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7048] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7053] <... mprotect resumed>) = 0 [pid 7048] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7053] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7048] <... futex resumed>) = 1 [pid 7053] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7048] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7045] <... futex resumed>) = 0 [pid 7045] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7048] <... futex resumed>) = 0 [pid 7045] <... futex resumed>) = 1 [pid 7048] mkdir("./file3", 0777 [pid 7045] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7053] <... clone3 resumed> => {parent_tid=[7054]}, 88) = 7054 [pid 7053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7053] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7053] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7052] <... ioctl resumed>) = 0 [pid 7052] close(3) = 0 [pid 7052] close(4) = 0 [pid 7052] mkdir("./file2", 0777./strace-static-x86_64: Process 7054 attached ) = 0 [pid 7051] <... munmap resumed>) = 0 [pid 7054] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7051] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7054] <... rseq resumed>) = 0 [pid 7052] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7051] <... openat resumed>) = 4 [pid 7054] set_robust_list(0x7fbb68bde9a0, 24 [pid 7051] ioctl(4, LOOP_SET_FD, 3 [pid 7054] <... set_robust_list resumed>) = 0 [ 144.922279][ T7052] loop2: detected capacity change from 0 to 256 [ 144.951408][ T7047] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 144.957352][ T7048] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7054] memfd_create("syzkaller", 0 [pid 7051] <... ioctl resumed>) = 0 [pid 7047] <... mount resumed>) = 0 [pid 7045] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7054] <... memfd_create resumed>) = 3 [pid 7047] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7045] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7054] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7051] close(3 [pid 7047] <... openat resumed>) = 3 [pid 7045] <... futex resumed>) = 0 [pid 7054] <... mmap resumed>) = 0x7fbb60600000 [pid 7051] <... close resumed>) = 0 [pid 7047] chdir("./file2" [pid 7045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7051] close(4 [pid 7047] <... chdir resumed>) = 0 [pid 7045] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7045] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7045] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7054] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7047] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7051] <... close resumed>) = 0 [pid 7045] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[7055]}, 88) = 7055 [pid 7045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7045] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7045] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7055 attached [pid 7051] mkdir("./file2", 0777 [pid 7047] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7055] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 7051] <... mkdir resumed>) = 0 [pid 7047] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7051] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7047] <... futex resumed>) = 1 [pid 7046] <... futex resumed>) = 0 [pid 7055] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 7047] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7046] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7055] rt_sigprocmask(SIG_SETMASK, [], [pid 7047] mkdir("./file3", 0777 [pid 7046] <... futex resumed>) = 0 [pid 7055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7046] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7055] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 7055] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7045] <... futex resumed>) = 0 [pid 7045] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7045] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 144.974394][ T7051] loop4: detected capacity change from 0 to 256 [ 144.980572][ T7052] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.003351][ T7048] exFAT-fs (loop0): Filesystem has been set read-only [ 145.004067][ T7047] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7055] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080) = 0 [pid 7054] <... write resumed>) = 131072 [pid 7054] munmap(0x7fbb60600000, 138412032) = 0 [pid 7054] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7054] ioctl(4, LOOP_SET_FD, 3 [pid 7055] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7045] <... futex resumed>) = 0 [pid 7048] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7048] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7055] +++ killed by SIGSEGV +++ [pid 7048] +++ killed by SIGSEGV +++ [pid 7045] +++ killed by SIGSEGV +++ [pid 7047] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7052] <... mount resumed>) = 0 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7045, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7054] <... ioctl resumed>) = 0 [pid 7052] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7054] close(3 [pid 7052] <... openat resumed>) = 3 [pid 7052] chdir("./file2") = 0 [pid 7052] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7052] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7050] <... futex resumed>) = 0 [pid 7052] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7052] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7050] <... futex resumed>) = 0 [pid 7052] mkdir("./file3", 0777 [pid 7050] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7047] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7054] <... close resumed>) = 0 [ 145.016724][ T7052] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 145.035943][ T7054] loop1: detected capacity change from 0 to 256 [ 145.037603][ T7047] exFAT-fs (loop3): Filesystem has been set read-only [ 145.048251][ T7051] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.062867][ T7051] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7054] close(4 [pid 7051] <... mount resumed>) = 0 [pid 7054] <... close resumed>) = 0 [pid 7054] mkdir("./file2", 0777 [pid 7051] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] umount2("./109", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7054] <... mkdir resumed>) = 0 [pid 7051] <... openat resumed>) = 3 [pid 7046] <... futex resumed>) = ? [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7054] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7051] chdir("./file2" [pid 5818] openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7051] <... chdir resumed>) = 0 [pid 7047] +++ killed by SIGSEGV +++ [pid 7046] +++ killed by SIGSEGV +++ [pid 5818] <... openat resumed>) = 3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7046, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5818] newfstatat(3, "", [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7051] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] getdents64(3, [pid 7051] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7051] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7052] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7051] <... futex resumed>) = 1 [pid 7050] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] <... restart_syscall resumed>) = 0 [pid 5818] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7051] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7050] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] <... futex resumed>) = 0 [pid 7050] <... futex resumed>) = 0 [pid 7050] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7050] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7050] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7049] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7050] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7050] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 7056 attached => {parent_tid=[7056]}, 88) = 7056 [pid 7050] rt_sigprocmask(SIG_SETMASK, [], [pid 7049] <... futex resumed>) = 1 [pid 7051] <... futex resumed>) = 0 [pid 7050] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 145.073968][ T7052] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.102305][ T7052] exFAT-fs (loop2): Filesystem has been set read-only [ 145.103074][ T7054] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7051] mkdir("./file3", 0777 [pid 7050] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7049] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7052] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7050] <... futex resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7056] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... umount2 resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5818] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(AT_FDCWD, "./109/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(3, [pid 7052] +++ killed by SIGSEGV +++ [pid 7050] +++ killed by SIGSEGV +++ [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./109/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./109/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7050, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 7051] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... restart_syscall resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 5821] <... umount2 resumed>) = 0 [pid 7051] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(4, [pid 5821] newfstatat(AT_FDCWD, "./113/file2", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7054] <... mount resumed>) = 0 [pid 7049] <... futex resumed>) = ? [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] close(4 [pid 7054] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7051] +++ killed by SIGSEGV +++ [pid 7049] +++ killed by SIGSEGV +++ [pid 5821] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 3 [pid 5818] <... close resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(3, "", [pid 5818] rmdir("./109/file2" [pid 7054] <... openat resumed>) = 3 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7049, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5821] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7054] chdir("./file2" [pid 5822] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... openat resumed>) = 4 [pid 5820] getdents64(3, [pid 5818] umount2("./109/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7054] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(4, "", [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7054] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5822] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./109/binderfs", [pid 7054] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... openat resumed>) = 3 [pid 5821] getdents64(4, [pid 5820] <... umount2 resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7054] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] newfstatat(3, "", [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] unlink("./109/binderfs" [pid 7054] <... futex resumed>) = 1 [pid 7053] <... futex resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... unlink resumed>) = 0 [pid 7054] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7053] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(3, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] newfstatat(AT_FDCWD, "./110/file2", [pid 5818] getdents64(3, [pid 7054] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7053] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] close(4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7054] mkdir("./file3", 0777 [pid 7053] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... close resumed>) = 0 [pid 5820] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] close(3 [ 145.133690][ T7051] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.155017][ T7051] exFAT-fs (loop4): Filesystem has been set read-only [ 145.164101][ T7054] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] rmdir("./113/file2" [pid 5822] <... umount2 resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... close resumed>) = 0 [pid 5821] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./113/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./113" [pid 5818] rmdir("./109" [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5821] mkdir("./114", 0777 [pid 5818] mkdir("./110", 0777 [pid 5821] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... mkdir resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./110/file2") = 0 [pid 5822] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] newfstatat(AT_FDCWD, "./113/file2", [pid 5821] <... openat resumed>) = 3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./110/binderfs", [pid 5822] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... ioctl resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] close(3 [pid 5820] unlink("./110/binderfs" [pid 5818] <... ioctl resumed>) = 0 [pid 5822] <... openat resumed>) = 4 [pid 5820] <... unlink resumed>) = 0 [pid 5818] close(3) = 0 [pid 7054] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] newfstatat(4, "", [pid 5821] <... close resumed>) = 0 [pid 5820] getdents64(3, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(4, [pid 5820] close(3 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... close resumed>) = 0 [pid 7054] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(4, [pid 5820] rmdir("./110" [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7057 attached [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 7057] set_robust_list(0x55555eedf6a0, 24 [pid 7053] <... futex resumed>) = ? [pid 5822] close(4) = 0 [pid 7057] <... set_robust_list resumed>) = 0 [pid 5822] rmdir("./113/file2" [pid 5820] mkdir("./111", 0777 [pid 7057] chdir("./114" [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7057 [pid 7057] <... chdir resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7058 [pid 5822] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7057] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] newfstatat(AT_FDCWD, "./113/binderfs", [pid 5820] <... openat resumed>) = 3 [pid 7057] <... prctl resumed>) = 0 [pid 7057] setpgid(0, 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 7058 attached [pid 7057] <... setpgid resumed>) = 0 [pid 7054] +++ killed by SIGSEGV +++ [pid 7053] +++ killed by SIGSEGV +++ [pid 5820] <... ioctl resumed>) = 0 [pid 5822] unlink("./113/binderfs") = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7053, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] getdents64(3, [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3 [pid 7058] set_robust_list(0x55555eedf6a0, 24 [pid 7057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] close(3 [pid 5820] <... close resumed>) = 0 [pid 7058] <... set_robust_list resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./113" [pid 7057] <... openat resumed>) = 3 [pid 7058] chdir("./110" [pid 5822] <... rmdir resumed>) = 0 [pid 5822] mkdir("./114", 0777) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7059 attached [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 7059] set_robust_list(0x55555eedf6a0, 24 [pid 5822] close(3 [pid 7059] <... set_robust_list resumed>) = 0 [pid 7059] chdir("./111") = 0 [pid 7059] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7059] setpgid(0, 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7059 [pid 7059] <... setpgid resumed>) = 0 [pid 7059] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7058] <... chdir resumed>) = 0 [pid 7057] write(3, "1000", 4 [pid 5819] <... restart_syscall resumed>) = 0 [ 145.211787][ T7054] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.222735][ T7054] exFAT-fs (loop1): Filesystem has been set read-only [pid 7058] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7057] <... write resumed>) = 4 [pid 5822] <... close resumed>) = 0 [pid 7059] <... openat resumed>) = 3 [pid 7058] <... prctl resumed>) = 0 [pid 7057] close(3 [pid 7059] write(3, "1000", 4 [pid 5819] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7058] setpgid(0, 0 [pid 7057] <... close resumed>) = 0 [pid 7059] <... write resumed>) = 4 [pid 7058] <... setpgid resumed>) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7057] symlink("/dev/binderfs", "./binderfs" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7059] close(3 [pid 7058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7057] <... symlink resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7057] write(1, "executing program\n", 18 [pid 5819] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7060 attached [pid 7059] <... close resumed>) = 0 [pid 7058] <... openat resumed>) = 3 [pid 7057] <... write resumed>) = 18 [pid 5819] newfstatat(3, "", [pid 7060] set_robust_list(0x55555eedf6a0, 24 [pid 7059] symlink("/dev/binderfs", "./binderfs" [pid 7058] write(3, "1000", 4 [pid 7057] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7060 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7060] <... set_robust_list resumed>) = 0 [pid 7059] <... symlink resumed>) = 0 [pid 7058] <... write resumed>) = 4 [pid 7057] <... futex resumed>) = 0 [pid 5819] getdents64(3, executing program [pid 7060] chdir("./114" [pid 7059] write(1, "executing program\n", 18 [pid 7058] close(3 [pid 7057] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7059] <... write resumed>) = 18 [pid 7058] <... close resumed>) = 0 [pid 7057] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7060] <... chdir resumed>) = 0 [pid 7059] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] symlink("/dev/binderfs", "./binderfs" [pid 7057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... umount2 resumed>) = 0 [pid 7060] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7059] <... futex resumed>) = 0 [pid 7058] <... symlink resumed>) = 0 [pid 7057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7060] <... prctl resumed>) = 0 [pid 7059] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7057] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] newfstatat(AT_FDCWD, "./113/file2", [pid 7057] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7057] <... mprotect resumed>) = 0 [pid 5819] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7060] setpgid(0, 0 [pid 7059] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7058] write(1, "executing program\n", 18 [pid 7057] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... openat resumed>) = 4 [pid 7060] <... setpgid resumed>) = 0 [pid 7059] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7058] <... write resumed>) = 18 [pid 5819] newfstatat(4, "", [pid 7060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7058] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7058] <... futex resumed>) = 0 [pid 5819] getdents64(4, [pid 7059] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7058] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7057] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7060] <... openat resumed>) = 3 [pid 7059] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7058] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] getdents64(4, ./strace-static-x86_64: Process 7061 attached [pid 7060] write(3, "1000", 4 [pid 7059] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7060] <... write resumed>) = 4 [pid 7059] <... mprotect resumed>) = 0 [pid 7058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7057] <... clone3 resumed> => {parent_tid=[7061]}, 88) = 7061 [pid 5819] close(4 [pid 7061] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7060] close(3 [pid 7059] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7057] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... close resumed>) = 0 [pid 7061] <... rseq resumed>) = 0 [pid 7060] <... close resumed>) = 0 [pid 7059] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7058] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] rmdir("./113/file2" [pid 7061] set_robust_list(0x7fbb68bde9a0, 24 [pid 7060] symlink("/dev/binderfs", "./binderfs" [pid 7059] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7058] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7057] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... rmdir resumed>) = 0 ./strace-static-x86_64: Process 7062 attached [pid 7061] <... set_robust_list resumed>) = 0 [pid 7058] <... mprotect resumed>) = 0 [pid 7057] <... futex resumed>) = 0 [pid 5819] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7061] rt_sigprocmask(SIG_SETMASK, [], [pid 7060] <... symlink resumed>) = 0 [pid 7059] <... clone3 resumed> => {parent_tid=[7062]}, 88) = 7062 [pid 7058] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7057] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7062] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7061] <... rt_sigprocmask resumed>NULL, 8) = 0 executing program [pid 7060] write(1, "executing program\n", 18 [pid 7059] rt_sigprocmask(SIG_SETMASK, [], [pid 7058] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] newfstatat(AT_FDCWD, "./113/binderfs", [pid 7062] <... rseq resumed>) = 0 [pid 7061] memfd_create("syzkaller", 0 [pid 7060] <... write resumed>) = 18 [pid 7059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7063 attached [pid 7062] set_robust_list(0x7fbb68bde9a0, 24 [pid 7061] <... memfd_create resumed>) = 3 [pid 7060] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7059] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] unlink("./113/binderfs" [pid 7063] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7062] <... set_robust_list resumed>) = 0 [pid 7061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7060] <... futex resumed>) = 0 [pid 7059] <... futex resumed>) = 0 [pid 7058] <... clone3 resumed> => {parent_tid=[7063]}, 88) = 7063 [pid 5819] <... unlink resumed>) = 0 [pid 7063] <... rseq resumed>) = 0 [pid 7062] rt_sigprocmask(SIG_SETMASK, [], [pid 7061] <... mmap resumed>) = 0x7fbb60600000 [pid 7059] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7062] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7058] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] getdents64(3, [pid 7062] memfd_create("syzkaller", 0 [pid 7061] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7060] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7058] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7063] set_robust_list(0x7fbb68bde9a0, 24 [pid 7060] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7058] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7063] <... set_robust_list resumed>) = 0 [pid 7062] <... memfd_create resumed>) = 3 [pid 7060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7058] <... futex resumed>) = 0 [pid 5819] close(3 [pid 7063] rt_sigprocmask(SIG_SETMASK, [], [pid 7062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7061] <... write resumed>) = 131072 [pid 7060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7058] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... close resumed>) = 0 [pid 7063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7062] <... mmap resumed>) = 0x7fbb60600000 [pid 7060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] rmdir("./113" [pid 7063] memfd_create("syzkaller", 0 [pid 7062] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7060] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... rmdir resumed>) = 0 [pid 5819] mkdir("./114", 0777 [pid 7061] munmap(0x7fbb60600000, 138412032 [pid 7060] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... mkdir resumed>) = 0 [pid 7061] <... munmap resumed>) = 0 [pid 7060] <... mprotect resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7061] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7060] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7061] <... openat resumed>) = 4 [pid 5819] <... openat resumed>) = 3 [pid 7061] ioctl(4, LOOP_SET_FD, 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7062] <... write resumed>) = 131072 [pid 7060] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7063] <... memfd_create resumed>) = 3 [pid 7060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5819] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7064 attached [pid 7063] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5819] close(3 [pid 7064] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7063] <... mmap resumed>) = 0x7fbb60600000 [pid 7062] munmap(0x7fbb60600000, 138412032 [pid 7060] <... clone3 resumed> => {parent_tid=[7064]}, 88) = 7064 [pid 7064] <... rseq resumed>) = 0 [pid 7063] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7062] <... munmap resumed>) = 0 [pid 7060] rt_sigprocmask(SIG_SETMASK, [], [pid 7064] set_robust_list(0x7fbb68bde9a0, 24 [pid 5819] <... close resumed>) = 0 [pid 7063] <... write resumed>) = 131072 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7064] <... set_robust_list resumed>) = 0 [pid 7060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7064] rt_sigprocmask(SIG_SETMASK, [], [pid 7062] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7060] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7060] <... futex resumed>) = 0 ./strace-static-x86_64: Process 7065 attached [pid 7064] memfd_create("syzkaller", 0 [pid 7063] munmap(0x7fbb60600000, 138412032 [pid 7060] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7062] <... openat resumed>) = 4 [pid 7062] ioctl(4, LOOP_SET_FD, 3 [pid 7063] <... munmap resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7065 [pid 7063] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7065] set_robust_list(0x55555eedf6a0, 24 [pid 7063] <... openat resumed>) = 4 [pid 7065] <... set_robust_list resumed>) = 0 [pid 7065] chdir("./114") = 0 [pid 7065] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7063] ioctl(4, LOOP_SET_FD, 3 [pid 7065] setpgid(0, 0 [pid 7064] <... memfd_create resumed>) = 3 [pid 7062] <... ioctl resumed>) = 0 [pid 7064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7062] close(3 [pid 7064] <... mmap resumed>) = 0x7fbb60600000 [pid 7062] <... close resumed>) = 0 [pid 7061] <... ioctl resumed>) = 0 [pid 7062] close(4) = 0 [pid 7061] close(3) = 0 [pid 7061] close(4 [pid 7065] <... setpgid resumed>) = 0 [pid 7061] <... close resumed>) = 0 [pid 7064] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7062] mkdir("./file2", 0777 [pid 7065] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7061] mkdir("./file2", 0777 [pid 7065] <... openat resumed>) = 3 [pid 7061] <... mkdir resumed>) = 0 [pid 7061] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7062] <... mkdir resumed>) = 0 [pid 7065] write(3, "1000", 4executing program ) = 4 [pid 7065] close(3) = 0 [pid 7062] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7065] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7064] <... write resumed>) = 131072 [pid 7065] write(1, "executing program\n", 18 [ 145.366391][ T7061] loop3: detected capacity change from 0 to 256 [ 145.390696][ T7062] loop2: detected capacity change from 0 to 256 [ 145.393447][ T7063] loop0: detected capacity change from 0 to 256 [pid 7064] munmap(0x7fbb60600000, 138412032 [pid 7065] <... write resumed>) = 18 [pid 7064] <... munmap resumed>) = 0 [pid 7065] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7064] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7065] <... futex resumed>) = 0 [pid 7064] <... openat resumed>) = 4 [pid 7064] ioctl(4, LOOP_SET_FD, 3 [pid 7065] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7065] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7065] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7065] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7065] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7065] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7066]}, 88) = 7066 [pid 7065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7065] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7065] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7063] <... ioctl resumed>) = 0 [pid 7063] close(3) = 0 [pid 7063] close(4) = 0 [pid 7063] mkdir("./file2", 0777) = 0 [pid 7063] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, ""./strace-static-x86_64: Process 7066 attached [ 145.423056][ T7061] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.441533][ T7062] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.449673][ T7061] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 145.459855][ T7064] loop4: detected capacity change from 0 to 256 [pid 7066] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7064] <... ioctl resumed>) = 0 [pid 7066] <... rseq resumed>) = 0 [pid 7064] close(3 [pid 7066] set_robust_list(0x7fbb68bde9a0, 24 [pid 7064] <... close resumed>) = 0 [pid 7066] <... set_robust_list resumed>) = 0 [pid 7064] close(4 [pid 7066] rt_sigprocmask(SIG_SETMASK, [], [pid 7064] <... close resumed>) = 0 [pid 7066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7064] mkdir("./file2", 0777 [pid 7066] memfd_create("syzkaller", 0 [pid 7064] <... mkdir resumed>) = 0 [pid 7066] <... memfd_create resumed>) = 3 [pid 7064] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7066] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7061] <... mount resumed>) = 0 [pid 7061] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7061] chdir("./file2" [pid 7066] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7061] <... chdir resumed>) = 0 [pid 7061] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7066] <... write resumed>) = 131072 [pid 7061] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7066] munmap(0x7fbb60600000, 138412032 [pid 7061] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7057] <... futex resumed>) = 0 [pid 7066] <... munmap resumed>) = 0 [pid 7061] mkdir("./file3", 0777 [pid 7057] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7057] <... futex resumed>) = 0 [pid 7066] <... openat resumed>) = 4 [pid 7057] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 145.465389][ T7062] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 145.491462][ T7061] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.502222][ T7066] loop1: detected capacity change from 0 to 256 [ 145.502781][ T7061] exFAT-fs (loop3): Filesystem has been set read-only [pid 7066] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 7061] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7062] <... mount resumed>) = 0 [pid 7062] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7062] chdir("./file2") = 0 [pid 7062] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7062] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7062] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7061] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7057] <... futex resumed>) = ? [pid 7059] <... futex resumed>) = 0 [pid 7061] +++ killed by SIGSEGV +++ [pid 7059] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7057] +++ killed by SIGSEGV +++ [pid 7066] close(3 [pid 7064] <... mount resumed>) = 0 [pid 7062] <... futex resumed>) = 0 [pid 7059] <... futex resumed>) = 1 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7057, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [ 145.515352][ T7064] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.515688][ T7064] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 145.553567][ T7063] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7066] <... close resumed>) = 0 [pid 7062] mkdir("./file3", 0777 [pid 7059] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7066] close(4 [pid 7064] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... restart_syscall resumed>) = 0 [pid 7066] <... close resumed>) = 0 [pid 7066] mkdir("./file2", 0777 [pid 5821] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7066] <... mkdir resumed>) = 0 [pid 5821] getdents64(3, [pid 7066] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7064] <... openat resumed>) = 3 [pid 5821] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7064] chdir("./file2") = 0 [pid 7064] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... umount2 resumed>) = 0 [pid 7064] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5821] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./114/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7064] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] close(4) = 0 [pid 5821] rmdir("./114/file2") = 0 [pid 5821] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./114/binderfs", [pid 7062] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./114/binderfs") = 0 [pid 7064] <... futex resumed>) = 1 [pid 7062] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7060] <... futex resumed>) = 0 [ 145.569027][ T7062] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.584667][ T7062] exFAT-fs (loop2): Filesystem has been set read-only [ 145.592405][ T7066] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.594402][ T7063] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] getdents64(3, [pid 7064] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7060] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7059] <... futex resumed>) = ? [pid 7064] mkdir("./file3", 0777 [pid 7062] +++ killed by SIGSEGV +++ [pid 5821] close(3) = 0 [pid 5821] rmdir("./114") = 0 [pid 5821] mkdir("./115", 0777 [pid 7060] <... futex resumed>) = 0 [pid 7059] +++ killed by SIGSEGV +++ [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7059, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5821] <... ioctl resumed>) = 0 [pid 5821] close(3) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7060] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... restart_syscall resumed>) = 0 [pid 5820] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 5820] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7067 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./111/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7067 attached ) = -1 EINVAL (Invalid argument) [pid 7067] set_robust_list(0x55555eedf6a0, 24 [pid 5820] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7067] <... set_robust_list resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 7067] chdir("./115" [pid 5820] newfstatat(4, "", [pid 7067] <... chdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7067] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7067] <... prctl resumed>) = 0 [pid 5820] getdents64(4, [pid 7067] setpgid(0, 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7067] <... setpgid resumed>) = 0 [pid 5820] close(4 [pid 7067] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... close resumed>) = 0 [pid 7067] <... openat resumed>) = 3 [pid 5820] rmdir("./111/file2" [pid 7067] write(3, "1000", 4 [pid 5820] <... rmdir resumed>) = 0 [pid 7067] <... write resumed>) = 4 [pid 5820] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7067] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7067] <... close resumed>) = 0 [pid 7067] symlink("/dev/binderfs", "./binderfs"executing program [pid 5820] newfstatat(AT_FDCWD, "./111/binderfs", [pid 7067] <... symlink resumed>) = 0 [pid 7067] write(1, "executing program\n", 18 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7067] <... write resumed>) = 18 [pid 7067] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7067] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] unlink("./111/binderfs" [pid 7067] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 7067] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5820] getdents64(3, [pid 7067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] close(3 [pid 7067] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] <... close resumed>) = 0 [pid 7067] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] rmdir("./111" [pid 7067] <... mprotect resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 7067] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] mkdir("./112", 0777) = 0 [pid 7067] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7067] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR./strace-static-x86_64: Process 7068 attached [pid 7067] <... clone3 resumed> => {parent_tid=[7068]}, 88) = 7068 [pid 5820] <... openat resumed>) = 3 [pid 7067] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] ioctl(3, LOOP_CLR_FD [pid 7068] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 7068] <... rseq resumed>) = 0 [pid 7067] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] close(3 [pid 7068] set_robust_list(0x7fbb68bde9a0, 24 [pid 7067] <... futex resumed>) = 0 [pid 7068] <... set_robust_list resumed>) = 0 [pid 7067] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7068] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] <... close resumed>) = 0 [pid 7068] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7068] memfd_create("syzkaller", 0 [pid 7063] <... mount resumed>) = 0 [pid 7068] <... memfd_create resumed>) = 3 [pid 7068] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7063] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7068] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7063] <... openat resumed>) = 3 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7063] chdir("./file2"./strace-static-x86_64: Process 7069 attached ) = 0 [pid 7063] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7063] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [ 145.630303][ T7064] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.648123][ T7066] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 145.666303][ T7064] exFAT-fs (loop4): Filesystem has been set read-only [pid 7069] set_robust_list(0x55555eedf6a0, 24 [pid 7063] <... futex resumed>) = 1 [pid 7058] <... futex resumed>) = 0 [pid 7069] <... set_robust_list resumed>) = 0 [pid 7060] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7058] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7069 [pid 7069] chdir("./112" [pid 7063] mkdir("./file3", 0777 [pid 7060] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7058] <... futex resumed>) = 0 [pid 7069] <... chdir resumed>) = 0 [pid 7068] <... write resumed>) = 131072 [pid 7069] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7068] munmap(0x7fbb60600000, 138412032 [pid 7069] <... prctl resumed>) = 0 [pid 7068] <... munmap resumed>) = 0 [pid 7069] setpgid(0, 0 [pid 7068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7069] <... setpgid resumed>) = 0 [pid 7068] <... openat resumed>) = 4 [pid 7069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7068] ioctl(4, LOOP_SET_FD, 3executing program [pid 7069] <... openat resumed>) = 3 [pid 7066] <... mount resumed>) = 0 [pid 7064] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7060] <... futex resumed>) = 0 [pid 7058] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7066] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7064] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7069] write(3, "1000", 4 [pid 7066] <... openat resumed>) = 3 [pid 7060] <... mmap resumed>) = ? [pid 7069] <... write resumed>) = 4 [pid 7066] chdir("./file2") = 0 [pid 7069] close(3 [pid 7066] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7069] <... close resumed>) = 0 [pid 7069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7069] write(1, "executing program\n", 18) = 18 [pid 7069] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7068] <... ioctl resumed>) = 0 [pid 7069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7068] close(3 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7068] <... close resumed>) = 0 [pid 7066] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7069] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7069] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7068] close(4 [pid 7069] <... mprotect resumed>) = 0 [pid 7068] <... close resumed>) = 0 [pid 7069] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7068] mkdir("./file2", 0777 [pid 7069] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7068] <... mkdir resumed>) = 0 [pid 7069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7068] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7066] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] <... clone3 resumed> => {parent_tid=[7070]}, 88) = 7070 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], [pid 7066] <... futex resumed>) = 1 [pid 7065] <... futex resumed>) = 0 [pid 7069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7069] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7066] mkdir("./file3", 0777 [pid 7065] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7069] <... futex resumed>) = 0 [pid 7065] <... futex resumed>) = 0 [pid 7069] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7070 attached [pid 7065] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7070] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 7070] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7070] memfd_create("syzkaller", 0) = 3 [pid 7070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 145.694537][ T7063] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.707773][ T7068] loop3: detected capacity change from 0 to 256 [ 145.727469][ T7066] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.733751][ T7063] exFAT-fs (loop0): Filesystem has been set read-only [pid 7070] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 7064] +++ killed by SIGSEGV +++ [pid 7060] +++ killed by SIGSEGV +++ [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7060, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 5822] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7070] munmap(0x7fbb60600000, 138412032 [pid 5822] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7070] <... munmap resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 7070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5822] newfstatat(3, "", [pid 7070] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7070] ioctl(4, LOOP_SET_FD, 3 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7070] <... ioctl resumed>) = 0 [pid 7066] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7063] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7058] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... umount2 resumed>) = 0 [pid 5822] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./114/file2", [pid 7066] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7063] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7070] close(3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7070] <... close resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7070] close(4 [pid 5822] <... openat resumed>) = 4 [pid 7070] <... close resumed>) = 0 [pid 5822] newfstatat(4, "", [pid 7070] mkdir("./file2", 0777 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7070] <... mkdir resumed>) = 0 [pid 7063] +++ killed by SIGSEGV +++ [pid 5822] getdents64(4, [pid 7070] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [ 145.750452][ T7070] loop2: detected capacity change from 0 to 256 [ 145.760130][ T7066] exFAT-fs (loop1): Filesystem has been set read-only [ 145.766586][ T7068] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] rmdir("./114/file2" [pid 7065] <... futex resumed>) = ? [pid 7058] +++ killed by SIGSEGV +++ [pid 5822] <... rmdir resumed>) = 0 [pid 7066] +++ killed by SIGSEGV +++ [pid 7065] +++ killed by SIGSEGV +++ [pid 5822] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7058, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7065, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./114/binderfs" [pid 5819] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... unlink resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] getdents64(3, [pid 5819] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5822] close(3 [pid 5819] newfstatat(3, "", [pid 5822] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] rmdir("./114" [pid 5819] getdents64(3, [pid 5822] <... rmdir resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] mkdir("./115", 0777 [pid 5819] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... mkdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... openat resumed>) = 3 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] newfstatat(AT_FDCWD, "./114/file2", [pid 5822] <... ioctl resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] close(3 [pid 5819] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... close resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./114/file2") = 0 [pid 5819] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7071 attached [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7071 [pid 5819] newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./114/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./114") = 0 [pid 7071] set_robust_list(0x55555eedf6a0, 24 [pid 5819] mkdir("./115", 0777) = 0 [pid 7071] <... set_robust_list resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [ 145.802300][ T7070] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 145.809636][ T7068] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7071] chdir("./115" [pid 5819] <... close resumed>) = 0 [pid 7071] <... chdir resumed>) = 0 [pid 5818] umount2("./110", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7071] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7072 attached [pid 7071] <... prctl resumed>) = 0 [pid 7068] <... mount resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7072 [pid 5818] <... openat resumed>) = 3 [pid 7068] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] newfstatat(3, "", [pid 7072] set_robust_list(0x55555eedf6a0, 24 [pid 7071] setpgid(0, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7072] <... set_robust_list resumed>) = 0 [pid 7071] <... setpgid resumed>) = 0 [pid 5818] getdents64(3, [pid 7072] chdir("./115" [pid 7071] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7072] <... chdir resumed>) = 0 [pid 7071] <... openat resumed>) = 3 [pid 7068] <... openat resumed>) = 3 [pid 5818] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7072] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7071] write(3, "1000", 4 [pid 7072] <... prctl resumed>) = 0 [pid 7071] <... write resumed>) = 4 [pid 7072] setpgid(0, 0 [pid 7071] close(3 [pid 7072] <... setpgid resumed>) = 0 [pid 7071] <... close resumed>) = 0 executing program [pid 7072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7071] symlink("/dev/binderfs", "./binderfs" [pid 7072] <... openat resumed>) = 3 [pid 7071] <... symlink resumed>) = 0 [pid 7071] write(1, "executing program\n", 18) = 18 [pid 7071] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7072] write(3, "1000", 4 [pid 7071] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7072] <... write resumed>) = 4 [pid 7071] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7072] close(3 [pid 7071] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7072] <... close resumed>) = 0 [pid 7071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] symlink("/dev/binderfs", "./binderfs" [pid 7071] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7072] <... symlink resumed>) = 0 [pid 7071] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7071] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 executing program [pid 7071] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7072] write(1, "executing program\n", 18 [pid 7071] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7072] <... write resumed>) = 18 [pid 7072] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7072] <... futex resumed>) = 0 [pid 7072] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7071] <... clone3 resumed> => {parent_tid=[7073]}, 88) = 7073 [pid 7072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7071] rt_sigprocmask(SIG_SETMASK, [], [pid 7070] <... mount resumed>) = 0 [pid 7072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7071] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7072] <... mprotect resumed>) = 0 [pid 7071] <... futex resumed>) = 0 [pid 7070] <... openat resumed>) = 3 [pid 7072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7071] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7070] chdir("./file2"./strace-static-x86_64: Process 7073 attached [pid 7068] chdir("./file2" [pid 5818] <... umount2 resumed>) = 0 [pid 7070] <... chdir resumed>) = 0 [pid 7072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7070] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7070] <... openat resumed>) = -1 EBUSY (Device or resource busy) ./strace-static-x86_64: Process 7074 attached [pid 7074] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7070] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7073] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7068] <... chdir resumed>) = 0 [pid 7074] <... rseq resumed>) = 0 [pid 7072] <... clone3 resumed> => {parent_tid=[7074]}, 88) = 7074 [pid 7074] set_robust_list(0x7fbb68bde9a0, 24 [pid 7070] <... futex resumed>) = 1 [pid 7069] <... futex resumed>) = 0 [pid 7074] <... set_robust_list resumed>) = 0 [pid 7072] rt_sigprocmask(SIG_SETMASK, [], [pid 7070] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7069] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7074] rt_sigprocmask(SIG_SETMASK, [], [pid 7072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7069] <... futex resumed>) = 0 [pid 7074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7072] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7070] mkdir("./file3", 0777 [pid 7069] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7074] memfd_create("syzkaller", 0 [pid 7072] <... futex resumed>) = 0 [ 145.847794][ T7070] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7073] <... rseq resumed>) = 0 [pid 7068] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7074] <... memfd_create resumed>) = 3 [pid 7073] set_robust_list(0x7fbb68bde9a0, 24 [pid 7072] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7073] <... set_robust_list resumed>) = 0 [pid 7068] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] newfstatat(AT_FDCWD, "./110/file2", [pid 7073] rt_sigprocmask(SIG_SETMASK, [], [pid 7074] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7068] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7074] <... mmap resumed>) = 0x7fbb60600000 [pid 7073] memfd_create("syzkaller", 0 [pid 7068] <... futex resumed>) = 1 [pid 5818] umount2("./110/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7073] <... memfd_create resumed>) = 3 [pid 7068] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7074] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7073] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] openat(AT_FDCWD, "./110/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7067] <... futex resumed>) = 0 [pid 7067] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7073] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7067] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7068] <... futex resumed>) = 0 [pid 5818] <... openat resumed>) = 4 [pid 7074] <... write resumed>) = 131072 [pid 7073] <... write resumed>) = 131072 [pid 7068] mkdir("./file3", 0777 [pid 5818] newfstatat(4, "", [pid 7073] munmap(0x7fbb60600000, 138412032 [pid 7074] munmap(0x7fbb60600000, 138412032 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7074] <... munmap resumed>) = 0 [pid 7073] <... munmap resumed>) = 0 [pid 5818] getdents64(4, [pid 7074] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7074] ioctl(4, LOOP_SET_FD, 3 [pid 7073] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 7073] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7073] ioctl(4, LOOP_SET_FD, 3 [pid 5818] close(4) = 0 [ 145.895975][ T7070] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.917008][ T7068] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 145.919449][ T7074] loop1: detected capacity change from 0 to 256 [ 145.934236][ T7073] loop4: detected capacity change from 0 to 256 [pid 5818] rmdir("./110/file2" [pid 7069] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7069] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7069] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[7075]}, 88) = 7075 [pid 7069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7073] <... ioctl resumed>) = 0 [pid 5818] umount2("./110/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7073] close(3 [pid 7069] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7073] <... close resumed>) = 0 [pid 7069] <... futex resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./110/binderfs", [pid 7073] close(4 [pid 7069] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7073] <... close resumed>) = 0 [pid 5818] unlink("./110/binderfs") = 0 [pid 5818] getdents64(3, [pid 7073] mkdir("./file2", 0777./strace-static-x86_64: Process 7075 attached [pid 7074] <... ioctl resumed>) = 0 [pid 7070] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7068] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7067] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7075] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7067] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] close(3 [pid 7075] <... rseq resumed>) = 0 [pid 7067] <... futex resumed>) = 0 [pid 7075] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7074] close(3 [pid 7067] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7075] <... set_robust_list resumed>) = 0 [pid 7074] <... close resumed>) = 0 [pid 7070] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7068] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7067] <... mmap resumed>) = 0 [pid 7074] close(4) = 0 [pid 7074] mkdir("./file2", 0777 [pid 7069] <... futex resumed>) = ? [pid 7075] +++ killed by SIGSEGV +++ [pid 7074] <... mkdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 7073] <... mkdir resumed>) = 0 [pid 5818] rmdir("./110" [pid 7073] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7074] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... rmdir resumed>) = 0 [pid 7068] +++ killed by SIGSEGV +++ [pid 7067] +++ killed by SIGSEGV +++ [pid 5818] mkdir("./111", 0777 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7067, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 5818] close(3 [pid 5821] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7076 [pid 5821] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7076 attached ) = 3 [pid 7076] set_robust_list(0x55555eedf6a0, 24 [pid 5821] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7070] +++ killed by SIGSEGV +++ [pid 7069] +++ killed by SIGSEGV +++ [ 145.934632][ T7070] exFAT-fs (loop2): Filesystem has been set read-only [ 145.945147][ T7068] exFAT-fs (loop3): Filesystem has been set read-only [pid 5821] getdents64(3, [pid 7076] <... set_robust_list resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7069, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 7076] chdir("./111" [pid 5821] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... restart_syscall resumed>) = 0 [pid 7076] <... chdir resumed>) = 0 [pid 7076] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] <... umount2 resumed>) = 0 [pid 5821] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7076] <... prctl resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7076] setpgid(0, 0 [pid 5821] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7076] <... setpgid resumed>) = 0 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] getdents64(4, [pid 7076] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./115/file2") = 0 [ 146.002175][ T7074] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.020364][ T7073] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.034034][ T7074] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7076] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 3 [pid 5821] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./115/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7076] write(3, "1000", 4 [pid 7074] <... mount resumed>) = 0 [pid 7073] <... mount resumed>) = 0 [pid 5821] close(3 [pid 5820] newfstatat(3, "", [pid 7073] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5821] <... close resumed>) = 0 [pid 7076] <... write resumed>) = 4 [pid 7074] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7073] <... openat resumed>) = 3 [pid 5821] rmdir("./115" [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7076] close(3 [pid 7074] <... openat resumed>) = 3 [pid 7073] chdir("./file2" [pid 5821] <... rmdir resumed>) = 0 [pid 7073] <... chdir resumed>) = 0 [pid 7074] chdir("./file2" [pid 7076] <... close resumed>) = 0 [pid 7073] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] getdents64(3, [pid 7076] symlink("/dev/binderfs", "./binderfs" [pid 7074] <... chdir resumed>) = 0 [pid 7073] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7073] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5821] mkdir("./116", 0777 [pid 7073] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWRexecuting program [pid 7076] <... symlink resumed>) = 0 [pid 7074] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7071] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7076] write(1, "executing program\n", 18) = 18 [pid 7074] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7071] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 5820] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7076] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7074] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7073] <... futex resumed>) = 0 [pid 7071] <... futex resumed>) = 1 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7076] <... futex resumed>) = 0 [pid 7074] <... futex resumed>) = 1 [pid 7073] mkdir("./file3", 0777 [pid 7072] <... futex resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 7076] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7074] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7072] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... umount2 resumed>) = 0 [pid 7076] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7074] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7072] <... futex resumed>) = 0 [pid 5820] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7076] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7074] mkdir("./file3", 0777 [pid 7072] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(AT_FDCWD, "./112/file2", [pid 7076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7076] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5820] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7076] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7076] <... mprotect resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7076] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] close(3 [pid 7076] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7077]}, 88) = 7077 [pid 5820] <... openat resumed>) = 4 [pid 7076] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] newfstatat(4, "", ./strace-static-x86_64: Process 7077 attached [pid 7076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7077] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7076] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [ 146.048947][ T7073] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 146.079483][ T7073] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.088889][ T7074] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5820] getdents64(4, [pid 7077] <... rseq resumed>) = 0 [pid 7076] <... futex resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7077] set_robust_list(0x7fbb68bde9a0, 24 [pid 7076] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] getdents64(4, [pid 7077] <... set_robust_list resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7077] rt_sigprocmask(SIG_SETMASK, [], [pid 5820] close(4 [pid 7077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] <... close resumed>) = 0 [pid 7077] memfd_create("syzkaller", 0 [pid 5820] rmdir("./112/file2" [pid 7077] <... memfd_create resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 7077] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5820] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7077] <... mmap resumed>) = 0x7fbb60600000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./112/binderfs") = 0 [pid 5820] getdents64(3, [pid 7077] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7077] <... write resumed>) = 131072 [pid 5820] close(3) = 0 [pid 5820] rmdir("./112") = 0 [pid 5820] mkdir("./113", 0777) = 0 [pid 7077] munmap(0x7fbb60600000, 138412032 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7077] <... munmap resumed>) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 7077] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] close(3 [pid 7077] <... openat resumed>) = 4 [pid 5820] <... close resumed>) = 0 ./strace-static-x86_64: Process 7078 attached [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7078 [ 146.088979][ T7073] exFAT-fs (loop4): Filesystem has been set read-only [pid 7077] ioctl(4, LOOP_SET_FD, 3 [pid 7078] set_robust_list(0x55555eedf6a0, 24 [pid 7073] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7072] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7071] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7079 attached [pid 7078] <... set_robust_list resumed>) = 0 [pid 7073] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7072] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7071] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7072] <... futex resumed>) = 0 [pid 7071] <... futex resumed>) = 0 [pid 7078] chdir("./116" [pid 7072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7073] +++ killed by SIGSEGV +++ [pid 7072] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7079] set_robust_list(0x55555eedf6a0, 24 [pid 7072] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7079 [pid 7079] <... set_robust_list resumed>) = 0 [pid 7072] <... mprotect resumed>) = 0 [pid 7079] chdir("./113" [pid 7072] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7079] <... chdir resumed>) = 0 [pid 7072] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7079] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 7080 attached [pid 7079] <... prctl resumed>) = 0 [pid 7078] <... chdir resumed>) = 0 [pid 7071] +++ killed by SIGSEGV +++ [pid 7079] setpgid(0, 0 [pid 7072] <... clone3 resumed> => {parent_tid=[7080]}, 88) = 7080 [pid 7080] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7079] <... setpgid resumed>) = 0 [pid 7078] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7072] rt_sigprocmask(SIG_SETMASK, [], [pid 7079] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7071, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7079] <... openat resumed>) = 3 [pid 7072] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 7079] write(3, "1000", 4 [pid 7072] <... futex resumed>) = 0 [pid 7079] <... write resumed>) = 4 [pid 7072] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}executing program [pid 7079] close(3) = 0 [pid 7079] symlink("/dev/binderfs", "./binderfs" [pid 7080] <... rseq resumed>) = 0 [pid 7079] <... symlink resumed>) = 0 [pid 7078] <... prctl resumed>) = 0 [pid 7079] write(1, "executing program\n", 18) = 18 [pid 7078] setpgid(0, 0 [pid 7080] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7079] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... setpgid resumed>) = 0 [pid 7079] <... futex resumed>) = 0 [pid 7080] <... set_robust_list resumed>) = 0 [pid 7079] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7077] <... ioctl resumed>) = 0 [pid 7080] rt_sigprocmask(SIG_SETMASK, [], [pid 7079] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7078] <... openat resumed>) = 3 [pid 7077] close(3 [pid 5822] <... restart_syscall resumed>) = 0 [pid 7080] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7079] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7078] write(3, "1000", 4 [pid 7077] <... close resumed>) = 0 [pid 7080] openat(AT_FDCWD, ".", O_RDONLY [pid 7079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7078] <... write resumed>) = 4 [pid 7077] close(4 [pid 7074] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7080] <... openat resumed>) = 4 [pid 7079] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7078] close(3 [pid 7077] <... close resumed>) = 0 [pid 7074] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7079] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7077] mkdir("./file2", 0777 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7079] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7078] <... close resumed>) = 0 [pid 7077] <... mkdir resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7079] <... mprotect resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 7079] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7078] symlink("/dev/binderfs", "./binderfs" [pid 7077] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7072] <... futex resumed>) = ? [pid 5822] newfstatat(3, "", [pid 7080] +++ killed by SIGSEGV +++ [pid 7079] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7078] <... symlink resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7079] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}executing program [pid 7078] write(1, "executing program\n", 18 [pid 5822] getdents64(3, ./strace-static-x86_64: Process 7081 attached [pid 7078] <... write resumed>) = 18 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7079] <... clone3 resumed> => {parent_tid=[7081]}, 88) = 7081 [pid 7078] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7081] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7079] rt_sigprocmask(SIG_SETMASK, [], [pid 7078] <... futex resumed>) = 0 [pid 7081] <... rseq resumed>) = 0 [pid 7079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7078] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... umount2 resumed>) = 0 [pid 7081] set_robust_list(0x7fbb68bde9a0, 24 [pid 7079] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] <... rt_sigaction resumed>NULL, 8) = 0 [ 146.124985][ T7077] loop0: detected capacity change from 0 to 256 [ 146.131506][ T7074] exFAT-fs (loop1): Filesystem has been set read-only [pid 7081] <... set_robust_list resumed>) = 0 [pid 7079] <... futex resumed>) = 0 [pid 7078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7074] +++ killed by SIGSEGV +++ [pid 7072] +++ killed by SIGSEGV +++ [pid 5822] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7072, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7081] rt_sigprocmask(SIG_SETMASK, [], [pid 7078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7078] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 4 [pid 5819] <... openat resumed>) = 3 [pid 7081] memfd_create("syzkaller", 0 [pid 7078] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(4, "", [pid 5819] newfstatat(3, "", [pid 7081] <... memfd_create resumed>) = 3 [pid 7078] <... mprotect resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, [pid 5819] getdents64(3, [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7081] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7079] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7078] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] getdents64(4, [pid 5819] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7081] <... mmap resumed>) = 0x7fbb60600000 [pid 7078] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7082]}, 88) = 7082 ./strace-static-x86_64: Process 7082 attached [pid 7081] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7078] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... umount2 resumed>) = 0 [pid 5819] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./115/file2", [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] close(4 [pid 5819] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7082] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] newfstatat(4, "", [pid 7082] <... rseq resumed>) = 0 [pid 7078] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7082] set_robust_list(0x7fbb68bde9a0, 24 [pid 7078] <... futex resumed>) = 0 [pid 5822] rmdir("./115/file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7082] <... set_robust_list resumed>) = 0 [pid 7078] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7081] <... write resumed>) = 131072 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] getdents64(4, [pid 5822] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(4, [pid 7082] memfd_create("syzkaller", 0 [pid 7081] munmap(0x7fbb60600000, 138412032 [pid 7082] <... memfd_create resumed>) = 3 [pid 5822] newfstatat(AT_FDCWD, "./115/binderfs", [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7081] <... munmap resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] close(4 [pid 7082] <... mmap resumed>) = 0x7fbb60600000 [pid 7081] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./115/file2" [pid 7082] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7081] <... openat resumed>) = 4 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] unlink("./115/binderfs") = 0 [pid 5819] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] newfstatat(AT_FDCWD, "./115/binderfs", [pid 7081] ioctl(4, LOOP_SET_FD, 3 [pid 5822] close(3 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] unlink("./115/binderfs" [pid 5822] rmdir("./115" [pid 5819] <... unlink resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5819] getdents64(3, [pid 5822] mkdir("./116", 0777 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5819] close(3) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] rmdir("./115" [pid 5822] <... openat resumed>) = 3 [pid 5819] <... rmdir resumed>) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] mkdir("./116", 0777 [pid 5822] <... ioctl resumed>) = 0 [pid 7082] <... write resumed>) = 131072 [pid 5822] close(3 [pid 5819] <... mkdir resumed>) = 0 [pid 7082] munmap(0x7fbb60600000, 138412032) = 0 [pid 5822] <... close resumed>) = 0 [pid 7082] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7082] <... openat resumed>) = 4 [pid 5819] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD) = 0 [pid 5819] close(3 [ 146.202127][ T7077] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.234955][ T7081] loop2: detected capacity change from 0 to 256 [pid 7082] ioctl(4, LOOP_SET_FD, 3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 7083 ./strace-static-x86_64: Process 7083 attached [pid 7081] <... ioctl resumed>) = 0 [pid 7077] <... mount resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 7081] close(3 [pid 7083] set_robust_list(0x55555eedf6a0, 24 [pid 7081] <... close resumed>) = 0 [pid 7077] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7084 attached [pid 7083] <... set_robust_list resumed>) = 0 [pid 7082] <... ioctl resumed>) = 0 [pid 7081] close(4 [pid 7077] <... openat resumed>) = 3 [pid 7084] set_robust_list(0x55555eedf6a0, 24 [pid 7083] chdir("./116" [pid 7082] close(3 [pid 7081] <... close resumed>) = 0 [pid 7077] chdir("./file2" [pid 7084] <... set_robust_list resumed>) = 0 [pid 7082] <... close resumed>) = 0 [pid 7077] <... chdir resumed>) = 0 [pid 7082] close(4 [pid 7077] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7082] <... close resumed>) = 0 [pid 7077] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7084] chdir("./116" [pid 7082] mkdir("./file2", 0777 [pid 7081] mkdir("./file2", 0777 [pid 7077] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] <... chdir resumed>) = 0 [pid 7082] <... mkdir resumed>) = 0 [pid 7081] <... mkdir resumed>) = 0 [pid 7077] <... futex resumed>) = 1 [pid 7076] <... futex resumed>) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7084 [pid 7084] <... chdir resumed>) = 0 [pid 7083] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7081] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7077] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7084] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7083] <... prctl resumed>) = 0 [pid 7082] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7076] <... futex resumed>) = 0 [pid 7084] <... prctl resumed>) = 0 [pid 7083] setpgid(0, 0 [pid 7077] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7084] setpgid(0, 0 [pid 7083] <... setpgid resumed>) = 0 [pid 7077] mkdir("./file3", 0777 [pid 7084] <... setpgid resumed>) = 0 [ 146.248503][ T7077] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 146.253560][ T7082] loop3: detected capacity change from 0 to 256 [pid 7083] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7083] <... openat resumed>) = 3 [pid 7083] write(3, "1000", 4) = 4 [pid 7083] close(3) = 0 executing program [pid 7083] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7083] write(1, "executing program\n", 18) = 18 [pid 7083] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7084] write(3, "1000", 4 [pid 7083] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7084] <... write resumed>) = 4 [pid 7083] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7083] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7083] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7084] close(3 [pid 7083] <... mprotect resumed>) = 0 [pid 7076] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7076] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7076] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7083] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7076] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7083] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7076] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7083] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7076] <... mprotect resumed>) = 0 [ 146.303370][ T7077] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.313051][ T7082] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.323685][ T7081] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.342411][ T7077] exFAT-fs (loop0): Filesystem has been set read-only [pid 7076] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7076] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7083] <... clone3 resumed> => {parent_tid=[7085]}, 88) = 7085 [pid 7083] rt_sigprocmask(SIG_SETMASK, [], [pid 7076] <... clone3 resumed> => {parent_tid=[7086]}, 88) = 7086 [pid 7083] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7076] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7085 attached [pid 7083] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7083] <... futex resumed>) = 0 [pid 7076] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7076] <... futex resumed>) = 0 [pid 7085] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7076] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7085] <... rseq resumed>) = 0 [pid 7084] <... close resumed>) = 0 [pid 7084] symlink("/dev/binderfs", "./binderfs" [pid 7085] set_robust_list(0x7fbb68bde9a0, 24executing program ./strace-static-x86_64: Process 7086 attached ) = 0 [pid 7084] <... symlink resumed>) = 0 [pid 7086] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7084] write(1, "executing program\n", 18 [pid 7086] <... rseq resumed>) = 0 [pid 7084] <... write resumed>) = 18 [pid 7086] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7084] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... set_robust_list resumed>) = 0 [pid 7086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7086] openat(AT_FDCWD, ".", O_RDONLY [pid 7085] rt_sigprocmask(SIG_SETMASK, [], [pid 7086] <... openat resumed>) = 4 [pid 7086] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7086] <... futex resumed>) = 1 [pid 7076] <... futex resumed>) = 0 [pid 7086] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7076] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7086] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7076] <... futex resumed>) = 0 [pid 7086] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7076] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7086] <... ioctl resumed>) = 0 [pid 7085] memfd_create("syzkaller", 0 [pid 7077] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7086] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7085] <... memfd_create resumed>) = 3 [pid 7077] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7086] <... futex resumed>) = ? [pid 7085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7076] <... futex resumed>) = ? [pid 7086] +++ killed by SIGSEGV +++ [pid 7085] <... mmap resumed>) = 0x7fbb60600000 [pid 7077] +++ killed by SIGSEGV +++ [pid 7076] +++ killed by SIGSEGV +++ [pid 7085] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7076, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5818] umount2("./111", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7084] <... futex resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7084] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7085] <... write resumed>) = 131072 [pid 7084] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] <... openat resumed>) = 3 [pid 7084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] newfstatat(3, "", [pid 7084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7084] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5818] getdents64(3, [pid 7084] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7084] <... mprotect resumed>) = 0 [pid 5818] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7085] munmap(0x7fbb60600000, 138412032 [pid 7084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7085] <... munmap resumed>) = 0 [pid 7084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7085] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 146.347857][ T7082] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 146.361543][ T7081] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7085] ioctl(4, LOOP_SET_FD, 3 [pid 7081] <... mount resumed>) = 0 ./strace-static-x86_64: Process 7087 attached [pid 7082] <... mount resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 7084] <... clone3 resumed> => {parent_tid=[7087]}, 88) = 7087 [pid 5818] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7084] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] newfstatat(AT_FDCWD, "./111/file2", [pid 7084] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7084] <... futex resumed>) = 0 [pid 5818] umount2("./111/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7084] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./111/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7087] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7082] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7081] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5818] <... openat resumed>) = 4 [pid 7087] <... rseq resumed>) = 0 [pid 7082] <... openat resumed>) = 3 [pid 7081] <... openat resumed>) = 3 [pid 5818] newfstatat(4, "", [pid 7082] chdir("./file2" [pid 7081] chdir("./file2" [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7087] set_robust_list(0x7fbb68bde9a0, 24 [pid 7082] <... chdir resumed>) = 0 [pid 7081] <... chdir resumed>) = 0 [pid 5818] getdents64(4, [pid 7087] <... set_robust_list resumed>) = 0 [pid 7082] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7081] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4 [pid 7087] rt_sigprocmask(SIG_SETMASK, [], [pid 7082] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7081] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5818] <... close resumed>) = 0 [pid 7087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7082] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7081] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] memfd_create("syzkaller", 0 [pid 7082] <... futex resumed>) = 1 [pid 7081] <... futex resumed>) = 1 [pid 7079] <... futex resumed>) = 0 [pid 7078] <... futex resumed>) = 0 [pid 5818] rmdir("./111/file2" [pid 7087] <... memfd_create resumed>) = 3 [pid 7085] <... ioctl resumed>) = 0 [pid 7082] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7081] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7079] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7078] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7087] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7085] close(3 [pid 7082] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7081] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7079] <... futex resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7087] <... mmap resumed>) = 0x7fbb60600000 [pid 7082] mkdir("./file3", 0777 [pid 7081] mkdir("./file3", 0777 [pid 7079] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7078] <... futex resumed>) = 0 [pid 7085] <... close resumed>) = 0 [pid 7087] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7078] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5818] umount2("./111/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] unlink("./111/binderfs" [pid 7085] close(4 [pid 5818] <... unlink resumed>) = 0 [pid 7085] <... close resumed>) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3) = 0 [pid 5818] rmdir("./111") = 0 [ 146.399062][ T7085] loop4: detected capacity change from 0 to 256 [ 146.433610][ T7082] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5818] mkdir("./112", 0777 [pid 7085] mkdir("./file2", 0777) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7087] <... write resumed>) = 131072 [pid 7085] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... ioctl resumed>) = 0 [pid 5818] close(3 [pid 7087] munmap(0x7fbb60600000, 138412032 [pid 5818] <... close resumed>) = 0 [pid 7087] <... munmap resumed>) = 0 [pid 7082] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7082] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7078] <... futex resumed>) = ? [pid 7082] +++ killed by SIGSEGV +++ [pid 7078] +++ killed by SIGSEGV +++ [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7088 attached , child_tidptr=0x55555eedf690) = 7088 [pid 7088] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 7088] chdir("./112") = 0 [pid 7088] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7088] setpgid(0, 0) = 0 [pid 7079] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7088] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7087] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7081] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7088] <... openat resumed>) = 3 [ 146.444255][ T7081] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.446902][ T7082] exFAT-fs (loop3): Filesystem has been set read-only [ 146.475800][ T7085] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.488159][ T7081] exFAT-fs (loop2): Filesystem has been set read-only [pid 7088] write(3, "1000", 4 [pid 7087] <... openat resumed>) = 4 [pid 7085] <... mount resumed>) = 0 [pid 7081] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7079] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7078, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7079] <... futex resumed>) = 0 [pid 7079] ???( [pid 5821] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7079] <... ??? resumed>) = ? [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7081] +++ killed by SIGSEGV +++ [pid 7088] <... write resumed>) = 4 [pid 7088] close(3) = 0 [pid 7088] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7079] +++ killed by SIGSEGV +++ [pid 7088] write(1, "executing program\n", 18 [pid 5821] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7087] ioctl(4, LOOP_SET_FD, 3 [pid 7085] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7088] <... write resumed>) = 18 [pid 7085] <... openat resumed>) = 3 [pid 5821] <... openat resumed>) = 3 [pid 7088] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7088] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7088] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7088] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7088] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7087] <... ioctl resumed>) = 0 [pid 7085] chdir("./file2" [pid 5821] newfstatat(3, "", [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7079, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7087] close(3 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 7085] <... chdir resumed>) = 0 [pid 7088] <... mprotect resumed>) = 0 [pid 7087] <... close resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 7088] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7087] close(4 [pid 7085] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7087] <... close resumed>) = 0 [pid 7085] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7087] mkdir("./file2", 0777 [pid 7085] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(3, [pid 7088] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7088] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7089 attached => {parent_tid=[7089]}, 88) = 7089 [pid 7087] <... mkdir resumed>) = 0 [pid 7085] <... futex resumed>) = 1 [pid 7083] <... futex resumed>) = 0 [pid 5820] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7089] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7088] rt_sigprocmask(SIG_SETMASK, [], [pid 7087] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7085] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7083] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7089] <... rseq resumed>) = 0 [pid 7088] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7085] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7083] <... futex resumed>) = 0 [pid 5821] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7089] set_robust_list(0x7fbb68bde9a0, 24 [pid 7088] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7083] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7089] <... set_robust_list resumed>) = 0 [pid 7088] <... futex resumed>) = 0 [ 146.496524][ T7085] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 146.514456][ T7087] loop1: detected capacity change from 0 to 256 [pid 7089] rt_sigprocmask(SIG_SETMASK, [], [pid 7088] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7085] mkdir("./file3", 0777 [pid 5820] <... openat resumed>) = 3 [pid 7089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5820] newfstatat(3, "", [pid 7089] memfd_create("syzkaller", 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7089] <... memfd_create resumed>) = 3 [pid 5820] getdents64(3, [pid 7089] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7089] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = 0 [pid 7089] munmap(0x7fbb60600000, 138412032) = 0 [pid 7089] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 7089] ioctl(4, LOOP_SET_FD, 3 [pid 7085] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./113/file2", [pid 7083] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5821] getdents64(4, [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7083] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7083] <... futex resumed>) = 0 [pid 5821] getdents64(4, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7089] <... ioctl resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7089] close(3) = 0 [pid 7085] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7083] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 4 [pid 7089] close(4 [pid 5820] newfstatat(4, "", [pid 7089] <... close resumed>) = 0 [pid 7089] mkdir("./file2", 0777 [pid 7083] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5821] close(4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7083] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... close resumed>) = 0 [pid 7083] <... mprotect resumed>) = 0 [pid 5821] rmdir("./116/file2" [pid 7089] <... mkdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] getdents64(4, [pid 5821] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] getdents64(4, [pid 5821] newfstatat(AT_FDCWD, "./116/binderfs", [pid 7089] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] close(4 [pid 5821] unlink("./116/binderfs" [pid 5820] <... close resumed>) = 0 [pid 7085] +++ killed by SIGSEGV +++ [pid 7083] +++ killed by SIGSEGV +++ [pid 5821] <... unlink resumed>) = 0 [pid 5820] rmdir("./113/file2" [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7083, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] getdents64(3, [pid 5820] <... rmdir resumed>) = 0 [pid 5822] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(AT_FDCWD, "./113/binderfs", [pid 5821] close(3 [pid 5822] <... openat resumed>) = 3 [pid 5822] newfstatat(3, "", [pid 5821] <... close resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] unlink("./113/binderfs" [pid 5822] getdents64(3, [pid 5821] rmdir("./116" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5822] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(3, [pid 5821] mkdir("./117", 0777 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 146.543369][ T7085] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.551831][ T7087] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.565659][ T7085] exFAT-fs (loop4): Filesystem has been set read-only [ 146.568430][ T7089] loop0: detected capacity change from 0 to 256 [ 146.575638][ T7087] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] <... mkdir resumed>) = 0 [pid 5820] close(3 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... close resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5820] rmdir("./113" [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] <... rmdir resumed>) = 0 [pid 7087] <... mount resumed>) = 0 [pid 5820] mkdir("./114", 0777./strace-static-x86_64: Process 7090 attached [pid 7087] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 7090] set_robust_list(0x55555eedf6a0, 24 [pid 5822] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7090] <... set_robust_list resumed>) = 0 [pid 7087] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 3 [pid 7087] chdir("./file2" [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7090 [pid 7087] <... chdir resumed>) = 0 [pid 7087] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7087] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7090] chdir("./117" [pid 7089] <... mount resumed>) = 0 [pid 7087] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7084] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./116/file2", [pid 5820] ioctl(3, LOOP_CLR_FD [pid 7090] <... chdir resumed>) = 0 [pid 7089] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7084] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7084] <... futex resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 7089] <... openat resumed>) = 3 [pid 7090] <... prctl resumed>) = 0 [pid 7084] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7090] setpgid(0, 0 [pid 7089] chdir("./file2" [pid 5820] close(3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7089] <... chdir resumed>) = 0 [pid 7087] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7087] mkdir("./file3", 0777 [pid 7090] <... setpgid resumed>) = 0 [pid 7089] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7089] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... openat resumed>) = 4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5822] newfstatat(4, "", ./strace-static-x86_64: Process 7091 attached [pid 7090] <... openat resumed>) = 3 [pid 7089] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7091] set_robust_list(0x55555eedf6a0, 24 [pid 7090] write(3, "1000", 4 [pid 5822] getdents64(4, [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7091 [pid 7091] <... set_robust_list resumed>) = 0 [pid 7090] <... write resumed>) = 4 [pid 7089] <... futex resumed>) = 1 [pid 7088] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7090] close(3 [pid 7088] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(4, [pid 7090] <... close resumed>) = 0 [pid 7089] mkdir("./file3", 0777 [pid 7088] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7091] chdir("./114" [pid 7088] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] close(4 [ 146.612130][ T7089] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.629482][ T7089] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 146.644957][ T7087] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7090] symlink("/dev/binderfs", "./binderfs" [pid 7091] <... chdir resumed>) = 0 [pid 7090] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 7091] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7090] write(1, "executing program\n", 18 [pid 7091] <... prctl resumed>) = 0 [pid 5822] rmdir("./116/file2" [pid 7087] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7091] setpgid(0, 0 [pid 5822] <... rmdir resumed>) = 0 [pid 7091] <... setpgid resumed>) = 0 [pid 7084] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program [pid 7091] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7090] <... write resumed>) = 18 [pid 7084] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] <... openat resumed>) = 3 [pid 7090] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7089] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7087] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7084] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./116/binderfs", [pid 7091] write(3, "1000", 4 [pid 7090] <... futex resumed>) = 0 [pid 7089] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7091] <... write resumed>) = 4 [pid 7090] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7091] close(3 [pid 7090] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7084] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7088] <... futex resumed>) = ? [pid 7084] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] unlink("./116/binderfs" [pid 7090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7091] <... close resumed>) = 0 [pid 7090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7089] +++ killed by SIGSEGV +++ [pid 7088] +++ killed by SIGSEGV +++ [pid 7084] <... mprotect resumed>) = ? [pid 5822] <... unlink resumed>) = 0 [pid 7091] symlink("/dev/binderfs", "./binderfs" [pid 7090] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7090] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] getdents64(3, [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7088, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7090] <... mprotect resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7091] <... symlink resumed>) = 0 [pid 7090] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7091] write(1, "executing program\n", 18 [pid 5822] close(3 [pid 7090] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 7091] <... write resumed>) = 18 [pid 7090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7087] +++ killed by SIGSEGV +++ [pid 7084] +++ killed by SIGSEGV +++ [pid 5822] <... close resumed>) = 0 [pid 5818] umount2("./112", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7092 attached [pid 7091] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7090] <... clone3 resumed> => {parent_tid=[7092]}, 88) = 7092 [pid 5822] rmdir("./116" [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7084, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7091] <... futex resumed>) = 0 [pid 7090] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7091] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7091] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... openat resumed>) = 3 [pid 7092] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 5822] <... rmdir resumed>) = 0 [pid 7092] <... rseq resumed>) = 0 [pid 7091] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7090] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] newfstatat(3, "", [pid 7092] set_robust_list(0x7fbb68bde9a0, 24 [pid 7091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7090] <... futex resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7092] <... set_robust_list resumed>) = 0 [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7090] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7092] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] getdents64(3, [pid 7092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7091] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] mkdir("./117", 0777 [pid 7092] memfd_create("syzkaller", 0 [pid 7091] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... restart_syscall resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7092] <... memfd_create resumed>) = 3 [pid 7091] <... mprotect resumed>) = 0 [pid 5818] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7092] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5819] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... mkdir resumed>) = 0 [ 146.665608][ T7089] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.666192][ T7087] exFAT-fs (loop1): Filesystem has been set read-only [ 146.682666][ T7089] exFAT-fs (loop0): Filesystem has been set read-only [pid 7092] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... openat resumed>) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5819] <... openat resumed>) = 3 [pid 5822] <... ioctl resumed>) = 0 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7092] <... write resumed>) = 131072 [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] close(3 [pid 5819] getdents64(3, [pid 5818] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7092] munmap(0x7fbb60600000, 138412032 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7092] <... munmap resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5819] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./112/file2", [pid 7092] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./112/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7092] <... openat resumed>) = 4 [pid 7092] ioctl(4, LOOP_SET_FD, 3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./112/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(4, "", [pid 5819] newfstatat(AT_FDCWD, "./116/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(4, [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7094 attached [pid 5818] getdents64(4, ./strace-static-x86_64: Process 7093 attached [pid 7094] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7092] <... ioctl resumed>) = 0 [pid 7091] <... clone3 resumed> => {parent_tid=[7094]}, 88) = 7094 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7093 [pid 5819] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] newfstatat(4, "", [pid 5818] close(4 [pid 7091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... close resumed>) = 0 [pid 7091] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] rmdir("./112/file2" [pid 7091] <... futex resumed>) = 0 [pid 5819] getdents64(4, [pid 7093] set_robust_list(0x55555eedf6a0, 24 [pid 7092] close(3 [pid 7093] <... set_robust_list resumed>) = 0 [pid 7094] <... rseq resumed>) = 0 [pid 7093] chdir("./117" [pid 7092] <... close resumed>) = 0 [pid 7091] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... rmdir resumed>) = 0 [pid 7094] set_robust_list(0x7fbb68bde9a0, 24 [pid 7093] <... chdir resumed>) = 0 [pid 7092] close(4 [pid 5819] getdents64(4, [pid 5818] umount2("./112/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7094] <... set_robust_list resumed>) = 0 [pid 7093] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7092] <... close resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7094] rt_sigprocmask(SIG_SETMASK, [], [pid 7093] <... prctl resumed>) = 0 [pid 7092] mkdir("./file2", 0777 [pid 5819] close(4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7094] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7093] setpgid(0, 0 [pid 7092] <... mkdir resumed>) = 0 [pid 7094] memfd_create("syzkaller", 0 [pid 7093] <... setpgid resumed>) = 0 [pid 7092] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... close resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./112/binderfs", [pid 7094] <... memfd_create resumed>) = 3 [pid 7093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5819] rmdir("./116/file2" [pid 7094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7093] <... openat resumed>) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7094] <... mmap resumed>) = 0x7fbb60600000 [pid 7093] write(3, "1000", 4 [pid 5819] <... rmdir resumed>) = 0 [pid 7093] <... write resumed>) = 4 [pid 7093] close(3) = 0 [pid 7093] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7094] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7093] write(1, "executing program\n", 18 [pid 5819] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7093] <... write resumed>) = 18 [pid 5818] unlink("./112/binderfs" [pid 7094] <... write resumed>) = 131072 [pid 7093] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7094] munmap(0x7fbb60600000, 138412032 [pid 7093] <... futex resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./116/binderfs", [pid 5818] <... unlink resumed>) = 0 [pid 7094] <... munmap resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./116/binderfs" [pid 7093] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5819] <... unlink resumed>) = 0 [pid 7094] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] getdents64(3, [pid 5818] getdents64(3, [pid 7094] <... openat resumed>) = 4 [pid 7093] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 146.744972][ T7092] loop3: detected capacity change from 0 to 256 [pid 7094] ioctl(4, LOOP_SET_FD, 3 [pid 5819] close(3 [pid 5818] close(3) = 0 [pid 5818] rmdir("./112") = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./116") = 0 [pid 5818] mkdir("./113", 0777 [pid 5819] mkdir("./117", 0777 [pid 5818] <... mkdir resumed>) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] ioctl(3, LOOP_CLR_FD [pid 5819] <... openat resumed>) = 3 [pid 5818] <... ioctl resumed>) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] close(3 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 7094] <... ioctl resumed>) = 0 [pid 7093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5819] close(3 [pid 7093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] <... close resumed>) = 0 [pid 7093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7093] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7094] close(3 [pid 7093] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7092] <... mount resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7095 attached [pid 7094] <... close resumed>) = 0 [pid 7093] <... mprotect resumed>) = 0 [pid 7092] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7095 [pid 7094] close(4 [pid 7093] rt_sigprocmask(SIG_BLOCK, ~[], ./strace-static-x86_64: Process 7096 attached [pid 7094] <... close resumed>) = 0 [pid 7093] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7092] <... openat resumed>) = 3 [pid 7095] set_robust_list(0x55555eedf6a0, 24 [pid 7094] mkdir("./file2", 0777 [pid 7093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7092] chdir("./file2" [pid 7095] <... set_robust_list resumed>) = 0 ./strace-static-x86_64: Process 7097 attached [pid 7095] chdir("./117" [pid 7094] <... mkdir resumed>) = 0 [pid 7092] <... chdir resumed>) = 0 [pid 7097] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7095] <... chdir resumed>) = 0 [pid 7093] <... clone3 resumed> => {parent_tid=[7097]}, 88) = 7097 [pid 7092] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7096 [pid 7096] set_robust_list(0x55555eedf6a0, 24 [pid 7093] rt_sigprocmask(SIG_SETMASK, [], [pid 7097] <... rseq resumed>) = 0 [pid 7095] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7094] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7093] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7092] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7097] set_robust_list(0x7fbb68bde9a0, 24 [pid 7096] <... set_robust_list resumed>) = 0 [pid 7095] <... prctl resumed>) = 0 [pid 7093] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7092] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] <... futex resumed>) = 0 [pid 7097] <... set_robust_list resumed>) = 0 [pid 7093] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7092] <... futex resumed>) = 1 [pid 7090] <... futex resumed>) = 0 [pid 7097] rt_sigprocmask(SIG_SETMASK, [], [pid 7096] chdir("./113" [pid 7092] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7090] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] setpgid(0, 0 [pid 7097] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7096] <... chdir resumed>) = 0 [pid 7092] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7090] <... futex resumed>) = 0 [pid 7095] <... setpgid resumed>) = 0 [pid 7097] memfd_create("syzkaller", 0 [pid 7090] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7097] <... memfd_create resumed>) = 3 [pid 7092] mkdir("./file3", 0777 [pid 7096] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7095] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7095] <... openat resumed>) = 3 [ 146.795976][ T7094] loop2: detected capacity change from 0 to 256 [ 146.796130][ T7092] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.820408][ T7092] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7095] write(3, "1000", 4 [pid 7097] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7096] <... prctl resumed>) = 0 [pid 7095] <... write resumed>) = 4 [pid 7096] setpgid(0, 0 [pid 7095] close(3 [pid 7092] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7096] <... setpgid resumed>) = 0 [pid 7095] <... close resumed>) = 0 [pid 7092] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- executing program [pid 7097] <... write resumed>) = 131072 [pid 7096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7095] symlink("/dev/binderfs", "./binderfs" [pid 7090] <... futex resumed>) = ? [pid 7096] <... openat resumed>) = 3 [pid 7095] <... symlink resumed>) = 0 [pid 7092] +++ killed by SIGSEGV +++ [pid 7090] +++ killed by SIGSEGV +++ [pid 7096] write(3, "1000", 4 [pid 7095] write(1, "executing program\n", 18 [pid 7096] <... write resumed>) = 4 [pid 7095] <... write resumed>) = 18 [pid 7097] munmap(0x7fbb60600000, 138412032 [pid 7096] close(3 [pid 7097] <... munmap resumed>) = 0 [pid 7096] <... close resumed>) = 0 [pid 7095] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7090, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 7097] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7096] symlink("/dev/binderfs", "./binderfs" [pid 7095] <... futex resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7097] <... openat resumed>) = 4 [pid 7096] <... symlink resumed>) = 0 [pid 7095] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] <... restart_syscall resumed>) = 0 [pid 5821] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 146.844783][ T7092] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.854442][ T7092] exFAT-fs (loop3): Filesystem has been set read-only [ 146.876835][ T7094] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5821] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORYexecuting program [pid 7097] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... openat resumed>) = 3 [pid 7096] write(1, "executing program\n", 18 [pid 7095] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] newfstatat(3, "", [pid 7096] <... write resumed>) = 18 [pid 7095] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7096] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 7096] <... futex resumed>) = 0 [pid 7095] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7096] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7095] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7096] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7095] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... umount2 resumed>) = 0 [pid 7096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./117/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7095] <... mprotect resumed>) = 0 [pid 5821] openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7095] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./117/file2") = 0 [pid 7097] <... ioctl resumed>) = 0 [pid 5821] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7097] close(3) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7097] close(4 [pid 5821] newfstatat(AT_FDCWD, "./117/binderfs", [pid 7097] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7097] mkdir("./file2", 0777 [pid 5821] unlink("./117/binderfs" [pid 7097] <... mkdir resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7097] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [ 146.892871][ T7097] loop4: detected capacity change from 0 to 256 [pid 5821] close(3 [pid 7096] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7095] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... close resumed>) = 0 [pid 7096] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7095] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7096] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 7098 attached [pid 7095] <... clone3 resumed> => {parent_tid=[7098]}, 88) = 7098 [pid 7098] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7095] rt_sigprocmask(SIG_SETMASK, [], [pid 7098] <... rseq resumed>) = 0 [pid 7095] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7098] set_robust_list(0x7fbb68bde9a0, 24 [pid 7095] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] rmdir("./117" [pid 7098] <... set_robust_list resumed>) = 0 [pid 7095] <... futex resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 7098] rt_sigprocmask(SIG_SETMASK, [], [pid 7095] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] mkdir("./118", 0777 [pid 7098] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 7098] memfd_create("syzkaller", 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7098] <... memfd_create resumed>) = 3 [pid 7096] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... openat resumed>) = 3 [pid 7098] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7098] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] <... ioctl resumed>) = 0 [pid 7098] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] close(3 [pid 7096] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... close resumed>) = 0 [pid 7096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7100 attached ./strace-static-x86_64: Process 7099 attached [pid 7096] <... clone3 resumed> => {parent_tid=[7099]}, 88) = 7099 [pid 7100] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 7099] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7098] <... write resumed>) = 131072 [pid 7096] rt_sigprocmask(SIG_SETMASK, [], [pid 7099] <... rseq resumed>) = 0 [pid 7096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7099] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7096] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] rt_sigprocmask(SIG_SETMASK, [], [pid 7096] <... futex resumed>) = 0 [pid 7099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7096] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7100] chdir("./118" [pid 7099] memfd_create("syzkaller", 0 [pid 7100] <... chdir resumed>) = 0 [pid 7099] <... memfd_create resumed>) = 3 [ 146.919457][ T7094] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7100 [pid 7100] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7099] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7098] munmap(0x7fbb60600000, 138412032 [pid 7100] <... prctl resumed>) = 0 [pid 7098] <... munmap resumed>) = 0 [pid 7100] setpgid(0, 0 [pid 7098] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 7098] ioctl(4, LOOP_SET_FD, 3 [pid 7100] <... setpgid resumed>) = 0 [pid 7099] <... mmap resumed>) = 0x7fbb60600000 [pid 7094] <... mount resumed>) = 0 [pid 7094] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7100] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7094] <... openat resumed>) = 3 [pid 7094] chdir("./file2") = 0 [pid 7100] <... openat resumed>) = 3 [pid 7094] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7099] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7094] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7100] write(3, "1000", 4 [pid 7094] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7094] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] <... write resumed>) = 4 [pid 7091] <... futex resumed>) = 0 [pid 7100] close(3 [pid 7091] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7094] <... futex resumed>) = 0 [pid 7091] <... futex resumed>) = 1 [pid 7094] mkdir("./file3", 0777 [pid 7091] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7100] <... close resumed>) = 0 [pid 7100] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7099] <... write resumed>) = 131072 executing program [pid 7100] write(1, "executing program\n", 18) = 18 [pid 7100] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7100] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7100] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7100] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7100] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7099] munmap(0x7fbb60600000, 138412032 [pid 7100] <... mprotect resumed>) = 0 [pid 7099] <... munmap resumed>) = 0 [pid 7100] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7099] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7100] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7099] <... openat resumed>) = 4 [pid 7100] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7099] ioctl(4, LOOP_SET_FD, 3 [pid 7100] <... clone3 resumed> => {parent_tid=[7101]}, 88) = 7101 [pid 7100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7100] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 146.962039][ T7097] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 146.989483][ T7094] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 146.998581][ T7098] loop1: detected capacity change from 0 to 256 [pid 7100] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7101 attached [pid 7098] <... ioctl resumed>) = 0 [pid 7101] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7098] close(3) = 0 [pid 7098] close(4 [pid 7101] <... rseq resumed>) = 0 [pid 7098] <... close resumed>) = 0 [pid 7101] set_robust_list(0x7fbb68bde9a0, 24 [pid 7098] mkdir("./file2", 0777 [pid 7091] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7098] <... mkdir resumed>) = 0 [pid 7091] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7091] <... futex resumed>) = 0 [pid 7091] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7091] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7091] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7091] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[7102]}, 88) = 7102 ./strace-static-x86_64: Process 7102 attached [pid 7101] <... set_robust_list resumed>) = 0 [pid 7091] rt_sigprocmask(SIG_SETMASK, [], [pid 7102] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7091] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7102] <... rseq resumed>) = 0 [pid 7091] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7101] rt_sigprocmask(SIG_SETMASK, [], [pid 7102] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7091] <... futex resumed>) = 0 [pid 7102] <... set_robust_list resumed>) = 0 [pid 7091] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7102] rt_sigprocmask(SIG_SETMASK, [], [pid 7101] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7099] <... ioctl resumed>) = 0 [pid 7102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7102] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 7101] memfd_create("syzkaller", 0 [pid 7099] close(3 [pid 7102] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7101] <... memfd_create resumed>) = 3 [pid 7099] <... close resumed>) = 0 [pid 7101] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7099] close(4 [pid 7102] <... futex resumed>) = 1 [pid 7101] <... mmap resumed>) = 0x7fbb60600000 [pid 7091] <... futex resumed>) = 0 [pid 7102] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7099] <... close resumed>) = 0 [pid 7091] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7102] <... ioctl resumed>) = 0 [pid 7091] <... futex resumed>) = 0 [pid 7102] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7091] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7102] <... futex resumed>) = 0 [pid 7091] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7102] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [ 147.009040][ T7099] loop0: detected capacity change from 0 to 256 [ 147.012013][ T7097] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.026717][ T7094] exFAT-fs (loop2): Filesystem has been set read-only [pid 7099] mkdir("./file2", 0777 [pid 7101] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7099] <... mkdir resumed>) = 0 [pid 7094] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7099] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7094] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7102] <... futex resumed>) = ? [pid 7102] +++ killed by SIGSEGV +++ [pid 7101] <... write resumed>) = 131072 [pid 7097] <... mount resumed>) = 0 [pid 7097] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7094] +++ killed by SIGSEGV +++ [pid 7091] +++ killed by SIGSEGV +++ [pid 7097] chdir("./file2") = 0 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7091, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7097] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 7101] munmap(0x7fbb60600000, 138412032 [pid 7097] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] <... restart_syscall resumed>) = 0 [pid 7097] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7097] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7093] <... futex resumed>) = 0 [pid 5820] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7101] <... munmap resumed>) = 0 [pid 7093] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7101] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7097] <... futex resumed>) = 0 [pid 7093] <... futex resumed>) = 1 [pid 5820] <... openat resumed>) = 3 [pid 7097] mkdir("./file3", 0777 [pid 7093] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] newfstatat(3, "", [pid 7101] <... openat resumed>) = 4 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7101] ioctl(4, LOOP_SET_FD, 3 [ 147.052296][ T7098] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.080069][ T7098] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.096452][ T7097] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.100243][ T7101] loop3: detected capacity change from 0 to 256 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7101] <... ioctl resumed>) = 0 [pid 7098] <... mount resumed>) = 0 [pid 7098] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7097] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7101] close(3 [pid 7098] <... openat resumed>) = 3 [pid 7101] <... close resumed>) = 0 [pid 7098] chdir("./file2" [pid 7093] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... umount2 resumed>) = 0 [pid 7101] close(4 [pid 7098] <... chdir resumed>) = 0 [pid 7097] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7093] ???( [pid 7101] <... close resumed>) = 0 [pid 7098] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7093] <... ??? resumed>) = ? [pid 5820] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7101] mkdir("./file2", 0777 [pid 7098] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7097] +++ killed by SIGSEGV +++ [pid 7099] <... mount resumed>) = 0 [ 147.110268][ T7099] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.126074][ T7097] exFAT-fs (loop4): Filesystem has been set read-only [ 147.134782][ T7099] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7099] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7101] <... mkdir resumed>) = 0 [pid 7098] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7093] +++ killed by SIGSEGV +++ [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7101] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7098] <... futex resumed>) = 1 [pid 7095] <... futex resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./114/file2", [pid 7098] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7095] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7098] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7095] <... futex resumed>) = 0 [pid 7098] mkdir("./file3", 0777 [pid 7095] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7093, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7099] chdir("./file2") = 0 [pid 5822] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7099] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7099] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7098] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7101] <... mount resumed>) = 0 [pid 7099] <... futex resumed>) = 1 [pid 7096] <... futex resumed>) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5820] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7096] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7101] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7099] mkdir("./file3", 0777 [pid 7098] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7096] <... futex resumed>) = 0 [pid 7101] <... openat resumed>) = 3 [pid 7096] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7101] chdir("./file2" [pid 7095] <... futex resumed>) = ? [pid 7101] <... chdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7101] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 147.169411][ T7098] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.176544][ T7101] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.178713][ T7098] exFAT-fs (loop1): Filesystem has been set read-only [ 147.190910][ T7101] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] getdents64(4, [pid 7101] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7098] +++ killed by SIGSEGV +++ [pid 7095] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(3, "", [pid 7101] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7100] <... futex resumed>) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7095, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5819] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7101] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7100] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7099] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] getdents64(4, [pid 5819] <... umount2 resumed>) = 0 [pid 7101] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7100] <... futex resumed>) = 0 [pid 7099] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5822] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7101] mkdir("./file3", 0777 [pid 7100] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7096] <... futex resumed>) = ? [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./117/file2", [pid 5820] <... close resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7099] +++ killed by SIGSEGV +++ [pid 7096] +++ killed by SIGSEGV +++ [pid 5822] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] rmdir("./114/file2") = 0 [pid 5819] getdents64(4, [pid 5820] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./114/binderfs", [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./114/binderfs" [pid 7101] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(4 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7096, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 7101] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] rmdir("./117/file2" [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./114" [pid 7100] <... futex resumed>) = ? [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... rmdir resumed>) = 0 [pid 7101] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(AT_FDCWD, "./117/file2", [pid 5820] <... rmdir resumed>) = 0 [pid 5819] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./113", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] mkdir("./115", 0777 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7100] +++ killed by SIGSEGV +++ [pid 5822] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] newfstatat(AT_FDCWD, "./117/binderfs", [pid 5818] openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5822] openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] unlink("./117/binderfs" [pid 5818] newfstatat(3, "", [pid 5822] <... openat resumed>) = 4 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] newfstatat(4, "", [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] getdents64(3, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7100, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] <... openat resumed>) = 3 [pid 5819] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] getdents64(4, [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] close(3) = 0 [pid 5822] getdents64(4, [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] close(3 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] rmdir("./117" [pid 5818] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./113/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... close resumed>) = 0 [pid 5818] umount2("./113/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./113/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 147.214983][ T7099] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.224878][ T7099] exFAT-fs (loop0): Filesystem has been set read-only [ 147.244979][ T7101] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.254146][ T7101] exFAT-fs (loop3): Filesystem has been set read-only [pid 5818] newfstatat(4, "", [pid 5822] close(4 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... rmdir resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 ./strace-static-x86_64: Process 7103 attached [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7103 [pid 5819] mkdir("./118", 0777 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(4, [pid 5822] rmdir("./117/file2" [pid 5821] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7103] set_robust_list(0x55555eedf6a0, 24 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] getdents64(4, [pid 7103] <... set_robust_list resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7103] chdir("./115" [pid 5822] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] newfstatat(3, "", [pid 5819] <... openat resumed>) = 3 [pid 5818] close(4 [pid 7103] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5818] <... close resumed>) = 0 [pid 7103] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5819] <... ioctl resumed>) = 0 [pid 7103] <... prctl resumed>) = 0 [pid 5819] close(3 [pid 7103] setpgid(0, 0 [pid 5822] newfstatat(AT_FDCWD, "./117/binderfs", [pid 5821] getdents64(3, [pid 5819] <... close resumed>) = 0 [pid 5818] rmdir("./113/file2" [pid 7103] <... setpgid resumed>) = 0 [pid 7103] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... rmdir resumed>) = 0 [pid 5822] unlink("./117/binderfs"./strace-static-x86_64: Process 7104 attached [pid 7103] <... openat resumed>) = 3 [pid 5822] <... unlink resumed>) = 0 [pid 5821] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7104] set_robust_list(0x55555eedf6a0, 24 [pid 7103] write(3, "1000", 4 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7104 [pid 5818] umount2("./113/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7104] <... set_robust_list resumed>) = 0 [pid 7103] <... write resumed>) = 4 [pid 7103] close(3 [pid 7104] chdir("./118" [pid 7103] <... close resumed>) = 0 [pid 5822] getdents64(3, executing program [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7104] <... chdir resumed>) = 0 [pid 7103] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7104] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] close(3 [pid 5818] newfstatat(AT_FDCWD, "./113/binderfs", [pid 7104] <... prctl resumed>) = 0 [pid 7103] <... symlink resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7104] setpgid(0, 0 [pid 5822] rmdir("./117" [pid 5821] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7104] <... setpgid resumed>) = 0 [pid 7103] write(1, "executing program\n", 18 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] unlink("./113/binderfs" [pid 7104] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7103] <... write resumed>) = 18 [pid 5821] newfstatat(AT_FDCWD, "./118/file2", [pid 5818] <... unlink resumed>) = 0 [pid 7103] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] mkdir("./118", 0777 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7104] <... openat resumed>) = 3 [pid 7103] <... futex resumed>) = 0 [pid 5822] <... mkdir resumed>) = 0 [pid 5821] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7103] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(3, [pid 7104] write(3, "1000", 4 [pid 7103] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7104] <... write resumed>) = 4 [pid 7103] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] newfstatat(4, "", [pid 5818] close(3 [pid 7104] close(3 [pid 7103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... close resumed>) = 0 [pid 7104] <... close resumed>) = 0 [pid 7103] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] getdents64(4, [pid 7104] symlink("/dev/binderfs", "./binderfs" [pid 7103] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] rmdir("./113"executing program [pid 7104] <... symlink resumed>) = 0 [pid 7103] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] close(3 [pid 5821] getdents64(4, [pid 5818] <... rmdir resumed>) = 0 [pid 7104] write(1, "executing program\n", 18 [pid 7103] <... mprotect resumed>) = 0 [pid 7104] <... write resumed>) = 18 [pid 7103] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... close resumed>) = 0 [pid 7104] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./118/file2") = 0 [pid 7104] <... futex resumed>) = 0 [pid 7103] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] mkdir("./114", 0777 [pid 7104] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7103] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7104] <... rt_sigaction resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7105 attached [pid 7104] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7106 attached [pid 7105] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7103] <... clone3 resumed> => {parent_tid=[7105]}, 88) = 7105 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7105] <... rseq resumed>) = 0 [pid 7104] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7103] rt_sigprocmask(SIG_SETMASK, [], [pid 7105] set_robust_list(0x7fbb68bde9a0, 24 [pid 7106] set_robust_list(0x55555eedf6a0, 24 [pid 7105] <... set_robust_list resumed>) = 0 [pid 7104] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7106 [pid 5821] newfstatat(AT_FDCWD, "./118/binderfs", [pid 5818] <... openat resumed>) = 3 [pid 7106] <... set_robust_list resumed>) = 0 [pid 7105] rt_sigprocmask(SIG_SETMASK, [], [pid 7104] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7103] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7106] chdir("./118" [pid 7105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7104] <... mprotect resumed>) = 0 [pid 7103] <... futex resumed>) = 0 [pid 5821] unlink("./118/binderfs" [pid 5818] <... ioctl resumed>) = 0 [pid 7105] memfd_create("syzkaller", 0 [pid 7103] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... unlink resumed>) = 0 [pid 5818] close(3 [pid 7105] <... memfd_create resumed>) = 3 [pid 7104] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] <... close resumed>) = 0 [pid 7106] <... chdir resumed>) = 0 [pid 7105] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7104] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7106] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7105] <... mmap resumed>) = 0x7fbb60600000 [pid 7104] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7106] <... prctl resumed>) = 0 [pid 5821] getdents64(3, [pid 7106] setpgid(0, 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7106] <... setpgid resumed>) = 0 [pid 7105] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] close(3./strace-static-x86_64: Process 7107 attached [pid 7106] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7104] <... clone3 resumed> => {parent_tid=[7107]}, 88) = 7107 [pid 5821] <... close resumed>) = 0 [pid 7107] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 7107] set_robust_list(0x7fbb68bde9a0, 24 [pid 7106] <... openat resumed>) = 3 [pid 5821] rmdir("./118" [pid 7107] <... set_robust_list resumed>) = 0 [pid 7107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7107] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] write(3, "1000", 4 [pid 7105] <... write resumed>) = 131072 [pid 7104] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... rmdir resumed>) = 0 [pid 7106] <... write resumed>) = 4 [pid 7104] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7106] close(3 [pid 7104] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7108 [pid 7106] <... close resumed>) = 0 [pid 7104] <... futex resumed>) = 1 ./strace-static-x86_64: Process 7108 attached [pid 7107] <... futex resumed>) = 0 [pid 7106] symlink("/dev/binderfs", "./binderfs" [pid 7105] munmap(0x7fbb60600000, 138412032 [pid 5821] mkdir("./119", 0777 [pid 7104] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7108] set_robust_list(0x55555eedf6a0, 24 [pid 7107] memfd_create("syzkaller", 0 [pid 7108] <... set_robust_list resumed>) = 0 [pid 7107] <... memfd_create resumed>) = 3 [pid 7108] chdir("./114" [pid 7107] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7105] <... munmap resumed>) = 0 [pid 7108] <... chdir resumed>) = 0 [pid 7107] <... mmap resumed>) = 0x7fbb60600000 [pid 7107] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7106] <... symlink resumed>) = 0 executing program [pid 7105] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... mkdir resumed>) = 0 [pid 7108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7105] <... openat resumed>) = 4 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7106] write(1, "executing program\n", 18 [pid 7105] ioctl(4, LOOP_SET_FD, 3 [pid 7108] setpgid(0, 0 [pid 5821] <... openat resumed>) = 3 [pid 7108] <... setpgid resumed>) = 0 [pid 7108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7108] <... openat resumed>) = 3 [pid 7107] <... write resumed>) = 131072 [pid 7108] write(3, "1000", 4) = 4 [pid 7108] close(3) = 0 [pid 7108] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7107] munmap(0x7fbb60600000, 138412032 [pid 7106] <... write resumed>) = 18 [pid 7108] write(1, "executing program\n", 18 [pid 7105] <... ioctl resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 7108] <... write resumed>) = 18 [pid 7107] <... munmap resumed>) = 0 [pid 7106] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] close(3 [pid 5821] close(3 [pid 7108] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7107] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7106] <... futex resumed>) = 0 [pid 7105] <... close resumed>) = 0 [pid 7108] <... futex resumed>) = 0 [pid 7107] <... openat resumed>) = 4 [pid 7108] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7107] ioctl(4, LOOP_SET_FD, 3 [pid 7108] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7106] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7105] close(4 [pid 5821] <... close resumed>) = 0 [pid 7107] <... ioctl resumed>) = 0 [pid 7107] close(3) = 0 [pid 7107] close(4) = 0 [pid 7107] mkdir("./file2", 0777) = 0 [pid 7108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7108] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7107] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7109 attached [pid 7106] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7105] <... close resumed>) = 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7108] <... clone3 resumed> => {parent_tid=[7109]}, 88) = 7109 [pid 7108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7108] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7108] <... futex resumed>) = 0 [pid 7109] <... rseq resumed>) = 0 [pid 7108] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7106] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7105] mkdir("./file2", 0777 [pid 7106] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7110 attached [ 147.428921][ T7105] loop2: detected capacity change from 0 to 256 [ 147.452042][ T7107] loop1: detected capacity change from 0 to 256 [pid 7109] set_robust_list(0x7fbb68bde9a0, 24 [pid 7106] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7105] <... mkdir resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7110 [pid 7109] <... set_robust_list resumed>) = 0 [pid 7106] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7105] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7106] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7110] set_robust_list(0x55555eedf6a0, 24 [pid 7109] rt_sigprocmask(SIG_SETMASK, [], [pid 7110] <... set_robust_list resumed>) = 0 [pid 7109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7110] chdir("./119" [pid 7109] memfd_create("syzkaller", 0 [pid 7106] <... mprotect resumed>) = 0 [pid 7110] <... chdir resumed>) = 0 [pid 7109] <... memfd_create resumed>) = 3 [pid 7110] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7110] <... prctl resumed>) = 0 [pid 7109] <... mmap resumed>) = 0x7fbb60600000 [pid 7106] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7110] setpgid(0, 0 [pid 7109] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7106] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7110] <... setpgid resumed>) = 0 [pid 7110] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7106] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7111 attached [pid 7110] <... openat resumed>) = 3 [pid 7111] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7110] write(3, "1000", 4 [pid 7106] <... clone3 resumed> => {parent_tid=[7111]}, 88) = 7111 [pid 7111] <... rseq resumed>) = 0 [pid 7106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7109] <... write resumed>) = 131072 [ 147.471756][ T7107] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.497606][ T7107] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.511490][ T7105] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7111] set_robust_list(0x7fbb68bde9a0, 24 [pid 7110] <... write resumed>) = 4 [pid 7109] munmap(0x7fbb60600000, 138412032 [pid 7106] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] close(3 [pid 7109] <... munmap resumed>) = 0 [pid 7110] <... close resumed>) = 0 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7110] symlink("/dev/binderfs", "./binderfs" [pid 7109] <... openat resumed>) = 4 [pid 7110] <... symlink resumed>) = 0 [pid 7109] ioctl(4, LOOP_SET_FD, 3 [pid 7111] <... set_robust_list resumed>) = 0 [pid 7110] write(1, "executing program\n", 18 executing program [pid 7106] <... futex resumed>) = 0 [pid 7111] rt_sigprocmask(SIG_SETMASK, [], [pid 7110] <... write resumed>) = 18 [pid 7107] <... mount resumed>) = 0 [pid 7106] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7109] <... ioctl resumed>) = 0 [pid 7107] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7105] <... mount resumed>) = 0 [pid 7109] close(3 [pid 7107] <... openat resumed>) = 3 [pid 7105] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7109] <... close resumed>) = 0 [pid 7107] chdir("./file2" [pid 7105] <... openat resumed>) = 3 [pid 7111] memfd_create("syzkaller", 0 [pid 7109] close(4 [pid 7107] <... chdir resumed>) = 0 [pid 7105] chdir("./file2" [pid 7110] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7109] <... close resumed>) = 0 [pid 7107] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7105] <... chdir resumed>) = 0 [pid 7109] mkdir("./file2", 0777 [pid 7107] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7105] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7110] <... futex resumed>) = 0 [pid 7109] <... mkdir resumed>) = 0 [pid 7107] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7110] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7107] <... futex resumed>) = 1 [pid 7105] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7110] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7107] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7105] <... futex resumed>) = 1 [pid 7104] <... futex resumed>) = 0 [pid 7103] <... futex resumed>) = 0 [pid 7110] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7105] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7103] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7111] <... memfd_create resumed>) = 3 [pid 7110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7109] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7105] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7104] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7103] <... futex resumed>) = 0 [pid 7110] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7105] mkdir("./file3", 0777 [pid 7111] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7110] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7104] <... futex resumed>) = 1 [pid 7103] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] <... mmap resumed>) = 0x7fbb60600000 [pid 7110] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7104] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7111] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7110] <... mprotect resumed>) = 0 [pid 7110] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7107] <... futex resumed>) = 0 [pid 7110] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7111] <... write resumed>) = 131072 [pid 7107] mkdir("./file3", 0777 [pid 7105] <... mkdir resumed>) = -1 EIO (Input/output error) ./strace-static-x86_64: Process 7112 attached [pid 7111] munmap(0x7fbb60600000, 138412032 [pid 7110] <... clone3 resumed> => {parent_tid=[7112]}, 88) = 7112 [pid 7111] <... munmap resumed>) = 0 [pid 7110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7110] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7111] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7110] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7111] <... openat resumed>) = 4 [ 147.524625][ T7105] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.532831][ T7109] loop0: detected capacity change from 0 to 256 [ 147.550487][ T7105] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.560098][ T7105] exFAT-fs (loop2): Filesystem has been set read-only [ 147.568624][ T7107] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7111] ioctl(4, LOOP_SET_FD, 3 [pid 7112] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7105] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7107] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7107] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7109] <... mount resumed>) = 0 [pid 7103] <... futex resumed>) = ? [pid 7112] <... rseq resumed>) = 0 [pid 7104] <... futex resumed>) = ? [pid 7112] set_robust_list(0x7fbb68bde9a0, 24 [pid 7111] <... ioctl resumed>) = 0 [pid 7109] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7107] +++ killed by SIGSEGV +++ [pid 7104] +++ killed by SIGSEGV +++ [pid 7112] <... set_robust_list resumed>) = 0 [pid 7111] close(3 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7104, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7112] rt_sigprocmask(SIG_SETMASK, [], [pid 7111] <... close resumed>) = 0 [pid 7109] <... openat resumed>) = 3 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7111] close(4 [pid 7109] chdir("./file2" [pid 5819] <... restart_syscall resumed>) = 0 [pid 7112] memfd_create("syzkaller", 0 [pid 7111] <... close resumed>) = 0 [pid 7109] <... chdir resumed>) = 0 [pid 7112] <... memfd_create resumed>) = 3 [pid 7111] mkdir("./file2", 0777 [pid 7109] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7111] <... mkdir resumed>) = 0 [pid 7109] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7112] <... mmap resumed>) = 0x7fbb60600000 [ 147.577003][ T7109] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.578865][ T7107] exFAT-fs (loop1): Filesystem has been set read-only [ 147.597147][ T7109] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.598252][ T7111] loop4: detected capacity change from 0 to 256 [pid 7111] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7109] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7105] +++ killed by SIGSEGV +++ [pid 7103] +++ killed by SIGSEGV +++ [pid 7112] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7109] <... futex resumed>) = 1 [pid 5819] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7103, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7112] <... write resumed>) = 131072 [pid 7109] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7108] <... futex resumed>) = 0 [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 7112] munmap(0x7fbb60600000, 138412032 [pid 7109] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7108] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] newfstatat(3, "", [pid 7112] <... munmap resumed>) = 0 [pid 7111] <... mount resumed>) = 0 [pid 7109] mkdir("./file3", 0777 [pid 7108] <... futex resumed>) = 0 [pid 7112] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7112] <... openat resumed>) = 4 [pid 5820] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(3, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7112] ioctl(4, LOOP_SET_FD, 3 [pid 5820] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7111] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7108] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... openat resumed>) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = 0 [pid 7112] <... ioctl resumed>) = 0 [pid 7112] close(3) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 7111] <... openat resumed>) = 3 [pid 5819] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7112] close(4) = 0 [pid 7112] mkdir("./file2", 0777 [pid 7111] chdir("./file2" [pid 7109] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7111] <... chdir resumed>) = 0 [pid 7109] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./118/file2", [pid 7111] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7108] <... futex resumed>) = ? [pid 5820] newfstatat(AT_FDCWD, "./115/file2", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7112] <... mkdir resumed>) = 0 [pid 7111] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7109] +++ killed by SIGSEGV +++ [pid 7108] +++ killed by SIGSEGV +++ [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7112] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7111] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7111] <... futex resumed>) = 1 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7111] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7106] <... futex resumed>) = 0 [pid 5820] openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... openat resumed>) = 4 [pid 7106] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 4 [pid 5819] newfstatat(4, "", [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7108, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7111] <... futex resumed>) = 0 [pid 7106] <... futex resumed>) = 1 [pid 5820] newfstatat(4, "", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 147.645221][ T7111] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.659086][ T7111] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 147.671172][ T7109] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.678028][ T7112] loop3: detected capacity change from 0 to 256 [ 147.681183][ T7109] exFAT-fs (loop0): Filesystem has been set read-only [pid 7111] mkdir("./file3", 0777 [pid 7106] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, [pid 5818] umount2("./114", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] newfstatat(3, "", [pid 5820] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7111] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, [pid 7111] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] getdents64(4, [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4 [pid 5820] close(4 [pid 5819] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] rmdir("./118/file2" [pid 5820] rmdir("./115/file2" [pid 5819] <... rmdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./118/binderfs", [pid 5820] newfstatat(AT_FDCWD, "./115/binderfs", [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] unlink("./118/binderfs" [pid 5820] unlink("./115/binderfs" [pid 5819] <... unlink resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] getdents64(3, [pid 5820] getdents64(3, [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 5820] close(3 [pid 5819] <... close resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] rmdir("./118" [pid 5820] rmdir("./115" [pid 5819] <... rmdir resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] mkdir("./119", 0777 [pid 5820] mkdir("./116", 0777 [pid 5819] <... mkdir resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... openat resumed>) = 3 [pid 7111] +++ killed by SIGSEGV +++ [pid 5820] <... openat resumed>) = 3 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... ioctl resumed>) = 0 [pid 5820] <... ioctl resumed>) = 0 [pid 5819] close(3 [pid 7106] <... futex resumed>) = ? [pid 5820] close(3 [pid 5819] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7113 attached [pid 7106] +++ killed by SIGSEGV +++ [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7113] set_robust_list(0x55555eedf6a0, 24 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7106, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7113 [pid 7113] <... set_robust_list resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7114 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7113] chdir("./119") = 0 [pid 7113] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7113] setpgid(0, 0) = 0 [pid 5818] newfstatat(AT_FDCWD, "./114/file2", [pid 7113] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 147.713767][ T7111] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.723585][ T7111] exFAT-fs (loop4): Filesystem has been set read-only [ 147.729030][ T7112] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7113] write(3, "1000", 4./strace-static-x86_64: Process 7114 attached [pid 5818] umount2("./114/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7114] set_robust_list(0x55555eedf6a0, 24 [pid 7113] <... write resumed>) = 4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7113] close(3) = 0 [pid 5822] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] openat(AT_FDCWD, "./114/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7113] symlink("/dev/binderfs", "./binderfs" [pid 7112] <... mount resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7113] <... symlink resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", [pid 7112] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... openat resumed>) = 4 [pid 7113] write(1, "executing program\n", 18executing program [pid 7112] <... openat resumed>) = 3 [pid 5822] getdents64(3, [pid 7113] <... write resumed>) = 18 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7113] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7112] chdir("./file2" [pid 5822] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7114] <... set_robust_list resumed>) = 0 [pid 7113] <... futex resumed>) = 0 [pid 7112] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 7114] chdir("./116" [pid 7113] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7112] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7114] <... chdir resumed>) = 0 [pid 7113] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7112] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7114] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7113] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5822] newfstatat(AT_FDCWD, "./118/file2", [pid 7114] <... prctl resumed>) = 0 [pid 7113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7112] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] getdents64(4, [pid 7114] setpgid(0, 0 [pid 7113] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7112] <... futex resumed>) = 1 [pid 5822] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7114] <... setpgid resumed>) = 0 [pid 7113] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7112] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7110] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7113] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7113] <... mprotect resumed>) = 0 [pid 7110] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 4 [pid 5818] getdents64(4, [pid 5822] newfstatat(4, "", [pid 7113] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7113] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] getdents64(4, [pid 7113] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 ./strace-static-x86_64: Process 7115 attached [pid 5822] close(4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7115] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7114] <... openat resumed>) = 3 [pid 7112] <... futex resumed>) = 0 [pid 7110] <... futex resumed>) = 1 [pid 5822] <... close resumed>) = 0 [pid 5818] close(4 [pid 7115] <... rseq resumed>) = 0 [pid 7114] write(3, "1000", 4 [pid 7113] <... clone3 resumed> => {parent_tid=[7115]}, 88) = 7115 [pid 7112] mkdir("./file3", 0777 [pid 7110] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 147.757526][ T7112] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5822] rmdir("./118/file2"executing program [pid 7115] set_robust_list(0x7fbb68bde9a0, 24 [pid 7114] <... write resumed>) = 4 [pid 7113] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... rmdir resumed>) = 0 [pid 5818] <... close resumed>) = 0 [pid 7114] close(3 [pid 5818] rmdir("./114/file2" [pid 7114] <... close resumed>) = 0 [pid 7115] <... set_robust_list resumed>) = 0 [pid 7113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... rmdir resumed>) = 0 [pid 7114] symlink("/dev/binderfs", "./binderfs" [pid 5818] umount2("./114/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7115] rt_sigprocmask(SIG_SETMASK, [], [pid 7113] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7114] <... symlink resumed>) = 0 [pid 7113] <... futex resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./118/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7114] write(1, "executing program\n", 18 [pid 5818] newfstatat(AT_FDCWD, "./114/binderfs", [pid 7114] <... write resumed>) = 18 [pid 7115] memfd_create("syzkaller", 0 [pid 7114] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7113] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7115] <... memfd_create resumed>) = 3 [pid 7114] <... futex resumed>) = 0 [pid 5822] unlink("./118/binderfs" [pid 5818] unlink("./114/binderfs" [pid 7114] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7114] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 7114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5818] getdents64(3, [pid 7114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7115] <... mmap resumed>) = 0x7fbb60600000 [pid 7114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] getdents64(3, [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7115] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7114] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] close(3 [pid 7114] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7115] <... write resumed>) = 131072 [pid 7114] <... mprotect resumed>) = 0 [pid 5822] close(3 [pid 5818] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5822] rmdir("./118" [pid 7114] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] rmdir("./114" [pid 5822] <... rmdir resumed>) = 0 [pid 7114] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 5822] mkdir("./119", 0777 [pid 7114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5818] mkdir("./115", 0777 [pid 7115] munmap(0x7fbb60600000, 138412032 [pid 5822] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7116 attached [pid 7115] <... munmap resumed>) = 0 [pid 7114] <... clone3 resumed> => {parent_tid=[7116]}, 88) = 7116 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5818] <... mkdir resumed>) = 0 [pid 7116] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7114] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... openat resumed>) = 3 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7116] <... rseq resumed>) = 0 [pid 7114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 7116] set_robust_list(0x7fbb68bde9a0, 24 [pid 7115] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7114] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... ioctl resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 7116] <... set_robust_list resumed>) = 0 [pid 7115] <... openat resumed>) = 4 [pid 7114] <... futex resumed>) = 0 [pid 5822] close(3 [pid 7116] rt_sigprocmask(SIG_SETMASK, [], [pid 7114] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5822] <... close resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7116] memfd_create("syzkaller", 0 [pid 5818] <... ioctl resumed>) = 0 [pid 5818] close(3 [pid 7116] <... memfd_create resumed>) = 3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555eedf690) = 7117 [pid 5818] <... close resumed>) = 0 [pid 7115] ioctl(4, LOOP_SET_FD, 3 [pid 7116] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0./strace-static-x86_64: Process 7117 attached [pid 7117] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 7117] chdir("./119") = 0 [pid 7117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7117] setpgid(0, 0) = 0 executing program [pid 7117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7116] <... mmap resumed>) = 0x7fbb60600000 [pid 7117] <... openat resumed>) = 3 [pid 7115] <... ioctl resumed>) = 0 [pid 7112] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7110] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7117] write(3, "1000", 4 [pid 7112] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7110] ???( [pid 7117] <... write resumed>) = 4 [pid 7117] close(3) = 0 [pid 7117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7116] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7117] write(1, "executing program\n", 18 [pid 7115] close(3 [pid 7112] +++ killed by SIGSEGV +++ [pid 7110] <... ??? resumed>) = ? [pid 7117] <... write resumed>) = 18 [pid 7117] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] <... close resumed>) = 0 [pid 7117] <... futex resumed>) = 0 [pid 7115] close(4 [pid 7117] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7115] <... close resumed>) = 0 [pid 7117] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7115] mkdir("./file2", 0777 [pid 7117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7117] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7115] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7118 attached [pid 7117] <... mprotect resumed>) = 0 [pid 7116] <... write resumed>) = 131072 [pid 7110] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7110, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7115] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7118] set_robust_list(0x55555eedf6a0, 24 [pid 7117] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] <... restart_syscall resumed>) = 0 [pid 7117] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7118 ./strace-static-x86_64: Process 7119 attached [pid 7117] <... clone3 resumed> => {parent_tid=[7119]}, 88) = 7119 [pid 7117] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7119] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7117] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 3 [pid 7119] <... rseq resumed>) = 0 [pid 7117] <... futex resumed>) = 0 [pid 7119] set_robust_list(0x7fbb68bde9a0, 24 [pid 7118] <... set_robust_list resumed>) = 0 [pid 7117] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] newfstatat(3, "", [pid 7119] <... set_robust_list resumed>) = 0 [pid 7119] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7118] chdir("./115" [pid 7119] memfd_create("syzkaller", 0 [pid 5821] getdents64(3, [pid 7119] <... memfd_create resumed>) = 3 [pid 7119] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7119] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7118] <... chdir resumed>) = 0 [pid 5821] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7118] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7116] munmap(0x7fbb60600000, 138412032 [pid 7118] <... prctl resumed>) = 0 [pid 7118] setpgid(0, 0 [pid 7116] <... munmap resumed>) = 0 [pid 5821] <... umount2 resumed>) = 0 [ 147.794629][ T7112] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 147.818534][ T7112] exFAT-fs (loop3): Filesystem has been set read-only [ 147.834229][ T7115] loop1: detected capacity change from 0 to 256 [pid 5821] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7118] <... setpgid resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7119] <... write resumed>) = 131072 [pid 7118] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7116] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] newfstatat(AT_FDCWD, "./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 7118] <... openat resumed>) = 3 [pid 7116] <... openat resumed>) = 4 [pid 5821] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] close(4) = 0 [pid 5821] rmdir("./119/file2" [pid 7119] munmap(0x7fbb60600000, 138412032 [pid 7118] write(3, "1000", 4 [pid 7116] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... rmdir resumed>) = 0 [pid 5821] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7119] <... munmap resumed>) = 0 [pid 5821] unlink("./119/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./119") = 0 [pid 5821] mkdir("./120", 0777) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 5821] close(3) = 0 [pid 7118] <... write resumed>) = 4 [ 147.875727][ T7115] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 147.898371][ T7116] loop2: detected capacity change from 0 to 256 [ 147.905058][ T7115] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7119] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 7118] close(3 [pid 7116] <... ioctl resumed>) = 0 [pid 7119] ioctl(4, LOOP_SET_FD, 3 [pid 7118] <... close resumed>) = 0 [pid 7116] close(3 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7118] symlink("/dev/binderfs", "./binderfs" [pid 7116] <... close resumed>) = 0 [pid 7116] close(4./strace-static-x86_64: Process 7120 attached ) = 0 [pid 7116] mkdir("./file2", 0777 [pid 7118] <... symlink resumed>) = 0 [pid 7116] <... mkdir resumed>) = 0 [pid 7116] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7120] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 7120] chdir("./120") = 0 [pid 7120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7120] setpgid(0, 0) = 0 [pid 7120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7118] write(1, "executing program\n", 18executing program [pid 7120] <... openat resumed>) = 3 [pid 7120] write(3, "1000", 4) = 4 [pid 7118] <... write resumed>) = 18 [pid 7120] close(3) = 0 [pid 7120] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7120 [pid 7120] write(1, "executing program\n", 18) = 18 [pid 7120] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7120] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7120] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7118] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7119] <... ioctl resumed>) = 0 [pid 7118] <... futex resumed>) = 0 [ 147.921357][ T7119] loop4: detected capacity change from 0 to 256 [pid 7119] close(3 [pid 7118] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7119] <... close resumed>) = 0 [pid 7118] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7119] close(4 [pid 7118] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7119] <... close resumed>) = 0 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7119] mkdir("./file2", 0777 [pid 7118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7119] <... mkdir resumed>) = 0 [pid 7118] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7118] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7121]}, 88) = 7121 [pid 7120] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7121 attached [pid 7118] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7121] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7119] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7118] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7120] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7121] <... rseq resumed>) = 0 ./strace-static-x86_64: Process 7122 attached [pid 7118] <... clone3 resumed> => {parent_tid=[7122]}, 88) = 7122 [pid 7122] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7121] set_robust_list(0x7fbb68bde9a0, 24 [pid 7118] rt_sigprocmask(SIG_SETMASK, [], [pid 7122] <... rseq resumed>) = 0 [pid 7121] <... set_robust_list resumed>) = 0 [pid 7118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7122] set_robust_list(0x7fbb68bde9a0, 24 [pid 7121] rt_sigprocmask(SIG_SETMASK, [], [pid 7118] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] <... set_robust_list resumed>) = 0 [pid 7121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7118] <... futex resumed>) = 0 [pid 7121] memfd_create("syzkaller", 0 [pid 7120] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7118] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7115] <... mount resumed>) = 0 [pid 7122] rt_sigprocmask(SIG_SETMASK, [], [pid 7121] <... memfd_create resumed>) = 3 [pid 7115] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7115] <... openat resumed>) = 3 [pid 7122] memfd_create("syzkaller", 0 [pid 7121] <... mmap resumed>) = 0x7fbb60600000 [pid 7115] chdir("./file2") = 0 [ 147.946690][ T7116] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7115] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7122] <... memfd_create resumed>) = 3 [pid 7121] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7115] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7115] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7113] <... futex resumed>) = 0 [pid 7115] mkdir("./file3", 0777 [pid 7113] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7113] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7121] <... write resumed>) = 131072 [pid 7119] <... mount resumed>) = 0 [pid 7121] munmap(0x7fbb60600000, 138412032) = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7122] <... mmap resumed>) = 0x7fbb60600000 [pid 7121] <... openat resumed>) = 4 [pid 7116] <... mount resumed>) = 0 [pid 7122] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7121] ioctl(4, LOOP_SET_FD, 3 [pid 7119] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7115] <... mkdir resumed>) = -1 EIO (Input/output error) [ 147.991451][ T7119] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 148.004336][ T7116] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.008594][ T7119] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.015204][ T7115] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.034419][ T7115] exFAT-fs (loop1): Filesystem has been set read-only [pid 7116] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7115] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7116] <... openat resumed>) = 3 [pid 7113] <... futex resumed>) = ? [pid 7116] chdir("./file2") = 0 [pid 7116] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7116] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7115] +++ killed by SIGSEGV +++ [pid 7113] +++ killed by SIGSEGV +++ [pid 7116] <... futex resumed>) = 1 [pid 7114] <... futex resumed>) = 0 [pid 7116] mkdir("./file3", 0777 [pid 7114] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7113, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7114] <... futex resumed>) = 0 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7119] <... openat resumed>) = 3 [pid 7114] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] <... write resumed>) = 131072 [pid 7121] <... ioctl resumed>) = 0 [pid 7119] chdir("./file2" [pid 5819] <... restart_syscall resumed>) = 0 [pid 7119] <... chdir resumed>) = 0 [pid 7121] close(3 [pid 7119] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5819] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7121] <... close resumed>) = 0 [pid 7119] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7121] close(4 [pid 7119] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7122] munmap(0x7fbb60600000, 138412032 [pid 7121] <... close resumed>) = 0 [pid 7119] <... futex resumed>) = 1 [pid 5819] <... openat resumed>) = 3 [pid 7119] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7121] mkdir("./file2", 0777 [pid 7122] <... munmap resumed>) = 0 [pid 7121] <... mkdir resumed>) = 0 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, [pid 7117] <... futex resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7117] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7117] <... futex resumed>) = 1 [pid 7119] <... futex resumed>) = 0 [pid 7119] mkdir("./file3", 0777 [pid 7117] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7122] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 148.046087][ T7121] loop3: detected capacity change from 0 to 256 [ 148.052933][ T7116] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.072046][ T7119] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.072574][ T7116] exFAT-fs (loop2): Filesystem has been set read-only [pid 7121] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5819] <... umount2 resumed>) = 0 [pid 7122] ioctl(4, LOOP_SET_FD, 3 [pid 5819] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./119/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] close(4) = 0 [pid 5819] rmdir("./119/file2") = 0 [pid 5819] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7122] <... ioctl resumed>) = 0 [pid 5819] unlink("./119/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3 [pid 7114] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] <... close resumed>) = 0 [pid 7114] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] rmdir("./119" [pid 7114] <... futex resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 7114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7114] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7114] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] mkdir("./120", 0777 [pid 7114] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] <... mkdir resumed>) = 0 [pid 7114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 7114] <... clone3 resumed> => {parent_tid=[7123]}, 88) = 7123 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7114] rt_sigprocmask(SIG_SETMASK, [], [pid 5819] <... ioctl resumed>) = 0 [pid 7114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] close(3./strace-static-x86_64: Process 7123 attached [pid 7122] close(3 [pid 7116] <... mkdir resumed>) = -1 EIO (Input/output error) [ 148.091668][ T7122] loop0: detected capacity change from 0 to 256 [pid 7123] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7122] <... close resumed>) = 0 [pid 7119] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7117] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7116] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7114] ???( [pid 5819] <... close resumed>) = 0 [pid 7123] <... rseq resumed>) = ? [pid 7122] close(4 [pid 7117] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7114] <... ??? resumed>) = ? [pid 7123] +++ killed by SIGSEGV +++ [pid 7122] <... close resumed>) = 0 [pid 7117] <... futex resumed>) = 0 [pid 7116] +++ killed by SIGSEGV +++ [pid 7122] mkdir("./file2", 0777) = 0 [pid 7117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7114] +++ killed by SIGSEGV +++ [pid 7122] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7114, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7119] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7117] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5820] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7117] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5820] <... openat resumed>) = 3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7124 attached [pid 7117] <... mprotect resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 7117] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7124 [pid 7117] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5820] getdents64(3, [pid 7117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] set_robust_list(0x55555eedf6a0, 24./strace-static-x86_64: Process 7125 attached ) = 0 [pid 7117] <... clone3 resumed> ) = ? [pid 5820] <... umount2 resumed>) = 0 [pid 7125] +++ killed by SIGSEGV +++ [pid 7119] +++ killed by SIGSEGV +++ [pid 5820] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] chdir("./120" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7124] <... chdir resumed>) = 0 [pid 7124] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7117] +++ killed by SIGSEGV +++ [pid 5820] newfstatat(AT_FDCWD, "./116/file2", [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7117, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 148.120136][ T7119] exFAT-fs (loop4): Filesystem has been set read-only [ 148.135372][ T7121] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4) = 0 [pid 5820] rmdir("./116/file2") = 0 [pid 5820] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./116/binderfs") = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] close(3) = 0 [pid 5820] rmdir("./116") = 0 [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] mkdir("./117", 0777 [pid 7124] setpgid(0, 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7124] <... setpgid resumed>) = 0 [pid 7124] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7124] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7124] write(3, "1000", 4 [pid 5822] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... openat resumed>) = 3 [pid 7124] <... write resumed>) = 4 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5822] <... openat resumed>) = 3 [pid 5820] <... ioctl resumed>) = 0 [pid 7124] close(3 [pid 5822] newfstatat(3, "", [pid 7124] <... close resumed>) = 0 [pid 5820] close(3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7124] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] getdents64(3, [pid 5820] <... close resumed>) = 0 [ 148.169925][ T7121] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.207972][ T7122] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7124] write(1, "executing program\n", 18 [pid 7121] <... mount resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLDexecuting program ./strace-static-x86_64: Process 7126 attached [pid 7124] <... write resumed>) = 18 [pid 7122] <... mount resumed>) = 0 [pid 7121] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] set_robust_list(0x55555eedf6a0, 24 [pid 7124] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7122] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7121] <... openat resumed>) = 3 [pid 5822] <... umount2 resumed>) = 0 [pid 7126] <... set_robust_list resumed>) = 0 [pid 7124] <... futex resumed>) = 0 [pid 7122] <... openat resumed>) = 3 [pid 7121] chdir("./file2" [pid 5822] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7126 [pid 7126] chdir("./117" [pid 7124] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7122] chdir("./file2" [pid 7121] <... chdir resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7126] <... chdir resumed>) = 0 [pid 7124] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7122] <... chdir resumed>) = 0 [pid 7121] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] newfstatat(AT_FDCWD, "./119/file2", [pid 7126] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7124] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7122] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7121] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7126] <... prctl resumed>) = 0 [pid 7124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] setpgid(0, 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7126] <... setpgid resumed>) = 0 [pid 7124] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7124] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5822] <... openat resumed>) = 4 [pid 7126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7124] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5822] newfstatat(4, "", [pid 7122] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7122] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7122] <... futex resumed>) = 1 [pid 7118] <... futex resumed>) = 0 [pid 5822] getdents64(4, [pid 7118] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7122] mkdir("./file3", 0777 [pid 7126] <... openat resumed>) = 3 [pid 5822] getdents64(4, [pid 7118] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 7124] <... mprotect resumed>) = 0 executing program [pid 7126] write(3, "1000", 4 [pid 5822] rmdir("./119/file2" [pid 7126] <... write resumed>) = 4 [pid 5822] <... rmdir resumed>) = 0 [pid 7126] close(3 [pid 5822] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] <... close resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7126] symlink("/dev/binderfs", "./binderfs" [pid 5822] newfstatat(AT_FDCWD, "./119/binderfs", [pid 7126] <... symlink resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7124] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7121] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] write(1, "executing program\n", 18 [pid 5822] unlink("./119/binderfs" [pid 7126] <... write resumed>) = 18 [pid 7124] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7121] <... futex resumed>) = 1 [pid 7120] <... futex resumed>) = 0 [pid 5822] <... unlink resumed>) = 0 [pid 7124] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7120] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] getdents64(3, ./strace-static-x86_64: Process 7127 attached [pid 7121] mkdir("./file3", 0777 [pid 7120] <... futex resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [ 148.224741][ T7122] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.263017][ T7122] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7126] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] <... clone3 resumed> => {parent_tid=[7127]}, 88) = 7127 [pid 7120] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] close(3 [pid 7126] <... futex resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 7126] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5822] rmdir("./119" [pid 7126] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 7126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] mkdir("./120", 0777 [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5822] <... mkdir resumed>) = 0 [pid 7126] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7126] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7124] rt_sigprocmask(SIG_SETMASK, [], [pid 7126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5822] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7128 attached [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 7124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] close(3 [pid 7126] <... clone3 resumed> => {parent_tid=[7128]}, 88) = 7128 [pid 7124] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... close resumed>) = 0 [pid 7128] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], [pid 7124] <... futex resumed>) = 0 [pid 7128] <... rseq resumed>) = 0 [pid 7127] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7124] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7128] set_robust_list(0x7fbb68bde9a0, 24 [pid 7126] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7128] <... set_robust_list resumed>) = 0 [pid 7126] <... futex resumed>) = 0 [pid 7128] rt_sigprocmask(SIG_SETMASK, [], [pid 7127] <... rseq resumed>) = 0 [pid 7126] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7127] set_robust_list(0x7fbb68bde9a0, 24 [pid 7128] memfd_create("syzkaller", 0) = 3 [pid 7128] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7127] <... set_robust_list resumed>) = 0 [pid 7127] rt_sigprocmask(SIG_SETMASK, [], [pid 7128] <... mmap resumed>) = 0x7fbb60600000 [pid 7128] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7118] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7118] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7118] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7118] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7127] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7122] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7121] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7118] <... mprotect resumed>) = 0 ./strace-static-x86_64: Process 7129 attached [pid 7128] <... write resumed>) = 131072 [pid 7127] memfd_create("syzkaller", 0 [pid 7122] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7121] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7118] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7129 [pid 7127] <... memfd_create resumed>) = 3 [pid 7129] set_robust_list(0x55555eedf6a0, 24 [pid 7127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7120] <... futex resumed>) = ? [pid 7118] <... rt_sigprocmask resumed> ) = ? [pid 7122] +++ killed by SIGSEGV +++ [pid 7129] <... set_robust_list resumed>) = 0 [pid 7128] munmap(0x7fbb60600000, 138412032 [pid 7127] <... mmap resumed>) = 0x7fbb60600000 [pid 7121] +++ killed by SIGSEGV +++ [pid 7120] +++ killed by SIGSEGV +++ [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7120, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7127] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 [pid 7118] +++ killed by SIGSEGV +++ [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7118, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7129] chdir("./120") = 0 [pid 7128] <... munmap resumed>) = 0 [pid 7127] munmap(0x7fbb60600000, 138412032 [pid 5821] <... restart_syscall resumed>) = 0 [pid 7129] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5818] <... restart_syscall resumed>) = 0 [pid 7129] <... prctl resumed>) = 0 [pid 7127] <... munmap resumed>) = 0 [pid 7129] setpgid(0, 0 [pid 7128] <... openat resumed>) = 4 [pid 7127] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] <... setpgid resumed>) = 0 [pid 7128] ioctl(4, LOOP_SET_FD, 3 [pid 7127] <... openat resumed>) = 4 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 148.275686][ T7121] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.298256][ T7122] exFAT-fs (loop0): Filesystem has been set read-only [ 148.312686][ T7121] exFAT-fs (loop3): Filesystem has been set read-only [pid 5818] umount2("./115", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(3, "", [pid 5818] openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5821] getdents64(3, [pid 5818] newfstatat(3, "", [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] getdents64(3, [pid 7127] ioctl(4, LOOP_SET_FD, 3 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 7129] <... openat resumed>) = 3 [pid 5818] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./115/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] umount2("./115/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./115/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5818] newfstatat(4, "", [pid 7129] write(3, "1000", 4) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7129] close(3 [pid 7127] <... ioctl resumed>) = 0 [pid 7129] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 7129] symlink("/dev/binderfs", "./binderfs" [pid 7128] <... ioctl resumed>) = 0 [pid 7127] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] close(4executing program ) = 0 [pid 7129] <... symlink resumed>) = 0 [pid 7127] <... close resumed>) = 0 [pid 7129] write(1, "executing program\n", 18 [pid 7128] close(3 [pid 7129] <... write resumed>) = 18 [pid 7127] close(4 [pid 7128] <... close resumed>) = 0 [pid 7129] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] <... close resumed>) = 0 [pid 7128] close(4 [pid 7129] <... futex resumed>) = 0 [pid 7127] mkdir("./file2", 0777 [pid 7129] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7128] <... close resumed>) = 0 [pid 7129] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] rmdir("./115/file2" [pid 7129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7127] <... mkdir resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7128] mkdir("./file2", 0777 [pid 7127] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] umount2("./115/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7128] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7129] <... mmap resumed>) = 0x7fbb68bbe000 [ 148.344165][ T7128] loop2: detected capacity change from 0 to 256 [ 148.354156][ T7127] loop1: detected capacity change from 0 to 256 [pid 7128] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... umount2 resumed>) = 0 [pid 7129] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] newfstatat(AT_FDCWD, "./115/binderfs", [pid 7129] <... mprotect resumed>) = 0 [pid 5821] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7129] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] newfstatat(AT_FDCWD, "./120/file2", [pid 5818] unlink("./115/binderfs" [pid 7129] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... unlink resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] getdents64(3, [pid 5821] openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5818] close(3 [pid 5821] newfstatat(4, "", [pid 5818] <... close resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] rmdir("./115" [pid 5821] getdents64(4, [pid 5818] <... rmdir resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] getdents64(4, [pid 5818] mkdir("./116", 0777 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 5821] close(4) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] rmdir("./120/file2" [pid 5818] <... openat resumed>) = 3 [pid 5821] <... rmdir resumed>) = 0 [pid 5821] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... ioctl resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./120/binderfs", [pid 5818] close(3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... close resumed>) = 0 [pid 7129] <... clone3 resumed> => {parent_tid=[7130]}, 88) = 7130 ./strace-static-x86_64: Process 7130 attached [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] unlink("./120/binderfs" [pid 7130] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5821] getdents64(3, [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./120") = 0 ./strace-static-x86_64: Process 7131 attached [pid 5821] mkdir("./121", 0777) = 0 [pid 7130] <... rseq resumed>) = 0 [pid 7129] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] set_robust_list(0x55555eedf6a0, 24 [pid 7129] <... futex resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7130] set_robust_list(0x7fbb68bde9a0, 24 [pid 7129] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7130] <... set_robust_list resumed>) = 0 [pid 7131] <... set_robust_list resumed>) = 0 [pid 7130] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... openat resumed>) = 3 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7131 [pid 7131] chdir("./116" [pid 7130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7131] <... chdir resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 7131] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5821] close(3 [pid 7131] <... prctl resumed>) = 0 [pid 7131] setpgid(0, 0) = 0 [pid 5821] <... close resumed>) = 0 [pid 7131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7130] memfd_create("syzkaller", 0 [ 148.401965][ T7127] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 148.432809][ T7127] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7131] write(3, "1000", 4) = 4 [pid 7130] <... memfd_create resumed>) = 3 [pid 7131] close(3) = 0 [pid 7130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7131] symlink("/dev/binderfs", "./binderfs" [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7131] <... symlink resumed>) = 0 [pid 7130] <... mmap resumed>) = 0x7fbb60600000 [pid 7131] write(1, "executing program\n", 18 [pid 7130] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072executing program [pid 7131] <... write resumed>) = 18 [pid 7131] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7131] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7131] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7130] <... write resumed>) = 131072 ./strace-static-x86_64: Process 7133 attached [pid 7130] munmap(0x7fbb60600000, 138412032 [pid 7131] <... clone3 resumed> => {parent_tid=[7133]}, 88) = 7133 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7132 [pid 7131] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 7132 attached NULL, 8) = 0 [pid 7132] set_robust_list(0x55555eedf6a0, 24 [pid 7131] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7132] <... set_robust_list resumed>) = 0 [pid 7131] <... futex resumed>) = 0 [pid 7132] chdir("./121" [pid 7131] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7133] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7132] <... chdir resumed>) = 0 [pid 7130] <... munmap resumed>) = 0 [pid 7133] <... rseq resumed>) = 0 [pid 7132] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7130] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7133] set_robust_list(0x7fbb68bde9a0, 24 [pid 7132] <... prctl resumed>) = 0 [ 148.444337][ T7128] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7130] <... openat resumed>) = 4 [pid 7133] <... set_robust_list resumed>) = 0 [pid 7132] setpgid(0, 0) = 0 [pid 7132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7132] write(3, "1000", 4) = 4 [pid 7132] close(3) = 0 [pid 7132] symlink("/dev/binderfs", "./binderfs") = 0 executing program [pid 7132] write(1, "executing program\n", 18) = 18 [pid 7132] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7130] ioctl(4, LOOP_SET_FD, 3 [pid 7133] rt_sigprocmask(SIG_SETMASK, [], [pid 7132] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7132] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7134 attached [pid 7134] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7132] <... clone3 resumed> => {parent_tid=[7134]}, 88) = 7134 [pid 7133] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7130] <... ioctl resumed>) = 0 [pid 7133] memfd_create("syzkaller", 0 [pid 7130] close(3 [pid 7134] <... rseq resumed>) = 0 [pid 7132] rt_sigprocmask(SIG_SETMASK, [], [pid 7134] set_robust_list(0x7fbb68bde9a0, 24 [pid 7132] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7134] <... set_robust_list resumed>) = 0 [pid 7132] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7134] rt_sigprocmask(SIG_SETMASK, [], [pid 7132] <... futex resumed>) = 0 [pid 7134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7132] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7134] memfd_create("syzkaller", 0) = 3 [pid 7134] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7134] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7133] <... memfd_create resumed>) = 3 [pid 7130] <... close resumed>) = 0 [pid 7127] <... mount resumed>) = 0 [pid 7133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7130] close(4 [pid 7127] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7134] <... write resumed>) = 131072 [pid 7133] <... mmap resumed>) = 0x7fbb60600000 [pid 7130] <... close resumed>) = 0 [pid 7130] mkdir("./file2", 0777 [pid 7127] <... openat resumed>) = 3 [pid 7133] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7130] <... mkdir resumed>) = 0 [pid 7130] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7127] chdir("./file2" [pid 7134] munmap(0x7fbb60600000, 138412032) = 0 [pid 7133] <... write resumed>) = 131072 [ 148.482351][ T7128] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.492297][ T7130] loop4: detected capacity change from 0 to 256 [pid 7134] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7133] munmap(0x7fbb60600000, 138412032 [pid 7127] <... chdir resumed>) = 0 [pid 7134] ioctl(4, LOOP_SET_FD, 3 [pid 7133] <... munmap resumed>) = 0 [pid 7127] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7133] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7127] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7127] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7133] <... openat resumed>) = 4 [pid 7133] ioctl(4, LOOP_SET_FD, 3 [pid 7127] <... futex resumed>) = 1 [pid 7124] <... futex resumed>) = 0 [pid 7124] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7127] mkdir("./file3", 0777 [pid 7124] <... futex resumed>) = 0 [pid 7134] <... ioctl resumed>) = 0 [pid 7124] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7134] close(3 [pid 7133] <... ioctl resumed>) = 0 [pid 7134] <... close resumed>) = 0 [pid 7134] close(4 [pid 7133] close(3 [pid 7128] <... mount resumed>) = 0 [pid 7134] <... close resumed>) = 0 [pid 7133] <... close resumed>) = 0 [pid 7128] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7134] mkdir("./file2", 0777 [pid 7133] close(4 [pid 7128] <... openat resumed>) = 3 [pid 7134] <... mkdir resumed>) = 0 [pid 7133] <... close resumed>) = 0 [pid 7128] chdir("./file2" [pid 7133] mkdir("./file2", 0777) = 0 [pid 7128] <... chdir resumed>) = 0 [ 148.523248][ T7134] loop3: detected capacity change from 0 to 256 [ 148.531954][ T7133] loop0: detected capacity change from 0 to 256 [ 148.541968][ T7127] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.546906][ T7130] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7133] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7128] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7134] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7128] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7127] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7124] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7127] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7128] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7124] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7128] <... futex resumed>) = 1 [pid 7124] <... futex resumed>) = ? [pid 7126] <... futex resumed>) = 0 [pid 7126] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7126] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7127] +++ killed by SIGSEGV +++ [pid 7124] +++ killed by SIGSEGV +++ [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7124, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7128] mkdir("./file3", 0777 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5819] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [ 148.580300][ T7127] exFAT-fs (loop1): Filesystem has been set read-only [ 148.581608][ T7130] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.618490][ T7133] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5819] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7130] <... mount resumed>) = 0 [pid 7130] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7130] chdir("./file2") = 0 [pid 7130] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7130] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7129] <... futex resumed>) = 0 [pid 7130] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] <... futex resumed>) = 0 [pid 7129] <... futex resumed>) = 1 [pid 7130] mkdir("./file3", 0777 [pid 7129] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7126] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] <... umount2 resumed>) = 0 [pid 7126] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7126] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] newfstatat(AT_FDCWD, "./120/file2", [pid 7126] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7126] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5819] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7126] <... clone3 resumed> => {parent_tid=[7135]}, 88) = 7135 [pid 7126] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 7135 attached [pid 7126] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [ 148.630792][ T7128] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.649446][ T7130] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.665201][ T7134] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5819] openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7126] <... futex resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 7126] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] newfstatat(4, "", [pid 7135] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7128] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7135] <... rseq resumed>) = 0 [pid 5819] getdents64(4, [pid 7135] set_robust_list(0x7fbb68bbd9a0, 24 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7135] <... set_robust_list resumed>) = 0 [pid 5819] getdents64(4, [pid 7135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7135] openat(AT_FDCWD, ".", O_RDONLY [pid 5819] close(4 [pid 7135] <... openat resumed>) = 4 [pid 5819] <... close resumed>) = 0 [pid 7135] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] rmdir("./120/file2" [pid 7135] <... futex resumed>) = 1 [pid 7126] <... futex resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 7135] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7126] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7135] <... ioctl resumed>) = 0 [pid 7126] <... futex resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7135] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7126] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] newfstatat(AT_FDCWD, "./120/binderfs", [pid 7135] <... futex resumed>) = 0 [pid 7129] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7135] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7129] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] unlink("./120/binderfs") = 0 [pid 5819] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] close(3) = 0 [pid 5819] rmdir("./120" [pid 7129] <... futex resumed>) = 0 [pid 7129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 5819] <... rmdir resumed>) = 0 [pid 7133] <... mount resumed>) = 0 [pid 7129] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7128] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] mkdir("./121", 0777 [pid 7133] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7129] <... mprotect resumed>) = 0 [pid 7133] <... openat resumed>) = 3 [pid 7133] chdir("./file2" [pid 7129] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7133] <... chdir resumed>) = 0 [pid 7129] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7135] <... futex resumed>) = ? [pid 7129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5819] <... mkdir resumed>) = 0 ./strace-static-x86_64: Process 7136 attached [pid 7135] +++ killed by SIGSEGV +++ [pid 7133] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7128] +++ killed by SIGSEGV +++ [pid 7126] +++ killed by SIGSEGV +++ [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7136] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7133] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7129] <... clone3 resumed> => {parent_tid=[7136]}, 88) = 7136 [pid 5819] <... openat resumed>) = 3 [pid 7136] <... rseq resumed>) = 0 [pid 7133] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7129] rt_sigprocmask(SIG_SETMASK, [], [pid 7136] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7133] <... futex resumed>) = 1 [pid 7129] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7136] <... set_robust_list resumed>) = 0 [pid 7133] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7136] rt_sigprocmask(SIG_SETMASK, [], [pid 7129] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7129] <... futex resumed>) = 0 [pid 7136] openat(AT_FDCWD, ".", O_RDONLY [pid 7129] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7136] <... openat resumed>) = 4 [pid 7131] <... futex resumed>) = 0 [pid 7130] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7126, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7136] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7130] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... ioctl resumed>) = 0 [pid 7136] <... futex resumed>) = ? [pid 7131] <... futex resumed>) = 1 [pid 7129] <... futex resumed>) = ? [pid 5819] close(3 [pid 7136] +++ killed by SIGSEGV +++ [pid 7134] <... mount resumed>) = 0 [pid 7133] <... futex resumed>) = 0 [pid 7131] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7130] +++ killed by SIGSEGV +++ [pid 7134] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7129] +++ killed by SIGSEGV +++ [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7134] <... openat resumed>) = 3 [pid 7133] mkdir("./file3", 0777 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7129, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7137 [pid 7134] chdir("./file2" [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 7137 attached [pid 7134] <... chdir resumed>) = 0 [pid 5822] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW [ 148.679490][ T7128] exFAT-fs (loop2): Filesystem has been set read-only [ 148.682844][ T7130] exFAT-fs (loop4): Filesystem has been set read-only [ 148.693456][ T7133] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 148.720294][ T7134] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 5820] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7137] set_robust_list(0x55555eedf6a0, 24 [pid 7134] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 3 [pid 7134] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] newfstatat(3, "", [pid 5822] <... openat resumed>) = 3 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7137] <... set_robust_list resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 5820] getdents64(3, [pid 7137] chdir("./121" [pid 7134] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7137] <... chdir resumed>) = 0 [pid 7134] <... futex resumed>) = 1 [pid 5822] getdents64(3, [pid 5820] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7134] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = 0 [pid 5820] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7132] <... futex resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7132] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] newfstatat(AT_FDCWD, "./117/file2", [pid 7132] <... futex resumed>) = 1 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7132] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7137] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7134] <... futex resumed>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7134] mkdir("./file3", 0777 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... openat resumed>) = 4 [pid 5822] newfstatat(AT_FDCWD, "./120/file2", [pid 5820] newfstatat(4, "", [pid 7137] <... prctl resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] getdents64(4, [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 5820] getdents64(4, [pid 7137] setpgid(0, 0 [pid 5822] newfstatat(4, "", [pid 7137] <... setpgid resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(4, [pid 5820] close(4 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] getdents64(4, [pid 5820] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4 [pid 5820] rmdir("./117/file2" [pid 5822] <... close resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5822] rmdir("./120/file2" [pid 5820] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./117/binderfs", [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] newfstatat(AT_FDCWD, "./120/binderfs", [pid 5820] unlink("./117/binderfs" [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 7137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] unlink("./120/binderfs" [pid 5820] getdents64(3, [pid 7137] <... openat resumed>) = 3 [pid 5822] <... unlink resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(3, [pid 7137] write(3, "1000", 4 [pid 5820] close(3 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5820] <... close resumed>) = 0 [pid 5822] close(3 [ 148.754798][ T7133] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 148.779004][ T7134] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5820] rmdir("./117" [pid 7137] <... write resumed>) = 4 [pid 7131] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... close resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5820] mkdir("./118", 0777) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 7131] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] rmdir("./120" [pid 5820] close(3 [pid 7137] close(3 [pid 7131] <... futex resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7137] <... close resumed>) = 0 executing program [pid 7131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7137] symlink("/dev/binderfs", "./binderfs" [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7138 [pid 7131] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] mkdir("./121", 0777 [pid 7137] <... symlink resumed>) = 0 [pid 7137] write(1, "executing program\n", 18./strace-static-x86_64: Process 7138 attached ) = 18 [pid 7131] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5822] <... mkdir resumed>) = 0 [pid 7137] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7132] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7131] <... mprotect resumed>) = 0 [pid 7137] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7132] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7131] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7138] set_robust_list(0x55555eedf6a0, 24 [pid 7137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7132] <... futex resumed>) = 0 [pid 7131] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5822] <... openat resumed>) = 3 [pid 7137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7138] <... set_robust_list resumed>) = 0 [pid 7137] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5822] ioctl(3, LOOP_CLR_FD./strace-static-x86_64: Process 7139 attached [pid 7138] chdir("./118" [pid 7137] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7132] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5822] <... ioctl resumed>) = 0 [pid 7138] <... chdir resumed>) = 0 [pid 7137] <... mprotect resumed>) = 0 [pid 7132] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7131] <... clone3 resumed> => {parent_tid=[7139]}, 88) = 7139 [pid 5822] close(3 [pid 7137] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7134] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7132] <... mprotect resumed>) = 0 [pid 7131] rt_sigprocmask(SIG_SETMASK, [], [pid 7137] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7132] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] <... close resumed>) = 0 [pid 7139] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7138] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7132] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7131] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7140 attached [pid 7139] <... rseq resumed>) = 0 [pid 7138] <... prctl resumed>) = 0 [pid 7134] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7131] <... futex resumed>) = 0 [pid 7140] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7139] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7138] setpgid(0, 0 [pid 7137] <... clone3 resumed> => {parent_tid=[7140]}, 88) = 7140 [pid 7133] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7132] <... clone3 resumed> ) = ? [pid 7131] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] <... rseq resumed>) = 0 [pid 7139] <... set_robust_list resumed>) = 0 [pid 7138] <... setpgid resumed>) = 0 [pid 7137] rt_sigprocmask(SIG_SETMASK, [], [pid 7134] +++ killed by SIGSEGV +++ [pid 7133] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7132] +++ killed by SIGSEGV +++ [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7140] set_robust_list(0x7fbb68bde9a0, 24 [pid 7139] rt_sigprocmask(SIG_SETMASK, [], [pid 7138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7140] <... set_robust_list resumed>) = 0 [pid 7138] <... openat resumed>) = 3 [pid 7137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7132, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7140] rt_sigprocmask(SIG_SETMASK, [], [pid 7139] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7138] write(3, "1000", 4 [pid 7137] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7141 attached [pid 7140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7138] <... write resumed>) = 4 [pid 7137] <... futex resumed>) = 0 [pid 7131] <... futex resumed>) = ? [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7140] memfd_create("syzkaller", 0 [pid 7139] +++ killed by SIGSEGV +++ [pid 7138] close(3 [pid 7137] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7133] +++ killed by SIGSEGV +++ [pid 7131] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7141] set_robust_list(0x55555eedf6a0, 24 [pid 7140] <... memfd_create resumed>) = 3 [pid 7138] <... close resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7131, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=3 /* 0.03 s */} --- [pid 7141] <... set_robust_list resumed>) = 0 [pid 7140] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7138] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7141 [pid 5821] newfstatat(3, "", [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7141] chdir("./121" [pid 7140] <... mmap resumed>) = 0x7fbb60600000 [pid 7138] <... symlink resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 148.798575][ T7133] exFAT-fs (loop0): Filesystem has been set read-only [ 148.805672][ T7134] exFAT-fs (loop3): Filesystem has been set read-only executing program executing program [pid 5818] <... restart_syscall resumed>) = 0 [pid 7141] <... chdir resumed>) = 0 [pid 7140] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7138] write(1, "executing program\n", 18 [pid 5821] getdents64(3, [pid 5818] umount2("./116", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7140] <... write resumed>) = 131072 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7141] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7138] <... write resumed>) = 18 [pid 5821] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... openat resumed>) = 3 [pid 7138] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7141] <... prctl resumed>) = 0 [pid 5818] getdents64(3, [pid 7141] setpgid(0, 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7141] <... setpgid resumed>) = 0 [pid 5818] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7141] write(3, "1000", 4) = 4 [pid 7138] <... futex resumed>) = 0 [pid 7141] close(3 [pid 7138] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7141] <... close resumed>) = 0 [pid 7138] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7141] symlink("/dev/binderfs", "./binderfs" [pid 7138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7141] <... symlink resumed>) = 0 [pid 7138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7141] write(1, "executing program\n", 18 [pid 7138] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7138] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7141] <... write resumed>) = 18 [pid 7138] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7141] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7138] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} => {parent_tid=[7142]}, 88) = 7142 [pid 7141] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7138] rt_sigprocmask(SIG_SETMASK, [], [pid 7141] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7138] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7138] <... futex resumed>) = 0 [pid 7141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7138] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7141] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7141] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE./strace-static-x86_64: Process 7142 attached ) = 0 [pid 7140] munmap(0x7fbb60600000, 138412032 [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 7141] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5818] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7142] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7140] <... munmap resumed>) = 0 [pid 7141] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7142] <... rseq resumed>) = 0 [pid 7141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7140] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./116/file2", ./strace-static-x86_64: Process 7143 attached [pid 7142] set_robust_list(0x7fbb68bde9a0, 24 [pid 7140] <... openat resumed>) = 4 [pid 5821] newfstatat(AT_FDCWD, "./121/file2", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7142] <... set_robust_list resumed>) = 0 [pid 7142] rt_sigprocmask(SIG_SETMASK, [], [pid 7140] ioctl(4, LOOP_SET_FD, 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./116/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7141] <... clone3 resumed> => {parent_tid=[7143]}, 88) = 7143 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7143] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7141] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./116/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7143] <... rseq resumed>) = 0 [pid 7141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... openat resumed>) = 4 [pid 5818] <... openat resumed>) = 4 [pid 7143] set_robust_list(0x7fbb68bde9a0, 24 [pid 7141] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7141] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7143] <... set_robust_list resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 7143] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] newfstatat(4, "", [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(4, [pid 5818] getdents64(4, [pid 7142] memfd_create("syzkaller", 0) = 3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7143] memfd_create("syzkaller", 0 [pid 7142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] getdents64(4, [pid 7143] <... memfd_create resumed>) = 3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5821] getdents64(4, [pid 5818] close(4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... close resumed>) = 0 [pid 7143] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] close(4 [pid 7143] <... mmap resumed>) = 0x7fbb60600000 [pid 5821] <... close resumed>) = 0 [pid 5818] rmdir("./116/file2" [pid 7143] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7142] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5821] rmdir("./121/file2" [pid 5818] <... rmdir resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] umount2("./116/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./116/binderfs", [pid 7142] <... write resumed>) = 131072 [pid 5821] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7142] munmap(0x7fbb60600000, 138412032 [pid 5818] unlink("./116/binderfs" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./121/binderfs", [pid 5818] <... unlink resumed>) = 0 [pid 7143] <... write resumed>) = 131072 [pid 7142] <... munmap resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7142] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] unlink("./121/binderfs" [pid 5818] getdents64(3, [pid 5821] <... unlink resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7140] <... ioctl resumed>) = 0 [pid 7143] munmap(0x7fbb60600000, 138412032 [pid 7142] <... openat resumed>) = 4 [pid 5821] getdents64(3, [pid 5818] close(3 [pid 7143] <... munmap resumed>) = 0 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... close resumed>) = 0 [pid 7143] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] close(3 [pid 5818] rmdir("./116" [pid 7143] <... openat resumed>) = 4 [pid 5821] <... close resumed>) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7143] ioctl(4, LOOP_SET_FD, 3 [pid 7142] ioctl(4, LOOP_SET_FD, 3 [pid 5821] rmdir("./121" [pid 5818] mkdir("./117", 0777 [pid 7140] close(3) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] <... mkdir resumed>) = 0 [pid 7140] close(4) = 0 [pid 7140] mkdir("./file2", 0777 [pid 7142] <... ioctl resumed>) = 0 [pid 7140] <... mkdir resumed>) = 0 [pid 7142] close(3) = 0 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7142] close(4 [pid 7140] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] <... openat resumed>) = 3 [pid 7142] <... close resumed>) = 0 [pid 7142] mkdir("./file2", 0777 [pid 5821] mkdir("./122", 0777 [pid 5818] ioctl(3, LOOP_CLR_FD) = 0 [pid 7142] <... mkdir resumed>) = 0 [pid 7142] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5818] close(3) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7144 attached [pid 7143] <... ioctl resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7144 [pid 5821] <... openat resumed>) = 3 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [ 148.884060][ T7140] loop1: detected capacity change from 0 to 256 [ 148.914120][ T7142] loop2: detected capacity change from 0 to 256 [ 148.915430][ T7143] loop4: detected capacity change from 0 to 256 [pid 5821] close(3 [pid 7144] set_robust_list(0x55555eedf6a0, 24 [pid 5821] <... close resumed>) = 0 [pid 7143] close(3) = 0 [pid 7143] close(4) = 0 [pid 7143] mkdir("./file2", 0777) = 0 [pid 7143] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7144] <... set_robust_list resumed>) = 0 [pid 7144] chdir("./117") = 0 [pid 7144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7144] setpgid(0, 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 7145 attached [pid 7144] <... setpgid resumed>) = 0 [pid 7145] set_robust_list(0x55555eedf6a0, 24 [pid 7144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7145] <... set_robust_list resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7145 [pid 7144] <... openat resumed>) = 3 [pid 7145] chdir("./122" [pid 7144] write(3, "1000", 4 [pid 7145] <... chdir resumed>) = 0 [pid 7145] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7144] <... write resumed>) = 4 [pid 7145] <... prctl resumed>) = 0 [pid 7144] close(3) = 0 [pid 7145] setpgid(0, 0) = 0 executing program [pid 7144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 7144] write(1, "executing program\n", 18 [pid 7145] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7144] <... write resumed>) = 18 [pid 7145] <... openat resumed>) = 3 [ 148.970809][ T7143] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.000169][ T7142] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7144] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] write(3, "1000", 4 [pid 7144] <... futex resumed>) = 0 [pid 7145] <... write resumed>) = 4 [pid 7144] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7145] close(3) = 0 [pid 7144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7145] symlink("/dev/binderfs", "./binderfs" [pid 7144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7145] <... symlink resumed>) = 0 [pid 7144] <... mmap resumed>) = 0x7fbb68bbe000 executing program [pid 7145] write(1, "executing program\n", 18 [pid 7144] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7145] <... write resumed>) = 18 [pid 7143] <... mount resumed>) = 0 [pid 7143] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7144] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7143] <... openat resumed>) = 3 [pid 7145] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7143] chdir("./file2") = 0 [pid 7143] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7143] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7141] <... futex resumed>) = 0 [pid 7143] mkdir("./file3", 0777 [pid 7141] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] <... futex resumed>) = 0 [pid 7144] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7141] <... futex resumed>) = 0 [pid 7144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [ 149.007217][ T7143] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 149.034043][ T7140] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.050029][ T7143] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.055990][ T7142] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7141] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7145] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7144] <... clone3 resumed> => {parent_tid=[7146]}, 88) = 7146 [pid 7145] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7144] rt_sigprocmask(SIG_SETMASK, [], [pid 7145] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7144] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7146 attached [pid 7145] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7144] <... futex resumed>) = 0 [pid 7146] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 7146] set_robust_list(0x7fbb68bde9a0, 24) = 0 [pid 7146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7146] memfd_create("syzkaller", 0) = 3 [pid 7145] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7144] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7146] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7145] <... mprotect resumed>) = 0 [pid 7146] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7146] <... write resumed>) = 131072 [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7146] munmap(0x7fbb60600000, 138412032 [pid 7145] <... clone3 resumed> => {parent_tid=[7147]}, 88) = 7147 [pid 7146] <... munmap resumed>) = 0 [pid 7145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7146] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7145] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] <... openat resumed>) = 4 [pid 7145] <... futex resumed>) = 0 [pid 7146] ioctl(4, LOOP_SET_FD, 3 [pid 7145] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 7147 attached [pid 7143] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7143] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7141] <... futex resumed>) = ? [pid 7142] <... mount resumed>) = 0 [pid 7147] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053) = 0 [pid 7142] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7142] chdir("./file2") = 0 [pid 7142] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7147] set_robust_list(0x7fbb68bde9a0, 24 [pid 7142] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7147] <... set_robust_list resumed>) = 0 [pid 7142] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7147] rt_sigprocmask(SIG_SETMASK, [], [pid 7140] <... mount resumed>) = 0 [pid 7142] <... futex resumed>) = 1 [pid 7140] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7142] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7138] <... futex resumed>) = 0 [pid 7142] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7140] <... openat resumed>) = 3 [pid 7138] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7142] mkdir("./file3", 0777 [pid 7140] chdir("./file2" [pid 7138] <... futex resumed>) = 0 [pid 7138] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7140] <... chdir resumed>) = 0 [ 149.068515][ T7143] exFAT-fs (loop4): Filesystem has been set read-only [ 149.077943][ T7140] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 149.109509][ T7146] loop0: detected capacity change from 0 to 256 [pid 7140] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7147] memfd_create("syzkaller", 0) = 3 [pid 7147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7147] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7140] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] <... ioctl resumed>) = 0 [pid 7146] close(3 [pid 7143] +++ killed by SIGSEGV +++ [pid 7141] +++ killed by SIGSEGV +++ [pid 7140] <... futex resumed>) = 1 [pid 7137] <... futex resumed>) = 0 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7141, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=4 /* 0.04 s */} --- [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 7147] <... write resumed>) = 131072 [pid 7146] <... close resumed>) = 0 [pid 7140] mkdir("./file3", 0777 [pid 7137] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7146] close(4 [pid 7137] <... futex resumed>) = 0 [pid 7146] <... close resumed>) = 0 [pid 7137] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7146] mkdir("./file2", 0777 [pid 7147] munmap(0x7fbb60600000, 138412032 [pid 7146] <... mkdir resumed>) = 0 [pid 7147] <... munmap resumed>) = 0 [pid 7146] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... restart_syscall resumed>) = 0 [pid 5822] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5822] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7147] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 7147] ioctl(4, LOOP_SET_FD, 3 [pid 5822] <... umount2 resumed>) = 0 [ 149.122029][ T7142] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.142559][ T7140] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.145457][ T7147] loop3: detected capacity change from 0 to 256 [ 149.162820][ T7142] exFAT-fs (loop2): Filesystem has been set read-only [pid 5822] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./121/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7147] <... ioctl resumed>) = 0 [pid 7142] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7140] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7137] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7147] close(3 [pid 7142] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7140] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7138] <... futex resumed>) = ? [pid 7137] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7147] <... close resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7147] close(4 [pid 7142] +++ killed by SIGSEGV +++ [pid 7137] <... futex resumed>) = ? [pid 7147] <... close resumed>) = 0 [pid 7140] +++ killed by SIGSEGV +++ [pid 7138] +++ killed by SIGSEGV +++ [pid 7137] +++ killed by SIGSEGV +++ [pid 5822] <... openat resumed>) = 4 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7138, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7147] mkdir("./file2", 0777 [pid 5822] newfstatat(4, "", [pid 7147] <... mkdir resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7137, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 5822] getdents64(4, [pid 7147] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] close(4) = 0 [pid 5822] rmdir("./121/file2") = 0 [pid 5822] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./121/binderfs") = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./121" [pid 5819] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... rmdir resumed>) = 0 [ 149.175746][ T7140] exFAT-fs (loop1): Filesystem has been set read-only [ 149.177761][ T7146] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 5822] mkdir("./122", 0777 [pid 5820] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... mkdir resumed>) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 7146] <... mount resumed>) = 0 [pid 5822] <... ioctl resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7146] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7146] <... openat resumed>) = 3 [pid 5822] close(3 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7146] chdir("./file2" [pid 5822] <... close resumed>) = 0 [pid 5820] newfstatat(AT_FDCWD, "./118/file2", [pid 5819] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7146] <... chdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5819] newfstatat(3, "", [pid 7146] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5820] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7146] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(3, [pid 7146] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5820] openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7146] <... futex resumed>) = 1 [pid 7144] <... futex resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5819] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7146] mkdir("./file3", 0777 [pid 7144] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 7148 attached ) = 0 [pid 5820] newfstatat(4, "", [pid 7144] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7148 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5820] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] close(4 [pid 5819] <... umount2 resumed>) = 0 [pid 7148] set_robust_list(0x55555eedf6a0, 24 [pid 5820] <... close resumed>) = 0 [pid 5819] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7148] <... set_robust_list resumed>) = 0 [pid 5820] rmdir("./118/file2" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7148] chdir("./122" [pid 5820] <... rmdir resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./121/file2", [pid 5820] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./118/binderfs", [pid 5819] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7148] <... chdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7147] <... mount resumed>) = 0 [pid 7148] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7147] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] unlink("./118/binderfs" [ 149.223534][ T7146] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 149.236950][ T7147] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.256112][ T7147] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 149.257241][ T7146] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5819] openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7148] <... prctl resumed>) = 0 [pid 7147] <... openat resumed>) = 3 [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... openat resumed>) = 4 [pid 7148] setpgid(0, 0 [pid 7147] chdir("./file2" [pid 5819] newfstatat(4, "", [pid 7148] <... setpgid resumed>) = 0 [pid 5820] getdents64(3, [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7148] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] getdents64(4, [pid 7147] <... chdir resumed>) = 0 [pid 7148] <... openat resumed>) = 3 [pid 7147] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] close(3 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7147] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5820] <... close resumed>) = 0 [pid 5819] getdents64(4, [pid 7148] write(3, "1000", 4 [pid 7147] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] rmdir("./118" [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7148] <... write resumed>) = 4 [pid 7147] <... futex resumed>) = 1 [pid 7145] <... futex resumed>) = 0 [pid 5819] close(4 [pid 7148] close(3 [pid 7147] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7145] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] <... close resumed>) = 0 [pid 7145] <... futex resumed>) = 0 [pid 5819] <... close resumed>) = 0 [pid 7148] symlink("/dev/binderfs", "./binderfs" [pid 7147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7145] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5819] rmdir("./121/file2"executing program [pid 7147] mkdir("./file3", 0777 [pid 7148] <... symlink resumed>) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5820] mkdir("./119", 0777 [pid 5819] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7148] write(1, "executing program\n", 18 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7148] <... write resumed>) = 18 [pid 5819] newfstatat(AT_FDCWD, "./121/binderfs", [pid 7148] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 5820] ioctl(3, LOOP_CLR_FD) = 0 [pid 5820] close(3 [pid 7148] <... futex resumed>) = 0 [pid 5820] <... close resumed>) = 0 [pid 5819] unlink("./121/binderfs" [pid 7148] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7144] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... unlink resumed>) = 0 [pid 7148] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 7144] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7144] <... futex resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7149 [pid 7148] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5819] getdents64(3, ./strace-static-x86_64: Process 7149 attached [pid 7148] <... mprotect resumed>) = 0 [pid 7144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7149] set_robust_list(0x55555eedf6a0, 24 [pid 7148] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7144] <... mmap resumed>) = 0x7fbb68b9d000 [pid 5819] close(3 [pid 7148] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7149] <... set_robust_list resumed>) = 0 [pid 7148] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7144] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 5819] <... close resumed>) = 0 ./strace-static-x86_64: Process 7150 attached [pid 7149] chdir("./119" [pid 7144] <... mprotect resumed>) = 0 [pid 5819] rmdir("./121" [pid 7149] <... chdir resumed>) = 0 [pid 7144] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7149] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7144] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7149] <... prctl resumed>) = 0 [pid 7144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0}./strace-static-x86_64: Process 7151 attached [pid 7149] setpgid(0, 0) = 0 [pid 7144] <... clone3 resumed> => {parent_tid=[7151]}, 88) = 7151 [pid 7149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7144] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7144] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7149] <... openat resumed>) = 3 [pid 7151] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7149] write(3, "1000", 4 [pid 7151] <... rseq resumed>) = 0 [pid 7149] <... write resumed>) = 4 [pid 7151] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7149] close(3 [pid 7148] <... clone3 resumed> => {parent_tid=[7150]}, 88) = 7150 [pid 7151] <... set_robust_list resumed>) = 0 [pid 7149] <... close resumed>) = 0 [pid 7151] rt_sigprocmask(SIG_SETMASK, [], [pid 7149] symlink("/dev/binderfs", "./binderfs" [pid 7151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7150] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7149] <... symlink resumed>) = 0 [pid 7148] rt_sigprocmask(SIG_SETMASK, [], [pid 7145] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5819] <... rmdir resumed>) = 0 [pid 7151] openat(AT_FDCWD, ".", O_RDONLYexecuting program [pid 7150] <... rseq resumed>) = 0 [pid 7148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7145] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] mkdir("./122", 0777 [pid 7151] <... openat resumed>) = 4 [pid 7150] set_robust_list(0x7fbb68bde9a0, 24 [pid 7149] write(1, "executing program\n", 18 [pid 7148] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7145] <... futex resumed>) = 0 [pid 7150] <... set_robust_list resumed>) = 0 [pid 7149] <... write resumed>) = 18 [pid 7148] <... futex resumed>) = 0 [pid 7145] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7150] rt_sigprocmask(SIG_SETMASK, [], [pid 7149] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7148] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7145] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7149] <... futex resumed>) = 0 [pid 7145] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7151] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] memfd_create("syzkaller", 0 [pid 7149] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7146] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7145] <... mprotect resumed>) = 0 [pid 7151] <... futex resumed>) = 1 [pid 7150] <... memfd_create resumed>) = 3 [pid 7149] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7144] <... futex resumed>) = 0 [pid 7151] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7146] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7145] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7144] ???( [pid 7150] <... mmap resumed>) = 0x7fbb60600000 [pid 7149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7145] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7149] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7151] <... futex resumed>) = ? [pid 7150] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7149] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7145] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7144] <... ??? resumed>) = ? ./strace-static-x86_64: Process 7152 attached [pid 7151] +++ killed by SIGSEGV +++ [pid 7150] <... write resumed>) = 131072 [pid 7149] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7147] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7146] +++ killed by SIGSEGV +++ [pid 7144] +++ killed by SIGSEGV +++ [pid 5819] <... mkdir resumed>) = 0 [pid 7150] munmap(0x7fbb60600000, 138412032 [pid 7149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7153 attached [pid 7152] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053 [pid 7145] <... clone3 resumed> => {parent_tid=[7152]}, 88) = 7152 [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7144, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7153] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7152] <... rseq resumed>) = 0 [pid 7150] <... munmap resumed>) = 0 [pid 7149] <... clone3 resumed> => {parent_tid=[7153]}, 88) = 7153 [pid 7147] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7145] rt_sigprocmask(SIG_SETMASK, [], [pid 7153] <... rseq resumed>) = 0 [pid 7150] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7153] set_robust_list(0x7fbb68bde9a0, 24 [pid 7152] set_robust_list(0x7fbb68bbd9a0, 24 [pid 7150] <... openat resumed>) = 4 [pid 7149] rt_sigprocmask(SIG_SETMASK, [], [pid 7145] <... rt_sigprocmask resumed>) = ? [ 149.295289][ T7146] exFAT-fs (loop0): Filesystem has been set read-only [ 149.304633][ T7147] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.333944][ T7147] exFAT-fs (loop3): Filesystem has been set read-only [pid 5819] <... openat resumed>) = 3 [pid 5818] <... restart_syscall resumed>) = 0 [pid 7153] <... set_robust_list resumed>) = 0 [pid 7152] <... set_robust_list resumed>) = ? [pid 7150] ioctl(4, LOOP_SET_FD, 3 [pid 7149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7153] rt_sigprocmask(SIG_SETMASK, [], [pid 7152] +++ killed by SIGSEGV +++ [pid 7149] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7149] <... futex resumed>) = 0 [pid 7153] memfd_create("syzkaller", 0 [pid 7149] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7153] <... memfd_create resumed>) = 3 [pid 7153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7153] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] umount2("./117", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5818] openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5819] <... ioctl resumed>) = 0 [pid 5818] newfstatat(3, "", [pid 7150] <... ioctl resumed>) = 0 [pid 7147] +++ killed by SIGSEGV +++ [pid 7145] +++ killed by SIGSEGV +++ [pid 7153] <... write resumed>) = 131072 [pid 5819] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7145, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7150] close(3 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5818] getdents64(3, [pid 7150] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7150] close(4 [pid 5818] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7150] <... close resumed>) = 0 [pid 7150] mkdir("./file2", 0777 [pid 5819] <... close resumed>) = 0 [pid 7150] <... mkdir resumed>) = 0 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 7153] munmap(0x7fbb60600000, 138412032 [pid 5821] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY./strace-static-x86_64: Process 7154 attached [pid 7153] <... munmap resumed>) = 0 [pid 5821] <... openat resumed>) = 3 [pid 7154] set_robust_list(0x55555eedf6a0, 24 [pid 5821] newfstatat(3, "", [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7154 [pid 7154] <... set_robust_list resumed>) = 0 [pid 7153] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] getdents64(3, [pid 7154] chdir("./122" [pid 7150] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] <... chdir resumed>) = 0 [pid 7153] <... openat resumed>) = 4 [pid 7153] ioctl(4, LOOP_SET_FD, 3 [pid 7154] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7154] setpgid(0, 0) = 0 [pid 7154] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] <... umount2 resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5818] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] newfstatat(AT_FDCWD, "./117/file2", [pid 7154] <... openat resumed>) = 3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7154] write(3, "1000", 4 [pid 5821] newfstatat(AT_FDCWD, "./122/file2", [pid 5818] umount2("./117/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7154] <... write resumed>) = 4 [pid 5818] openat(AT_FDCWD, "./117/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] close(3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... openat resumed>) = 4 [pid 5818] newfstatat(4, "", [pid 5821] openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7154] <... close resumed>) = 0 [pid 7154] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... openat resumed>) = 4 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] newfstatat(4, "", [pid 5818] getdents64(4, [pid 7154] <... symlink resumed>) = 0 executing program [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7154] write(1, "executing program\n", 18 [pid 5818] getdents64(4, [pid 7154] <... write resumed>) = 18 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7154] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] getdents64(4, [pid 5818] close(4 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... close resumed>) = 0 [pid 7154] <... futex resumed>) = 0 [pid 7154] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] getdents64(4, [pid 5818] rmdir("./117/file2" [pid 7154] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7154] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... rmdir resumed>) = 0 [pid 7154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] close(4 [pid 5818] umount2("./117/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7154] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5821] <... close resumed>) = 0 [pid 7154] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7153] <... ioctl resumed>) = 0 [pid 5821] rmdir("./122/file2" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7154] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7153] close(3 [pid 7154] <... mprotect resumed>) = 0 [pid 7153] <... close resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./117/binderfs", [pid 7153] close(4 [pid 7154] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7153] <... close resumed>) = 0 [ 149.374273][ T7150] loop4: detected capacity change from 0 to 256 [ 149.405352][ T7153] loop2: detected capacity change from 0 to 256 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7154] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7153] mkdir("./file2", 0777 [pid 7154] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7153] <... mkdir resumed>) = 0 [pid 5821] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] unlink("./117/binderfs" [pid 7153] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... unlink resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./122/binderfs", [pid 7154] <... clone3 resumed> => {parent_tid=[7155]}, 88) = 7155 [pid 5818] getdents64(3, [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] unlink("./122/binderfs") = 0 [pid 5821] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./122") = 0 [pid 5821] mkdir("./123", 0777) = 0 ./strace-static-x86_64: Process 7155 attached [pid 7154] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7155] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] close(3 [pid 7155] <... rseq resumed>) = 0 [pid 7154] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7155] set_robust_list(0x7fbb68bde9a0, 24 [pid 5818] <... close resumed>) = 0 [pid 7155] <... set_robust_list resumed>) = 0 [pid 7154] <... futex resumed>) = 0 [pid 5818] rmdir("./117" [pid 7155] rt_sigprocmask(SIG_SETMASK, [], [pid 7154] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... openat resumed>) = 3 [pid 5818] <... rmdir resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD) = 0 [pid 7155] memfd_create("syzkaller", 0 [pid 5821] close(3 [pid 5818] mkdir("./118", 0777 [pid 7155] <... memfd_create resumed>) = 3 [pid 5821] <... close resumed>) = 0 [pid 7155] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... mkdir resumed>) = 0 [pid 7155] <... mmap resumed>) = 0x7fbb60600000 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7156 [pid 5818] <... openat resumed>) = 3 [pid 7155] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7155] <... write resumed>) = 131072 [pid 5818] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7156 attached [pid 7155] munmap(0x7fbb60600000, 138412032 [pid 5818] close(3 [pid 7156] set_robust_list(0x55555eedf6a0, 24 [pid 5818] <... close resumed>) = 0 [pid 7156] <... set_robust_list resumed>) = 0 [pid 7156] chdir("./123" [pid 7155] <... munmap resumed>) = 0 [pid 7150] <... mount resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7156] <... chdir resumed>) = 0 [ 149.439498][ T7150] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.475179][ T7150] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7155] openat(AT_FDCWD, "/dev/loop1", O_RDWR./strace-static-x86_64: Process 7157 attached [pid 7156] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7150] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7156] <... prctl resumed>) = 0 [pid 7155] <... openat resumed>) = 4 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7157 [pid 7156] setpgid(0, 0) = 0 [pid 7155] ioctl(4, LOOP_SET_FD, 3 [pid 7156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7157] set_robust_list(0x55555eedf6a0, 24 [pid 7156] <... openat resumed>) = 3 [pid 7150] <... openat resumed>) = 3 [pid 7157] <... set_robust_list resumed>) = 0 [pid 7157] chdir("./118") = 0 [pid 7157] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 7157] setpgid(0, 0) = 0 [pid 7157] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 7157] write(3, "1000", 4) = 4 [pid 7157] close(3) = 0 [pid 7157] symlink("/dev/binderfs", "./binderfs"executing program ) = 0 [pid 7157] write(1, "executing program\n", 18) = 18 [pid 7157] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7157] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, NULL, 8) = 0 [pid 7157] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7156] write(3, "1000", 4 [pid 7150] chdir("./file2" [pid 7156] <... write resumed>) = 4 [pid 7156] close(3 [pid 7150] <... chdir resumed>) = 0 [pid 7156] <... close resumed>) = 0 [pid 7150] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7156] symlink("/dev/binderfs", "./binderfs" [pid 7150] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7157] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7157] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7156] <... symlink resumed>) = 0 [pid 7157] <... mprotect resumed>) = 0 [pid 7157] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7156] write(1, "executing program\n", 18executing program [pid 7157] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7156] <... write resumed>) = 18 [pid 7150] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7158 attached [pid 7156] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] <... futex resumed>) = 1 [pid 7148] <... futex resumed>) = 0 [pid 7158] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7156] <... futex resumed>) = 0 [pid 7155] <... ioctl resumed>) = 0 [pid 7150] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7148] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7156] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7155] close(3 [pid 7150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7148] <... futex resumed>) = 0 [pid 7156] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7155] <... close resumed>) = 0 [pid 7150] mkdir("./file3", 0777 [pid 7148] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7155] close(4 [pid 7157] <... clone3 resumed> => {parent_tid=[7158]}, 88) = 7158 [pid 7156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7155] <... close resumed>) = 0 [pid 7156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7158] <... rseq resumed>) = 0 [pid 7157] rt_sigprocmask(SIG_SETMASK, [], [pid 7156] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7158] set_robust_list(0x7fbb68bde9a0, 24 [pid 7157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7156] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7155] mkdir("./file2", 0777 [pid 7158] <... set_robust_list resumed>) = 0 [pid 7157] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7156] <... mprotect resumed>) = 0 [pid 7158] rt_sigprocmask(SIG_SETMASK, [], [pid 7157] <... futex resumed>) = 0 [pid 7158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7157] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7155] <... mkdir resumed>) = 0 [ 149.512440][ T7153] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.527556][ T7155] loop1: detected capacity change from 0 to 256 [ 149.542170][ T7153] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7156] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7158] memfd_create("syzkaller", 0) = 3 [pid 7158] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7158] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7156] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7155] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7153] <... mount resumed>) = 0 [pid 7158] <... write resumed>) = 131072 [pid 7156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7158] munmap(0x7fbb60600000, 138412032 [pid 7153] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 7159 attached [pid 7158] <... munmap resumed>) = 0 [pid 7153] <... openat resumed>) = 3 [pid 7158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7153] chdir("./file2" [pid 7159] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7158] <... openat resumed>) = 4 [pid 7156] <... clone3 resumed> => {parent_tid=[7159]}, 88) = 7159 [pid 7153] <... chdir resumed>) = 0 [pid 7159] <... rseq resumed>) = 0 [pid 7158] ioctl(4, LOOP_SET_FD, 3 [pid 7156] rt_sigprocmask(SIG_SETMASK, [], [pid 7153] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7159] set_robust_list(0x7fbb68bde9a0, 24 [pid 7156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7153] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7153] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7153] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7149] <... futex resumed>) = 0 [pid 7149] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7153] <... futex resumed>) = 0 [pid 7149] <... futex resumed>) = 1 [pid 7153] mkdir("./file3", 0777 [pid 7149] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7159] <... set_robust_list resumed>) = 0 [pid 7158] <... ioctl resumed>) = 0 [pid 7156] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7150] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7148] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7159] rt_sigprocmask(SIG_SETMASK, [], [pid 7158] close(3 [pid 7156] <... futex resumed>) = 0 [pid 7150] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7148] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7156] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7148] ???( [pid 7159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7148] <... ??? resumed>) = ? [pid 7159] memfd_create("syzkaller", 0 [pid 7158] <... close resumed>) = 0 [pid 7159] <... memfd_create resumed>) = 3 [pid 7158] close(4 [pid 7150] +++ killed by SIGSEGV +++ [pid 7148] +++ killed by SIGSEGV +++ [pid 7159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7158] <... close resumed>) = 0 [ 149.562888][ T7150] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.588450][ T7158] loop0: detected capacity change from 0 to 256 [ 149.596478][ T7150] exFAT-fs (loop4): Filesystem has been set read-only [ 149.604270][ T7153] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7159] <... mmap resumed>) = 0x7fbb60600000 [pid 7158] mkdir("./file2", 0777 [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7148, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7159] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7158] <... mkdir resumed>) = 0 [pid 5822] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 7158] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7153] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7159] <... write resumed>) = 131072 [pid 7155] <... mount resumed>) = 0 [pid 7149] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5822] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7155] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY) = 3 [pid 7155] chdir("./file2") = 0 [pid 7155] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7159] munmap(0x7fbb60600000, 138412032 [pid 7155] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7153] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7149] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7159] <... munmap resumed>) = 0 [pid 7155] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7149] <... futex resumed>) = ? [pid 5822] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7155] <... futex resumed>) = 1 [pid 7154] <... futex resumed>) = 0 [pid 7155] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7154] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7155] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7154] <... futex resumed>) = 0 [pid 7155] mkdir("./file3", 0777 [pid 7154] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... openat resumed>) = 3 [pid 7159] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7153] +++ killed by SIGSEGV +++ [pid 7149] +++ killed by SIGSEGV +++ [pid 5822] newfstatat(3, "", [pid 7159] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 149.627017][ T7155] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.636742][ T7153] exFAT-fs (loop2): Filesystem has been set read-only [ 149.644862][ T7155] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7159] ioctl(4, LOOP_SET_FD, 3 [pid 5822] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7149, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5822] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 7159] <... ioctl resumed>) = 0 [pid 5822] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7159] close(3 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7159] <... close resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./122/file2", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7159] close(4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7159] <... close resumed>) = 0 [pid 5822] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... openat resumed>) = 3 [pid 7159] mkdir("./file2", 0777 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(3, "", [pid 7155] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7159] <... mkdir resumed>) = 0 [pid 7158] <... mount resumed>) = 0 [pid 5822] openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7155] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] getdents64(3, [pid 7154] <... futex resumed>) = ? [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5822] <... openat resumed>) = 4 [pid 5820] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7158] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] newfstatat(4, "", [pid 7159] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7158] <... openat resumed>) = 3 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7155] +++ killed by SIGSEGV +++ [pid 7154] +++ killed by SIGSEGV +++ [pid 5822] getdents64(4, [pid 7158] chdir("./file2" [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7154, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7158] <... chdir resumed>) = 0 [pid 5822] close(4 [pid 7158] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5822] <... close resumed>) = 0 [pid 7158] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] rmdir("./122/file2") = 0 [pid 7158] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7157] <... futex resumed>) = 0 [pid 7157] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 149.672451][ T7158] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.678689][ T7159] loop3: detected capacity change from 0 to 256 [ 149.687391][ T7155] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.703432][ T7158] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 149.712981][ T7155] exFAT-fs (loop1): Filesystem has been set read-only [pid 7157] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7158] <... futex resumed>) = 1 [pid 7158] mkdir("./file3", 0777 [pid 5822] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... restart_syscall resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] unlink("./122/binderfs") = 0 [pid 5822] getdents64(3, 0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] close(3) = 0 [pid 5822] rmdir("./122") = 0 [pid 5822] mkdir("./123", 0777) = 0 [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 5822] ioctl(3, LOOP_CLR_FD) = 0 [pid 5822] close(3) = 0 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] umount2("./122", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] newfstatat(AT_FDCWD, "./119/file2", [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7159] <... mount resumed>) = 0 [pid 7157] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7157] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7157] <... futex resumed>) = 0 [pid 7157] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7157] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7157] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7158] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7157] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 5820] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 ./strace-static-x86_64: Process 7161 attached [pid 7158] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7159] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(3, "", [pid 7159] <... openat resumed>) = 3 [pid 7157] <... clone3 resumed> ) = ? [pid 5820] openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7161] +++ killed by SIGSEGV +++ [pid 7159] chdir("./file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7159] <... chdir resumed>) = 0 [pid 5820] <... openat resumed>) = 4 [pid 7159] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5819] getdents64(3, [pid 7159] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7159] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7159] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7160 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7156] <... futex resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 7156] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5819] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 7160 attached [pid 7156] <... futex resumed>) = 1 [pid 7159] <... futex resumed>) = 0 [pid 7160] set_robust_list(0x55555eedf6a0, 24 [pid 7159] mkdir("./file3", 0777 [pid 7158] +++ killed by SIGSEGV +++ [pid 7157] +++ killed by SIGSEGV +++ [pid 7156] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 7160] <... set_robust_list resumed>) = 0 [pid 5820] getdents64(4, [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7157, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 5819] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7160] chdir("./123" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] newfstatat(AT_FDCWD, "./122/file2", [pid 7160] <... chdir resumed>) = 0 [ 149.736113][ T7159] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 149.742660][ T7158] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.749246][ T7159] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 149.778173][ T7158] exFAT-fs (loop0): Filesystem has been set read-only [pid 5818] <... restart_syscall resumed>) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7160] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5820] getdents64(4, [pid 7160] <... prctl resumed>) = 0 [pid 5818] umount2("./118", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7160] setpgid(0, 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./122/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7160] <... setpgid resumed>) = 0 [pid 5820] close(4 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7159] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... close resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./122/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7160] <... openat resumed>) = 3 [pid 7160] write(3, "1000", 4) = 4 [pid 7159] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] rmdir("./119/file2" [pid 5819] <... openat resumed>) = 4 [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... openat resumed>) = 3 [pid 5819] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] newfstatat(3, "", [pid 5819] getdents64(4, 0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, [pid 5818] getdents64(3, [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] newfstatat(AT_FDCWD, "./119/binderfs", [pid 5819] close(4 [pid 5818] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] unlink("./119/binderfs" [pid 5819] <... close resumed>) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5820] <... unlink resumed>) = 0 [pid 5819] rmdir("./122/file2") = 0 [pid 5820] getdents64(3, [pid 7156] <... futex resumed>) = ? [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] umount2("./122/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] close(3 [pid 5819] unlink("./122/binderfs" [pid 5820] <... close resumed>) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5820] rmdir("./119" [pid 5818] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... rmdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7159] +++ killed by SIGSEGV +++ [pid 7156] +++ killed by SIGSEGV +++ [pid 7160] close(3 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7156, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5819] getdents64(3, [pid 7160] <... close resumed>) = 0 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] newfstatat(AT_FDCWD, "./118/file2", [pid 7160] symlink("/dev/binderfs", "./binderfs" [pid 5820] mkdir("./120", 0777 [pid 5819] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] umount2("./118/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] rmdir("./122" [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7160] <... symlink resumed>) = 0 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./118/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7160] write(1, "executing program\n", 18executing program [pid 5818] <... openat resumed>) = 4 [pid 7160] <... write resumed>) = 18 [pid 5821] <... restart_syscall resumed>) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] mkdir("./123", 0777 [pid 5818] newfstatat(4, "", [pid 7160] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... openat resumed>) = 3 [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7160] <... futex resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5818] getdents64(4, [pid 7160] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5820] <... ioctl resumed>) = 0 [pid 7160] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5820] <... close resumed>) = 0 [ 149.804220][ T7159] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 149.814987][ T7159] exFAT-fs (loop3): Filesystem has been set read-only [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... openat resumed>) = 3 [pid 5818] getdents64(4, ./strace-static-x86_64: Process 7162 attached [pid 7160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 7160] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5819] <... ioctl resumed>) = 0 [pid 7160] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5821] <... openat resumed>) = 3 [pid 5819] close(3 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7162] set_robust_list(0x55555eedf6a0, 24 [pid 7160] <... mprotect resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7162 [pid 5819] <... close resumed>) = 0 [pid 5818] close(4 [pid 7162] <... set_robust_list resumed>) = 0 [pid 7160] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5821] newfstatat(3, "", [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... close resumed>) = 0 [pid 5818] rmdir("./118/file2") = 0 ./strace-static-x86_64: Process 7163 attached [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7162] chdir("./120" [pid 5818] umount2("./118/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7163] set_robust_list(0x55555eedf6a0, 24 [pid 7162] <... chdir resumed>) = 0 [pid 7160] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] getdents64(3, [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7163 [pid 7163] <... set_robust_list resumed>) = 0 [pid 7162] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7163] chdir("./123" [pid 7162] <... prctl resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7163] <... chdir resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./118/binderfs", [pid 7163] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7162] setpgid(0, 0 [pid 7160] <... clone3 resumed> => {parent_tid=[7164]}, 88) = 7164 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 ./strace-static-x86_64: Process 7164 attached [pid 7163] <... prctl resumed>) = 0 [pid 7162] <... setpgid resumed>) = 0 [pid 7160] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] unlink("./118/binderfs" [pid 7164] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 7164] <... rseq resumed>) = 0 [pid 5818] getdents64(3, [pid 7164] set_robust_list(0x7fbb68bde9a0, 24 [pid 7160] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7164] <... set_robust_list resumed>) = 0 [pid 7162] <... openat resumed>) = 3 [pid 7160] <... futex resumed>) = 0 [pid 5818] close(3 [pid 7164] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... close resumed>) = 0 [pid 7164] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7163] setpgid(0, 0 [pid 7162] write(3, "1000", 4 [pid 7160] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = 0 [pid 5818] rmdir("./118" [pid 7164] memfd_create("syzkaller", 0 [pid 7163] <... setpgid resumed>) = 0 [pid 7162] <... write resumed>) = 4 [pid 5821] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7164] <... memfd_create resumed>) = 3 [pid 7163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7162] close(3 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... rmdir resumed>) = 0 [pid 7163] <... openat resumed>) = 3 [pid 7162] <... close resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./123/file2", [pid 7163] write(3, "1000", 4 [pid 7162] symlink("/dev/binderfs", "./binderfs" [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7163] <... write resumed>) = 4 [pid 7162] <... symlink resumed>) = 0 [pid 5821] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOWexecuting program executing program [pid 5818] mkdir("./119", 0777 [pid 7164] <... mmap resumed>) = 0x7fbb60600000 [pid 7163] close(3 [pid 7162] write(1, "executing program\n", 18 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7163] <... close resumed>) = 0 [pid 7162] <... write resumed>) = 18 [pid 5821] openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7163] symlink("/dev/binderfs", "./binderfs" [pid 7162] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] <... openat resumed>) = 4 [pid 5818] <... mkdir resumed>) = 0 [pid 7163] <... symlink resumed>) = 0 [pid 7162] <... futex resumed>) = 0 [pid 7163] write(1, "executing program\n", 18 [pid 7162] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5821] newfstatat(4, "", [pid 7163] <... write resumed>) = 18 [pid 7162] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7163] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7163] <... futex resumed>) = 0 [pid 7162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] getdents64(4, [pid 7163] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7163] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7162] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 7163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7162] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7162] <... mprotect resumed>) = 0 [pid 5821] getdents64(4, [pid 7163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7162] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7163] <... mmap resumed>) = 0x7fbb68bbe000 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 7163] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7162] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5821] close(4 [pid 7163] <... mprotect resumed>) = 0 [pid 7162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] <... close resumed>) = 0 ./strace-static-x86_64: Process 7165 attached [pid 7164] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7163] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7162] <... clone3 resumed> => {parent_tid=[7165]}, 88) = 7165 [pid 5821] rmdir("./123/file2" [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7165] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7162] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] <... rmdir resumed>) = 0 [pid 7165] <... rseq resumed>) = 0 [pid 7164] <... write resumed>) = 131072 [pid 7163] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] <... openat resumed>) = 3 [pid 7165] set_robust_list(0x7fbb68bde9a0, 24 [pid 7162] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] <... set_robust_list resumed>) = 0 [pid 7162] <... futex resumed>) = 0 [pid 7165] rt_sigprocmask(SIG_SETMASK, [], [pid 7162] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 5821] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7165] memfd_create("syzkaller", 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... ioctl resumed>) = 0 [pid 5821] newfstatat(AT_FDCWD, "./123/binderfs", [pid 5818] close(3./strace-static-x86_64: Process 7166 attached [pid 7165] <... memfd_create resumed>) = 3 [pid 7163] <... clone3 resumed> => {parent_tid=[7166]}, 88) = 7166 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... close resumed>) = 0 [pid 7164] munmap(0x7fbb60600000, 138412032 [pid 7163] rt_sigprocmask(SIG_SETMASK, [], [pid 5821] unlink("./123/binderfs" [pid 7164] <... munmap resumed>) = 0 [pid 7166] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7165] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7163] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5821] getdents64(3, ./strace-static-x86_64: Process 7167 attached [pid 7164] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7165] <... mmap resumed>) = 0x7fbb60600000 [pid 7164] <... openat resumed>) = 4 [pid 7166] <... rseq resumed>) = 0 [pid 5821] close(3) = 0 [pid 7164] ioctl(4, LOOP_SET_FD, 3 [pid 5821] rmdir("./123" [pid 7166] set_robust_list(0x7fbb68bde9a0, 24 [pid 7165] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7164] <... ioctl resumed>) = 0 [pid 5821] <... rmdir resumed>) = 0 [pid 7166] <... set_robust_list resumed>) = 0 [pid 7167] set_robust_list(0x55555eedf6a0, 24) = 0 [pid 7167] chdir("./119") = 0 [pid 7166] rt_sigprocmask(SIG_SETMASK, [], [pid 7167] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7165] <... write resumed>) = 131072 [pid 7164] close(3 [pid 5821] mkdir("./124", 0777 [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7167 [pid 7167] <... prctl resumed>) = 0 [pid 7166] memfd_create("syzkaller", 0 [pid 7165] munmap(0x7fbb60600000, 138412032 [pid 7164] <... close resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 [pid 7167] setpgid(0, 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7167] <... setpgid resumed>) = 0 [pid 7166] <... memfd_create resumed>) = 3 [pid 7164] close(4 [pid 5821] <... openat resumed>) = 3 [pid 7167] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7165] <... munmap resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7166] <... mmap resumed>) = 0x7fbb60600000 [pid 7164] <... close resumed>) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 7167] <... openat resumed>) = 3 [pid 5821] close(3 [pid 7167] write(3, "1000", 4) = 4 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7164] mkdir("./file2", 0777 [pid 5821] <... close resumed>) = 0 [pid 7167] close(3) = 0 [pid 7165] <... openat resumed>) = 4 [pid 7164] <... mkdir resumed>) = 0 [pid 7167] symlink("/dev/binderfs", "./binderfs" [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7165] ioctl(4, LOOP_SET_FD, 3 [pid 7167] <... symlink resumed>) = 0 [pid 7164] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7166] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072) = 131072 executing program ./strace-static-x86_64: Process 7168 attached [pid 7167] write(1, "executing program\n", 18 [pid 7168] set_robust_list(0x55555eedf6a0, 24 [pid 7167] <... write resumed>) = 18 [pid 7168] <... set_robust_list resumed>) = 0 [pid 7167] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7168] chdir("./124" [pid 7167] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7168] <... chdir resumed>) = 0 [pid 7165] <... ioctl resumed>) = 0 [pid 7168] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7167] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7166] munmap(0x7fbb60600000, 138412032 [pid 7167] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7168] <... prctl resumed>) = 0 [pid 7167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7166] <... munmap resumed>) = 0 [pid 7165] close(3 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7168 [pid 7165] <... close resumed>) = 0 [pid 7165] close(4) = 0 [pid 7165] mkdir("./file2", 0777 [pid 7168] setpgid(0, 0 [pid 7167] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7166] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7165] <... mkdir resumed>) = 0 [pid 7168] <... setpgid resumed>) = 0 [pid 7167] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7166] <... openat resumed>) = 4 [pid 7168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7167] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [ 149.951266][ T7164] loop4: detected capacity change from 0 to 256 [ 149.982450][ T7165] loop2: detected capacity change from 0 to 256 [pid 7166] ioctl(4, LOOP_SET_FD, 3 [pid 7168] <... openat resumed>) = 3 [pid 7167] <... mprotect resumed>) = 0 [pid 7166] <... ioctl resumed>) = 0 [pid 7165] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7168] write(3, "1000", 4 [pid 7167] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7168] <... write resumed>) = 4 [pid 7167] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7166] close(3 [pid 7168] close(3 [pid 7167] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7166] <... close resumed>) = 0 [pid 7168] <... close resumed>) = 0 ./strace-static-x86_64: Process 7169 attached [pid 7168] symlink("/dev/binderfs", "./binderfs" [pid 7166] close(4 [pid 7169] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053executing program ) = 0 [pid 7168] <... symlink resumed>) = 0 [pid 7167] <... clone3 resumed> => {parent_tid=[7169]}, 88) = 7169 [pid 7166] <... close resumed>) = 0 [pid 7169] set_robust_list(0x7fbb68bde9a0, 24 [pid 7168] write(1, "executing program\n", 18 [pid 7167] rt_sigprocmask(SIG_SETMASK, [], [pid 7166] mkdir("./file2", 0777 [pid 7169] <... set_robust_list resumed>) = 0 [pid 7168] <... write resumed>) = 18 [pid 7167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7169] rt_sigprocmask(SIG_SETMASK, [], [pid 7168] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7167] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7166] <... mkdir resumed>) = 0 [pid 7169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7168] <... futex resumed>) = 0 [pid 7167] <... futex resumed>) = 0 [pid 7166] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7169] memfd_create("syzkaller", 0 [pid 7168] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7167] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7169] <... memfd_create resumed>) = 3 [pid 7168] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7169] <... mmap resumed>) = 0x7fbb60600000 [pid 7168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7169] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68bbe000 [pid 7168] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7169] <... write resumed>) = 131072 ./strace-static-x86_64: Process 7170 attached [ 150.020844][ T7166] loop1: detected capacity change from 0 to 256 [ 150.021945][ T7164] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.048585][ T7165] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7169] munmap(0x7fbb60600000, 138412032 [pid 7170] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7169] <... munmap resumed>) = 0 [pid 7168] <... clone3 resumed> => {parent_tid=[7170]}, 88) = 7170 [pid 7170] <... rseq resumed>) = 0 [pid 7169] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7168] rt_sigprocmask(SIG_SETMASK, [], [pid 7170] set_robust_list(0x7fbb68bde9a0, 24 [pid 7169] <... openat resumed>) = 4 [pid 7168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7170] <... set_robust_list resumed>) = 0 [pid 7169] ioctl(4, LOOP_SET_FD, 3 [pid 7168] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] rt_sigprocmask(SIG_SETMASK, [], [pid 7164] <... mount resumed>) = 0 [pid 7168] <... futex resumed>) = 0 [pid 7168] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7170] memfd_create("syzkaller", 0) = 3 [pid 7170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [ 150.086004][ T7164] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.097520][ T7165] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.110510][ T7166] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.113291][ T7169] loop0: detected capacity change from 0 to 256 [pid 7170] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7169] <... ioctl resumed>) = 0 [pid 7166] <... mount resumed>) = 0 [pid 7165] <... mount resumed>) = 0 [pid 7164] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7166] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7170] <... write resumed>) = 131072 [pid 7165] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7170] munmap(0x7fbb60600000, 138412032 [pid 7165] <... openat resumed>) = 3 [pid 7170] <... munmap resumed>) = 0 [pid 7165] chdir("./file2" [pid 7170] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7165] <... chdir resumed>) = 0 [pid 7170] <... openat resumed>) = 4 [pid 7165] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7170] ioctl(4, LOOP_SET_FD, 3 [pid 7165] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7169] close(3 [pid 7166] <... openat resumed>) = 3 [pid 7165] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] <... openat resumed>) = 3 [pid 7166] chdir("./file2" [pid 7169] <... close resumed>) = 0 [pid 7166] <... chdir resumed>) = 0 [pid 7164] chdir("./file2" [pid 7169] close(4 [pid 7166] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7170] <... ioctl resumed>) = 0 [pid 7169] <... close resumed>) = 0 [pid 7165] <... futex resumed>) = 1 [pid 7162] <... futex resumed>) = 0 [pid 7170] close(3 [pid 7165] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7162] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] <... close resumed>) = 0 [pid 7165] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7162] <... futex resumed>) = 0 [pid 7170] close(4 [pid 7169] mkdir("./file2", 0777 [pid 7166] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7165] mkdir("./file3", 0777 [pid 7162] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7164] <... chdir resumed>) = 0 [pid 7170] <... close resumed>) = 0 [pid 7166] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] mkdir("./file2", 0777 [pid 7169] <... mkdir resumed>) = 0 [pid 7166] <... futex resumed>) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7169] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7166] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7164] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7163] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] <... mkdir resumed>) = 0 [pid 7166] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7166] mkdir("./file3", 0777 [ 150.125083][ T7166] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.149544][ T7170] loop3: detected capacity change from 0 to 256 [ 150.158723][ T7165] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.171780][ T7166] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 7170] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7164] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7163] <... futex resumed>) = 0 [pid 7163] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7164] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7164] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7160] <... futex resumed>) = 0 [pid 7160] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7164] <... futex resumed>) = 0 [pid 7160] <... futex resumed>) = 1 [pid 7164] mkdir("./file3", 0777 [pid 7160] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7162] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7162] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [ 150.184247][ T7164] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.195418][ T7169] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.195799][ T7166] exFAT-fs (loop1): Filesystem has been set read-only [ 150.215183][ T7165] exFAT-fs (loop2): Filesystem has been set read-only [ 150.224167][ T7169] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7162] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7162] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7160] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7162] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7160] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7163] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7163] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7163] <... futex resumed>) = 0 [pid 7163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7160] <... mprotect resumed>) = 0 [pid 7163] <... mmap resumed>) = 0x7fbb68b9d000 [pid 7163] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE [pid 7160] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7162] <... clone3 resumed> => {parent_tid=[7171]}, 88) = 7171 [pid 7160] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7162] rt_sigprocmask(SIG_SETMASK, [], [pid 7160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7163] <... mprotect resumed>) = 0 [pid 7162] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7160] <... clone3 resumed> => {parent_tid=[7172]}, 88) = 7172 [pid 7163] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7162] <... futex resumed>) = 0 [pid 7160] rt_sigprocmask(SIG_SETMASK, [], [pid 7163] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7162] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7165] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} [pid 7160] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7165] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7160] <... futex resumed>) = 0 [pid 7163] <... clone3 resumed> => {parent_tid=[7173]}, 88) = 7173 [pid 7160] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7163] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7172 attached [pid 7172] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 7172] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 7172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7172] openat(AT_FDCWD, ".", O_RDONLY) = 4 ./strace-static-x86_64: Process 7173 attached [pid 7172] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7160] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7160] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7173] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 7173] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 7173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7173] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 7173] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7163] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7163] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7173] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7172] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7173] <... ioctl resumed>) = 0 [pid 7172] <... ioctl resumed>) = 0 [pid 7173] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7172] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7160] <... futex resumed>) = 0 [pid 7173] <... futex resumed>) = 1 [pid 7163] <... futex resumed>) = 0 [pid 7162] <... futex resumed>) = ? ./strace-static-x86_64: Process 7171 attached [pid 7165] +++ killed by SIGSEGV +++ [pid 7173] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7172] futex(0x7fbb68cb26d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7166] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7166] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7173] <... futex resumed>) = ? [pid 7173] +++ killed by SIGSEGV +++ [pid 7171] +++ killed by SIGSEGV +++ [pid 7169] <... mount resumed>) = 0 [pid 7164] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7162] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7162, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=5 /* 0.05 s */} --- [pid 7169] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7166] +++ killed by SIGSEGV +++ [pid 7163] +++ killed by SIGSEGV +++ [pid 7169] <... openat resumed>) = 3 [pid 5820] restart_syscall(<... resuming interrupted clone ...> [pid 7169] chdir("./file2") = 0 [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7163, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=7 /* 0.07 s */} --- [pid 7169] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 5819] restart_syscall(<... resuming interrupted clone ...> [pid 7169] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7164] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7160] ???( [pid 7169] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7169] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5820] <... restart_syscall resumed>) = 0 [pid 5819] <... restart_syscall resumed>) = 0 [pid 5820] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] <... openat resumed>) = 3 [pid 5819] <... openat resumed>) = 3 [pid 7172] <... futex resumed>) = ? [pid 7167] <... futex resumed>) = 0 [pid 5820] newfstatat(3, "", [pid 5819] newfstatat(3, "", [pid 7172] +++ killed by SIGSEGV +++ [pid 7167] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7169] <... futex resumed>) = 0 [pid 7167] <... futex resumed>) = 1 [pid 5820] getdents64(3, [pid 5819] getdents64(3, [pid 7169] mkdir("./file3", 0777 [pid 7167] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7164] +++ killed by SIGSEGV +++ [pid 7160] +++ killed by SIGSEGV +++ [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7160, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [ 150.226699][ T7170] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.234750][ T7164] exFAT-fs (loop4): Filesystem has been set read-only [ 150.266262][ T7170] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7170] <... mount resumed>) = 0 [pid 7169] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5820] <... umount2 resumed>) = 0 [pid 7170] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 5822] <... restart_syscall resumed>) = 0 [pid 5819] <... umount2 resumed>) = 0 [pid 5819] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7169] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7167] <... futex resumed>) = ? [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7170] <... openat resumed>) = 3 [pid 7169] +++ killed by SIGSEGV +++ [pid 5820] newfstatat(AT_FDCWD, "./120/file2", [pid 5819] newfstatat(AT_FDCWD, "./123/file2", [pid 7170] chdir("./file2" [pid 7167] +++ killed by SIGSEGV +++ [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7170] <... chdir resumed>) = 0 [pid 5822] umount2("./123", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7170] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7170] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7167, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5822] openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 7170] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] <... openat resumed>) = 3 [pid 5820] <... openat resumed>) = 4 [pid 5819] openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7170] <... futex resumed>) = 1 [pid 7168] <... futex resumed>) = 0 [pid 5820] newfstatat(4, "", [pid 7170] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7168] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7170] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7168] <... futex resumed>) = 0 [pid 5822] newfstatat(3, "", [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5819] <... openat resumed>) = 4 [pid 7170] mkdir("./file3", 0777 [pid 7168] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, [pid 5819] newfstatat(4, "", [pid 5822] getdents64(3, [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5819] getdents64(4, [pid 5818] <... restart_syscall resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] umount2("./119", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] close(4 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... close resumed>) = 0 [pid 5818] openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] rmdir("./123/file2" [pid 5818] <... openat resumed>) = 3 [pid 5818] newfstatat(3, "", [pid 5819] <... rmdir resumed>) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(4, [pid 5818] getdents64(3, [pid 7170] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] close(4 [pid 5819] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7170] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5820] <... close resumed>) = 0 [pid 5820] rmdir("./120/file2" [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7168] <... futex resumed>) = ? [pid 5820] <... rmdir resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./123/binderfs", [pid 7170] +++ killed by SIGSEGV +++ [pid 5818] <... umount2 resumed>) = 0 [pid 7168] +++ killed by SIGSEGV +++ [pid 5822] <... umount2 resumed>) = 0 [pid 5820] umount2("./120/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7168, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] unlink("./123/binderfs" [pid 5818] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./120/binderfs", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] newfstatat(AT_FDCWD, "./123/file2", [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] <... unlink resumed>) = 0 [pid 5818] newfstatat(AT_FDCWD, "./119/file2", [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] unlink("./120/binderfs" [pid 5819] getdents64(3, [pid 5822] umount2("./123/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... unlink resumed>) = 0 [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] close(3 [pid 5822] openat(AT_FDCWD, "./123/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] <... openat resumed>) = 3 [pid 5820] getdents64(3, [pid 5819] <... close resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] rmdir("./123" [pid 5822] <... openat resumed>) = 4 [pid 5820] close(3 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] umount2("./119/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] newfstatat(4, "", [pid 5821] newfstatat(3, "", [pid 5820] <... close resumed>) = 0 [pid 5819] mkdir("./124", 0777 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] rmdir("./120" [pid 5819] <... mkdir resumed>) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] getdents64(4, [pid 5821] getdents64(3, [pid 5820] <... rmdir resumed>) = 0 [pid 5819] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 5818] openat(AT_FDCWD, "./119/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5820] mkdir("./121", 0777 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] <... mkdir resumed>) = 0 [pid 5819] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 4 [pid 5819] ioctl(3, LOOP_CLR_FD [pid 5822] getdents64(4, [pid 5821] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5819] <... ioctl resumed>) = 0 [pid 5818] newfstatat(4, "", [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... openat resumed>) = 3 [pid 5819] close(3 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 150.280640][ T7169] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.289666][ T7169] exFAT-fs (loop0): Filesystem has been set read-only [ 150.308860][ T7170] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.319782][ T7170] exFAT-fs (loop3): Filesystem has been set read-only [pid 5822] close(4) = 0 [pid 5821] <... umount2 resumed>) = 0 [pid 5820] ioctl(3, LOOP_CLR_FD [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5822] rmdir("./123/file2" [pid 5821] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... ioctl resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... rmdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] close(3 [pid 5819] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] newfstatat(AT_FDCWD, "./124/file2", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] getdents64(4, [pid 5821] <... openat resumed>) = 4 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] umount2("./123/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... close resumed>) = 0 [pid 5818] close(4 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(4, "", [pid 5818] <... close resumed>) = 0 [pid 5822] newfstatat(AT_FDCWD, "./123/binderfs", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] rmdir("./119/file2" [pid 5822] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] getdents64(4, [pid 5818] <... rmdir resumed>) = 0 [pid 5822] unlink("./123/binderfs" [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... unlink resumed>) = 0 [pid 5821] getdents64(4, [pid 5822] getdents64(3, [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5819] <... clone resumed>, child_tidptr=0x55555eedf690) = 7174 [pid 5818] umount2("./119/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5821] close(4./strace-static-x86_64: Process 7175 attached ./strace-static-x86_64: Process 7174 attached [pid 5822] close(3 [pid 5821] <... close resumed>) = 0 [pid 5822] <... close resumed>) = 0 [pid 5821] rmdir("./124/file2" [pid 7175] set_robust_list(0x55555eedf6a0, 24 [pid 7174] set_robust_list(0x55555eedf6a0, 24 [pid 5822] rmdir("./123" [pid 5821] <... rmdir resumed>) = 0 [pid 7175] <... set_robust_list resumed>) = 0 [pid 7174] <... set_robust_list resumed>) = 0 [pid 5822] <... rmdir resumed>) = 0 [pid 5820] <... clone resumed>, child_tidptr=0x55555eedf690) = 7175 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7175] chdir("./121" [pid 7174] chdir("./124" [pid 5822] mkdir("./124", 0777 [pid 5821] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(AT_FDCWD, "./119/binderfs", [pid 7174] <... chdir resumed>) = 0 [pid 7175] <... chdir resumed>) = 0 [pid 7174] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] <... mkdir resumed>) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7175] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5822] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 5821] newfstatat(AT_FDCWD, "./124/binderfs", [pid 7174] <... prctl resumed>) = 0 [pid 5818] unlink("./119/binderfs" [pid 7175] <... prctl resumed>) = 0 [pid 7174] setpgid(0, 0 [pid 5822] <... openat resumed>) = 3 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 7174] <... setpgid resumed>) = 0 [pid 5818] <... unlink resumed>) = 0 [pid 7175] setpgid(0, 0 [pid 5822] ioctl(3, LOOP_CLR_FD [pid 5821] unlink("./124/binderfs" [pid 7174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5822] <... ioctl resumed>) = 0 [pid 5821] <... unlink resumed>) = 0 [pid 5818] getdents64(3, [pid 5822] close(3 [pid 7175] <... setpgid resumed>) = 0 [pid 7174] <... openat resumed>) = 3 [pid 5822] <... close resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5821] getdents64(3, [pid 5818] close(3 [pid 7175] <... openat resumed>) = 3 [pid 7174] write(3, "1000", 4 [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 7174] <... write resumed>) = 4 [pid 5818] <... close resumed>) = 0 [pid 5821] close(3) = 0 [pid 5821] rmdir("./124" [pid 7175] write(3, "1000", 4 [pid 7174] close(3 [pid 5822] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5821] <... rmdir resumed>) = 0 [pid 5818] rmdir("./119" [pid 7174] <... close resumed>) = 0 ./strace-static-x86_64: Process 7176 attached [pid 7175] <... write resumed>) = 4 [pid 7174] symlink("/dev/binderfs", "./binderfs" [pid 5821] mkdir("./125", 0777 [pid 5818] <... rmdir resumed>) = 0 [pid 7174] <... symlink resumed>) = 0 [pid 5821] <... mkdir resumed>) = 0 executing program [pid 5818] mkdir("./120", 0777 [pid 7175] close(3) = 0 [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5818] <... mkdir resumed>) = 0 [pid 7174] write(1, "executing program\n", 18 [pid 5818] openat(AT_FDCWD, "/dev/loop0", O_RDWRexecuting program [pid 7174] <... write resumed>) = 18 [pid 7176] set_robust_list(0x55555eedf6a0, 24 [pid 7175] symlink("/dev/binderfs", "./binderfs" [pid 5822] <... clone resumed>, child_tidptr=0x55555eedf690) = 7176 [pid 5821] <... openat resumed>) = 3 [pid 5818] <... openat resumed>) = 3 [pid 7176] <... set_robust_list resumed>) = 0 [pid 7175] <... symlink resumed>) = 0 [pid 5821] ioctl(3, LOOP_CLR_FD [pid 7176] chdir("./124" [pid 5821] <... ioctl resumed>) = 0 [pid 5818] ioctl(3, LOOP_CLR_FD [pid 7176] <... chdir resumed>) = 0 [pid 5821] close(3 [pid 7176] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7175] write(1, "executing program\n", 18 [pid 5821] <... close resumed>) = 0 [pid 7176] <... prctl resumed>) = 0 [pid 7175] <... write resumed>) = 18 [pid 7174] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 5818] <... ioctl resumed>) = 0 ./strace-static-x86_64: Process 7177 attached [pid 7176] setpgid(0, 0 [pid 7175] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7174] <... futex resumed>) = 0 [pid 5818] close(3 [pid 7176] <... setpgid resumed>) = 0 [pid 7175] <... futex resumed>) = 0 [pid 5821] <... clone resumed>, child_tidptr=0x55555eedf690) = 7177 [pid 7176] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7175] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7174] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 5818] <... close resumed>) = 0 [pid 7177] set_robust_list(0x55555eedf6a0, 24 [pid 7176] <... openat resumed>) = 3 [pid 7175] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7174] <... rt_sigaction resumed>NULL, 8) = 0 [pid 5818] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 7177] <... set_robust_list resumed>) = 0 [pid 7176] write(3, "1000", 4 [pid 7175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7176] <... write resumed>) = 4 [pid 7175] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7178 attached [pid 7177] chdir("./125" [pid 7176] close(3 [pid 7175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7178] set_robust_list(0x55555eedf6a0, 24 [pid 7177] <... chdir resumed>) = 0 [pid 7176] <... close resumed>) = 0 [pid 7175] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7178] <... set_robust_list resumed>) = 0 [pid 7177] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7175] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7177] <... prctl resumed>) = 0 [pid 7175] <... mprotect resumed>) = 0 [pid 7174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7178] chdir("./120" [pid 7177] setpgid(0, 0 [pid 7175] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7174] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7178] <... chdir resumed>) = 0 [pid 7177] <... setpgid resumed>) = 0 [pid 7176] symlink("/dev/binderfs", "./binderfs" [pid 7174] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 5818] <... clone resumed>, child_tidptr=0x55555eedf690) = 7178 [pid 7178] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 7177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7176] <... symlink resumed>) = 0 [pid 7175] <... rt_sigprocmask resumed>[], 8) = 0 executing program [pid 7174] <... mprotect resumed>) = 0 [pid 7178] <... prctl resumed>) = 0 [pid 7177] <... openat resumed>) = 3 [pid 7176] write(1, "executing program\n", 18 [pid 7175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7179 attached [pid 7178] setpgid(0, 0 [pid 7177] write(3, "1000", 4 [pid 7176] <... write resumed>) = 18 [pid 7174] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7179] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7178] <... setpgid resumed>) = 0 [pid 7177] <... write resumed>) = 4 [pid 7176] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7175] <... clone3 resumed> => {parent_tid=[7179]}, 88) = 7179 [pid 7174] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7177] close(3 [pid 7175] rt_sigprocmask(SIG_SETMASK, [], [pid 7178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 7174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7177] <... close resumed>) = 0 [pid 7175] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 7180 attached [pid 7178] <... openat resumed>) = 3 [pid 7177] symlink("/dev/binderfs", "./binderfs" [pid 7175] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7179] <... rseq resumed>) = 0 [pid 7178] write(3, "1000", 4 [pid 7177] <... symlink resumed>) = 0 [pid 7176] <... futex resumed>) = 0 executing program [pid 7175] <... futex resumed>) = 0 [pid 7174] <... clone3 resumed> => {parent_tid=[7180]}, 88) = 7180 [pid 7180] <... rseq resumed>) = 0 [pid 7179] set_robust_list(0x7fbb68bde9a0, 24 [pid 7178] <... write resumed>) = 4 [pid 7177] write(1, "executing program\n", 18 [pid 7176] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7175] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7174] rt_sigprocmask(SIG_SETMASK, [], [pid 7180] set_robust_list(0x7fbb68bde9a0, 24 [pid 7179] <... set_robust_list resumed>) = 0 [pid 7178] close(3 [pid 7177] <... write resumed>) = 18 [pid 7176] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7180] <... set_robust_list resumed>) = 0 [pid 7179] rt_sigprocmask(SIG_SETMASK, [], [pid 7178] <... close resumed>) = 0 [pid 7177] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7176] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7180] rt_sigprocmask(SIG_SETMASK, [], [pid 7179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7178] symlink("/dev/binderfs", "./binderfs" [pid 7177] <... futex resumed>) = 0 [pid 7176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7174] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7179] memfd_create("syzkaller", 0 [pid 7177] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7176] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7174] <... futex resumed>) = 0 [pid 7180] memfd_create("syzkaller", 0 [pid 7179] <... memfd_create resumed>) = 3 [pid 7177] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7176] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7174] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7180] <... memfd_create resumed>) = 3 [pid 7179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7176] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7179] <... mmap resumed>) = 0x7fbb60600000 [pid 7177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7176] <... mprotect resumed>) = 0 [pid 7180] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7179] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7178] <... symlink resumed>) = 0 [pid 7177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7176] rt_sigprocmask(SIG_BLOCK, ~[], executing program [pid 7180] <... mmap resumed>) = 0x7fbb60600000 [pid 7178] write(1, "executing program\n", 18 [pid 7177] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7176] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7178] <... write resumed>) = 18 [pid 7177] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7176] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7181 attached [pid 7178] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... mprotect resumed>) = 0 [pid 7181] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7178] <... futex resumed>) = 0 [pid 7177] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7176] <... clone3 resumed> => {parent_tid=[7181]}, 88) = 7181 [pid 7181] <... rseq resumed>) = 0 [pid 7179] <... write resumed>) = 131072 [pid 7176] rt_sigprocmask(SIG_SETMASK, [], [pid 7181] set_robust_list(0x7fbb68bde9a0, 24 [pid 7178] rt_sigaction(SIGRT_1, {sa_handler=0x7fbb68c50160, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fbb68c41310}, [pid 7177] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7180] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7178] <... rt_sigaction resumed>NULL, 8) = 0 [pid 7177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0}./strace-static-x86_64: Process 7182 attached [pid 7181] <... set_robust_list resumed>) = 0 [pid 7178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 7176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7182] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7181] rt_sigprocmask(SIG_SETMASK, [], [pid 7179] munmap(0x7fbb60600000, 138412032 [pid 7176] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7177] <... clone3 resumed> => {parent_tid=[7182]}, 88) = 7182 [pid 7178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7182] <... rseq resumed>) = 0 [pid 7181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7179] <... munmap resumed>) = 0 [pid 7177] rt_sigprocmask(SIG_SETMASK, [], [pid 7176] <... futex resumed>) = 0 [pid 7178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 7182] set_robust_list(0x7fbb68bde9a0, 24 [pid 7181] memfd_create("syzkaller", 0 [pid 7180] <... write resumed>) = 131072 [pid 7178] <... mmap resumed>) = 0x7fbb68bbe000 [pid 7177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7182] <... set_robust_list resumed>) = 0 [pid 7180] munmap(0x7fbb60600000, 138412032 [pid 7178] mprotect(0x7fbb68bbf000, 131072, PROT_READ|PROT_WRITE [pid 7177] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7181] <... memfd_create resumed>) = 3 [pid 7179] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 7178] <... mprotect resumed>) = 0 [pid 7176] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7182] memfd_create("syzkaller", 0 [pid 7181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7180] <... munmap resumed>) = 0 [pid 7179] <... openat resumed>) = 4 [pid 7178] rt_sigprocmask(SIG_BLOCK, ~[], [pid 7177] <... futex resumed>) = 0 [pid 7182] <... memfd_create resumed>) = 3 [pid 7181] <... mmap resumed>) = 0x7fbb60600000 [pid 7178] <... rt_sigprocmask resumed>[], 8) = 0 [pid 7182] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 7180] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 7178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bde990, parent_tid=0x7fbb68bde990, exit_signal=0, stack=0x7fbb68bbe000, stack_size=0x20300, tls=0x7fbb68bde6c0} [pid 7177] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7182] <... mmap resumed>) = 0x7fbb60600000 [pid 7181] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7180] <... openat resumed>) = 4 [pid 7179] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 7183 attached [pid 7182] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7180] ioctl(4, LOOP_SET_FD, 3 [pid 7183] rseq(0x7fbb68bdefe0, 0x20, 0, 0x53053053 [pid 7182] <... write resumed>) = 131072 [pid 7181] <... write resumed>) = 131072 [pid 7178] <... clone3 resumed> => {parent_tid=[7183]}, 88) = 7183 [pid 7183] <... rseq resumed>) = 0 [pid 7182] munmap(0x7fbb60600000, 138412032 [pid 7181] munmap(0x7fbb60600000, 138412032 [pid 7178] rt_sigprocmask(SIG_SETMASK, [], [pid 7183] set_robust_list(0x7fbb68bde9a0, 24 [pid 7181] <... munmap resumed>) = 0 [pid 7180] <... ioctl resumed>) = 0 [pid 7179] <... ioctl resumed>) = 0 [pid 7178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7183] <... set_robust_list resumed>) = 0 [pid 7182] <... munmap resumed>) = 0 [pid 7178] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7183] rt_sigprocmask(SIG_SETMASK, [], [pid 7182] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7178] <... futex resumed>) = 0 [pid 7183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7182] <... openat resumed>) = 4 [pid 7181] <... openat resumed>) = 4 [pid 7180] close(3 [pid 7179] close(3 [pid 7178] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 7183] memfd_create("syzkaller", 0 [pid 7182] ioctl(4, LOOP_SET_FD, 3 [pid 7181] ioctl(4, LOOP_SET_FD, 3 [pid 7180] <... close resumed>) = 0 [pid 7179] <... close resumed>) = 0 [pid 7183] <... memfd_create resumed>) = 3 [pid 7183] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fbb60600000 [pid 7183] write(3, "\xeb\x76\x90\x45\x58\x46\x41\x54\x20\x20\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x08\x00\x00\x00\x88\x00\x00\x00\x0f\x00\x00\x00\x05\x00\x00\x00"..., 131072 [pid 7182] <... ioctl resumed>) = 0 [pid 7181] <... ioctl resumed>) = 0 [pid 7180] close(4 [pid 7179] close(4 [pid 7183] <... write resumed>) = 131072 [pid 7183] munmap(0x7fbb60600000, 138412032) = 0 [pid 7182] close(3 [pid 7181] close(3 [pid 7183] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7182] <... close resumed>) = 0 [pid 7181] <... close resumed>) = 0 [pid 7180] <... close resumed>) = 0 [pid 7179] <... close resumed>) = 0 [pid 7183] <... openat resumed>) = 4 [pid 7182] close(4 [pid 7181] close(4 [pid 7180] mkdir("./file2", 0777 [pid 7179] mkdir("./file2", 0777 [pid 7182] <... close resumed>) = 0 [pid 7181] <... close resumed>) = 0 [pid 7180] <... mkdir resumed>) = 0 [pid 7179] <... mkdir resumed>) = 0 [pid 7181] mkdir("./file2", 0777 [pid 7183] ioctl(4, LOOP_SET_FD, 3 [pid 7182] mkdir("./file2", 0777 [pid 7181] <... mkdir resumed>) = 0 [pid 7182] <... mkdir resumed>) = 0 [ 150.542856][ T7179] loop2: detected capacity change from 0 to 256 [ 150.549419][ T7180] loop1: detected capacity change from 0 to 256 [ 150.571772][ T7182] loop3: detected capacity change from 0 to 256 [ 150.579342][ T7181] loop4: detected capacity change from 0 to 256 [pid 7180] mount("/dev/loop1", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7182] mount("/dev/loop3", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7181] mount("/dev/loop4", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7179] mount("/dev/loop2", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7183] <... ioctl resumed>) = 0 [pid 7183] close(3) = 0 [pid 7183] close(4) = 0 [pid 7183] mkdir("./file2", 0777) = 0 [ 150.605445][ T7183] loop0: detected capacity change from 0 to 256 [ 150.621801][ T7180] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.634694][ T7182] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7183] mount("/dev/loop0", "./file2", "exfat", MS_SYNCHRONOUS|MS_MANDLOCK|MS_SILENT|MS_RELATIME|MS_LAZYTIME, "" [pid 7182] <... mount resumed>) = 0 [pid 7182] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7180] <... mount resumed>) = 0 [pid 7182] <... openat resumed>) = 3 [pid 7182] chdir("./file2" [pid 7180] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7182] <... chdir resumed>) = 0 [pid 7182] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 7180] <... openat resumed>) = 3 [pid 7182] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7180] chdir("./file2" [pid 7182] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7180] <... chdir resumed>) = 0 [pid 7182] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = -1 EBUSY (Device or resource busy) [pid 7180] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7177] <... futex resumed>) = 0 [pid 7177] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 7180] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7182] <... futex resumed>) = 0 [pid 7177] <... futex resumed>) = 1 [pid 7182] mkdir("./file3", 0777 [pid 7177] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7174] <... futex resumed>) = 0 [ 150.635137][ T7180] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.659808][ T7182] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.673326][ T7179] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [pid 7174] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 7174] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7180] <... futex resumed>) = 0 [pid 7180] mkdir("./file3", 0777 [pid 7182] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7182] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [ 150.701808][ T7182] exFAT-fs (loop3): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.708507][ T7183] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.713932][ T7182] exFAT-fs (loop3): Filesystem has been set read-only [ 150.728003][ T7179] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.742735][ T7183] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [pid 7183] <... mount resumed>) = 0 [pid 7179] <... mount resumed>) = 0 [pid 7177] <... futex resumed>) = ? [pid 7174] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 7174] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fbb68b9d000 [pid 7174] mprotect(0x7fbb68b9e000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 7174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 7174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7fbb68bbd990, parent_tid=0x7fbb68bbd990, exit_signal=0, stack=0x7fbb68b9d000, stack_size=0x20300, tls=0x7fbb68bbd6c0} => {parent_tid=[7184]}, 88) = 7184 [pid 7174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 7174] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 7184 attached [pid 7184] rseq(0x7fbb68bbdfe0, 0x20, 0, 0x53053053) = 0 [pid 7179] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7184] set_robust_list(0x7fbb68bbd9a0, 24) = 0 [pid 7179] <... openat resumed>) = 3 [pid 7184] rt_sigprocmask(SIG_SETMASK, [], [pid 7179] chdir("./file2" [pid 7184] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 7183] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7182] +++ killed by SIGSEGV +++ [pid 7179] <... chdir resumed>) = 0 [pid 7177] +++ killed by SIGSEGV +++ [pid 7184] openat(AT_FDCWD, ".", O_RDONLY) = 4 [pid 5821] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7177, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7184] futex(0x7fbb68cb26dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] restart_syscall(<... resuming interrupted clone ...> [pid 7184] <... futex resumed>) = 1 [pid 7174] <... futex resumed>) = 0 [pid 7174] futex(0x7fbb68cb26d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7174] futex(0x7fbb68cb26dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7184] ioctl(4, F2FS_IOC_SHUTDOWN, 0x200000000080 [pid 7183] <... openat resumed>) = 3 [pid 7181] <... mount resumed>) = 0 [pid 7179] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 5821] <... restart_syscall resumed>) = 0 [pid 7183] chdir("./file2" [pid 7181] openat(AT_FDCWD, "./file2", O_RDONLY|O_DIRECTORY [pid 7179] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7183] <... chdir resumed>) = 0 [pid 7181] <... openat resumed>) = 3 [pid 7179] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7183] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 7179] <... futex resumed>) = 1 [pid 7175] <... futex resumed>) = 0 [pid 7183] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7181] chdir("./file2" [pid 7179] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7175] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] umount2("./125", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7183] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 7181] <... chdir resumed>) = 0 [pid 7179] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7175] <... futex resumed>) = 0 [pid 7183] <... futex resumed>) = 1 [pid 7181] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 7179] mkdir("./file3", 0777 [pid 7175] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7183] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7181] <... openat resumed>) = -1 EBUSY (Device or resource busy) [pid 7180] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7178] <... futex resumed>) = 0 [pid 7180] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7178] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 7178] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7181] futex(0x7fbb68cb26cc, FUTEX_WAKE_PRIVATE, 1000000 [ 150.743883][ T7180] exFAT-fs (loop1): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.753997][ T7181] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x45383d15, utbl_chksum : 0xe619d30d) [ 150.777207][ T7181] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 150.782467][ T7180] exFAT-fs (loop1): Filesystem has been set read-only [ 150.794606][ T7179] exFAT-fs (loop2): error, in sector 160, dentry 7 should be unused, but 0xc0 [pid 5821] openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7183] mkdir("./file3", 0777 [pid 7184] <... ioctl resumed>) = ? [pid 7181] <... futex resumed>) = 1 [pid 7179] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7176] <... futex resumed>) = 0 [pid 7174] <... futex resumed>) = ? [pid 5821] <... openat resumed>) = 3 [pid 7184] +++ killed by SIGSEGV +++ [pid 7181] futex(0x7fbb68cb26c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 7180] +++ killed by SIGSEGV +++ [pid 7174] +++ killed by SIGSEGV +++ [pid 7181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 7179] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 7176] futex(0x7fbb68cb26c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5821] newfstatat(3, "", [pid 7181] mkdir("./file3", 0777 [pid 7176] <... futex resumed>) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 7183] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 7176] futex(0x7fbb68cb26cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 7175] <... futex resumed>) = ? [pid 5819] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7174, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 7179] +++ killed by SIGSEGV +++ [pid 7183] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] getdents64(3, [pid 7183] +++ killed by SIGSEGV +++ [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 7178] <... futex resumed>) = ? [pid 5821] umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 7175] +++ killed by SIGSEGV +++ [pid 7178] +++ killed by SIGSEGV +++ [pid 5820] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7175, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=8 /* 0.08 s */} --- [pid 5819] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7178, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=6 /* 0.06 s */} --- [pid 5818] restart_syscall(<... resuming interrupted clone ...> [pid 5820] umount2("./121", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5820] openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 5820] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] getdents64(3, 0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5820] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7181] <... mkdir resumed>) = -1 EIO (Input/output error) [pid 5821] <... umount2 resumed>) = 0 [pid 5820] <... umount2 resumed>) = 0 [pid 5818] <... restart_syscall resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 7181] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} --- [pid 5821] umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 3 [pid 7176] <... futex resumed>) = ? [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] newfstatat(AT_FDCWD, "./125/file2", [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7181] +++ killed by SIGSEGV +++ [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5820] newfstatat(AT_FDCWD, "./121/file2", [pid 5819] newfstatat(3, "", [pid 5818] umount2("./120", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] umount2("./125/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] umount2("./121/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 7176] +++ killed by SIGSEGV +++ [pid 5821] openat(AT_FDCWD, "./125/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=7176, si_uid=0, si_status=SIGSEGV, si_utime=0, si_stime=9 /* 0.09 s */} --- [pid 5819] getdents64(3, [pid 5822] restart_syscall(<... resuming interrupted clone ...> [pid 5821] <... openat resumed>) = 4 [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5818] <... openat resumed>) = 3 [pid 5821] newfstatat(4, "", [pid 5820] openat(AT_FDCWD, "./121/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5819] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] newfstatat(3, "", [pid 5821] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] <... openat resumed>) = 4 [pid 5821] getdents64(4, [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] getdents64(3, [pid 5820] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5819] <... umount2 resumed>) = 0 [pid 5818] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] getdents64(4, 0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] getdents64(4, [pid 5821] close(4) = 0 [pid 5821] rmdir("./125/file2" [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5821] <... rmdir resumed>) = 0 [pid 5820] getdents64(4, [pid 5819] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] <... restart_syscall resumed>) = 0 [pid 5820] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] close(4 [pid 5821] umount2("./125/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] umount2("./124", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 5821] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] <... close resumed>) = 0 [pid 5819] newfstatat(AT_FDCWD, "./124/file2", [pid 5822] openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 150.804250][ T7179] exFAT-fs (loop2): Filesystem has been set read-only [ 150.818506][ T7183] exFAT-fs (loop0): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.827575][ T7183] exFAT-fs (loop0): Filesystem has been set read-only [ 150.834863][ T7181] exFAT-fs (loop4): error, in sector 160, dentry 7 should be unused, but 0xc0 [ 150.847546][ T7181] exFAT-fs (loop4): Filesystem has been set read-only [pid 5822] newfstatat(3, "", [pid 5821] newfstatat(AT_FDCWD, "./125/binderfs", [pid 5820] rmdir("./121/file2" [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] <... umount2 resumed>) = 0 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5822] getdents64(3, [pid 5821] unlink("./125/binderfs" [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5822] <... getdents64 resumed>0x55555eee0730 /* 4 entries */, 32768) = 112 [pid 5821] <... unlink resumed>) = 0 [pid 5819] openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5818] newfstatat(AT_FDCWD, "./120/file2", [pid 5822] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5822] <... umount2 resumed>) = 0 [pid 5821] getdents64(3, [pid 5820] umount2("./121/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5819] <... openat resumed>) = 4 [pid 5818] umount2("./120/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5821] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5822] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] newfstatat(4, "", [pid 5818] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5821] close(3) = 0 [pid 5821] rmdir("./125") = 0 [pid 5821] mkdir("./126", 0777 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5820] newfstatat(AT_FDCWD, "./121/binderfs", [pid 5819] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5818] openat(AT_FDCWD, "./120/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5822] newfstatat(AT_FDCWD, "./124/file2", [pid 5821] <... mkdir resumed>) = 0 [pid 5820] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5819] getdents64(4, [pid 5818] <... openat resumed>) = 4 [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 5818] newfstatat(4, "", [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5818] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5820] unlink("./121/binderfs" [pid 5822] umount2("./124/file2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5820] <... unlink resumed>) = 0 [pid 5822] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5819] getdents64(4, [pid 5818] getdents64(4, [pid 5822] openat(AT_FDCWD, "./124/file2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 5821] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 5820] getdents64(3, [pid 5819] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [pid 5822] <... openat resumed>) = 4 [pid 5821] <... openat resumed>) = 3 [pid 5819] close(4 [pid 5822] newfstatat(4, "", [pid 5821] ioctl(3, LOOP_CLR_FD [pid 5820] <... getdents64 resumed>0x55555eee0730 /* 0 entries */, 32768) = 0 [pid 5819] <... close resumed>) = 0 [pid 5818] getdents64(4, [pid 5822] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 5821] <... ioctl resumed>) = 0 [pid 5820] close(3 [pid 5819] rmdir("./124/file2" [pid 5818] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5822] getdents64(4, [pid 5821] close(3 [pid 5820] <... close resumed>) = 0 [pid 5819] <... rmdir resumed>) = 0 [pid 5818] close(4 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 2 entries */, 32768) = 48 [ 150.910072][ T52] ------------[ cut here ]------------ [ 150.915775][ T52] WARNING: CPU: 1 PID: 52 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 [ 150.924579][ T52] Modules linked in: [ 150.928604][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/1:1 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) [ 150.940582][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 150.950712][ T52] Workqueue: events destroy_super_work [pid 5821] <... close resumed>) = 0 [pid 5822] getdents64(4, [pid 5820] rmdir("./121" [pid 5819] umount2("./124/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 5818] <... close resumed>) = 0 [pid 5822] <... getdents64 resumed>0x55555eee8770 /* 0 entries */, 32768) = 0 [pid 5820] <... rmdir resumed>) = 0 [pid 5819] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 5818] rmdir("./120/file2" [pid 5822] close(4 [pid 5819] newfstatat(AT_FDCWD, "./124/binderfs", [pid 5818] <... rmdir resumed>) = 0 [ 150.956272][ T52] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 150.961658][ T52] Code: 18 e8 27 c3 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 83 3b 00 75 1f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 8a 90 0f 0b 90 eb db 89 d9 [ 150.981427][ T52] RSP: 0018:ffffc90000bd7a88 EFLAGS: 00010246 [ 150.987544][ T52] RAX: 0000000000000002 RBX: ffff88807b8ea350 RCX: 094197644fb87e00 [ 150.995621][ T52] RDX: 0000000000000000 RSI: ffffffff8bc0fa40 RDI: ffff88807b8ea350 [ 151.003707][ T52] RBP: 0000000000000195 R08: ffffffff8dddecaf R09: 1ffffffff1bbbd95 [ 151.011804][ T52] R10: dffffc0000000000 R11: fffffbfff1bbbd96 R12: dffffc0000000000 [ 151.019936][ T52] R13: 1ffff1100f71d46a R14: ffff88807b8ea350 R15: dffffc0000000000 [ 151.027950][ T52] FS: 0000000000000000(0000) GS:ffff888126200000(0000) knlGS:0000000000000000 [ 151.036969][ T52] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 151.043639][ T52] CR2: 00007ffc7f67e9ec CR3: 000000007930e000 CR4: 00000000003526f0 [ 151.051692][ T52] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 151.059820][ T52] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 151.067843][ T52] Call Trace: [ 151.071187][ T52] [ 151.074176][ T52] percpu_free_rwsem+0x40/0x80 [ 151.078993][ T52] destroy_super_work+0xee/0x130 [ 151.084019][ T52] ? process_scheduled_works+0x9ec/0x17a0 [ 151.089828][ T52] process_scheduled_works+0xadb/0x17a0 [ 151.095469][ T52] ? __pfx_process_scheduled_works+0x10/0x10 [ 151.101639][ T52] worker_thread+0x8a0/0xda0 [ 151.106296][ T52] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 151.112734][ T52] ? __kthread_parkme+0x7b/0x200 [ 151.117723][ T52] kthread+0x70e/0x8a0 [ 151.121878][ T52] ? __pfx_worker_thread+0x10/0x10 [ 151.127049][ T52] ? __pfx_kthread+0x10/0x10 [ 151.131740][ T52] ? __pfx_kthread+0x10/0x10 [ 151.136372][ T52] ? _raw_spin_unlock_irq+0x23/0x50 [ 151.141656][ T52] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.146902][ T52] ? __pfx_kthread+0x10/0x10 [ 151.151570][ T52] ret_from_fork+0x4b/0x80 [ 151.156031][ T52] ? __pfx_kthread+0x10/0x10 [ 151.160704][ T52] ret_from_fork_asm+0x1a/0x30 [ 151.165549][ T52] [ 151.168613][ T52] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 151.175921][ T52] CPU: 1 UID: 0 PID: 52 Comm: kworker/1:1 Not tainted 6.15.0-rc4-syzkaller-00051-g7a13c14ee59d #0 PREEMPT(full) [ 151.187855][ T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 151.197941][ T52] Workqueue: events destroy_super_work [ 151.203448][ T52] Call Trace: [ 151.206737][ T52] [ 151.209675][ T52] dump_stack_lvl+0x99/0x250 [ 151.214283][ T52] ? __asan_memcpy+0x40/0x70 [ 151.218881][ T52] ? __pfx_dump_stack_lvl+0x10/0x10 [ 151.224092][ T52] ? __pfx__printk+0x10/0x10 [ 151.228707][ T52] panic+0x2db/0x790 [ 151.232615][ T52] ? __pfx_panic+0x10/0x10 [ 151.237037][ T52] ? show_trace_log_lvl+0x4fb/0x550 [ 151.242265][ T52] ? ret_from_fork_asm+0x1a/0x30 [ 151.247220][ T52] __warn+0x31b/0x4b0 [ 151.251214][ T52] ? rcu_sync_dtor+0xcd/0x180 [ 151.255908][ T52] ? rcu_sync_dtor+0xcd/0x180 [ 151.260591][ T52] report_bug+0x2be/0x4f0 [ 151.264925][ T52] ? rcu_sync_dtor+0xcd/0x180 [ 151.269611][ T52] ? rcu_sync_dtor+0xcd/0x180 [ 151.274293][ T52] ? rcu_sync_dtor+0xcf/0x180 [ 151.278973][ T52] handle_bug+0x84/0x160 [ 151.283229][ T52] exc_invalid_op+0x1a/0x50 [ 151.287742][ T52] asm_exc_invalid_op+0x1a/0x20 [ 151.292602][ T52] RIP: 0010:rcu_sync_dtor+0xcd/0x180 [ 151.297895][ T52] Code: 18 e8 27 c3 00 00 43 0f b6 44 25 00 84 c0 0f 85 82 00 00 00 83 3b 00 75 1f 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 90 <0f> 0b 90 e9 66 ff ff ff 90 0f 0b 90 eb 8a 90 0f 0b 90 eb db 89 d9 [ 151.317509][ T52] RSP: 0018:ffffc90000bd7a88 EFLAGS: 00010246 [ 151.323672][ T52] RAX: 0000000000000002 RBX: ffff88807b8ea350 RCX: 094197644fb87e00 [ 151.331646][ T52] RDX: 0000000000000000 RSI: ffffffff8bc0fa40 RDI: ffff88807b8ea350 [ 151.339622][ T52] RBP: 0000000000000195 R08: ffffffff8dddecaf R09: 1ffffffff1bbbd95 [ 151.347596][ T52] R10: dffffc0000000000 R11: fffffbfff1bbbd96 R12: dffffc0000000000 [ 151.355572][ T52] R13: 1ffff1100f71d46a R14: ffff88807b8ea350 R15: dffffc0000000000 [ 151.363580][ T52] ? destroy_super_work+0xe2/0x130 [ 151.368725][ T52] percpu_free_rwsem+0x40/0x80 [ 151.373597][ T52] destroy_super_work+0xee/0x130 [ 151.378549][ T52] ? process_scheduled_works+0x9ec/0x17a0 [ 151.384283][ T52] process_scheduled_works+0xadb/0x17a0 [ 151.389864][ T52] ? __pfx_process_scheduled_works+0x10/0x10 [ 151.395880][ T52] worker_thread+0x8a0/0xda0 [ 151.400489][ T52] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 151.406840][ T52] ? __kthread_parkme+0x7b/0x200 [ 151.411788][ T52] kthread+0x70e/0x8a0 [ 151.415894][ T52] ? __pfx_worker_thread+0x10/0x10 [ 151.421055][ T52] ? __pfx_kthread+0x10/0x10 [ 151.425701][ T52] ? __pfx_kthread+0x10/0x10 [ 151.430334][ T52] ? _raw_spin_unlock_irq+0x23/0x50 [ 151.435650][ T52] ? lockdep_hardirqs_on+0x9c/0x150 [ 151.440871][ T52] ? __pfx_kthread+0x10/0x10 [ 151.445470][ T52] ret_from_fork+0x4b/0x80 [ 151.449892][ T52] ? __pfx_kthread+0x10/0x10 [ 151.454487][ T52] ret_from_fork_asm+0x1a/0x30 [ 151.459282][ T52] [ 151.462669][ T52] Kernel Offset: disabled [ 151.466998][ T52] Rebooting in 86400 seconds..